LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-10-2008, 08:32 AM   #1
icedfusion
Member
 
Registered: Jun 2004
Posts: 31

Rep: Reputation: 15
adding a user to ssh


hi,
I have a SSH server on my main machine which i can connect to fine remotely.
The problem i have is that i want my friend to be able to connect via SSH but ONLY to his user area.

I have added his public key to my list of authorized_keys and I have added him as a user to my system so now he has his own user area.

When he tries to log in as himself he always gets 'permission denied (public key)' - however, if he uses my username - he is able to login using his passphrase but ends up in my user area.

What step am i missing?

Cheers

ice.
 
Old 04-10-2008, 08:49 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
I sounds like you didn't create his keys as that user. First of all, he shouldn't even know your passphrase so you probably want to use "ssh-keygen -N <newpassphrase>" to change it. You may have given him your own public & private keys as well, so you had might as well regenerate the from scratch.
Either generate a pair of keys for him, or better yet have him generate a pair and give you the public key. The add the public key to his $HOME/.ssh/authorized_keys file. That will enable him to log in. You should also disable root logins in /etc/ssh/sshd and use "allowusers <yourusername> <hisusername>" to lock down ssh. Using keys, I assume you disabled regular logins as well.

What is the default group of regular users. If it is "users" then create a group for each user of the same name (as the user) and make that the default, and use "sudo chgrp <default_group> /home/<user> -R" to change the default group in each person's HOME directory.

He will still be able to read system directories. Some like /bin/, /etc/, /usr/bin/, /usr/lib, etc. are needed. If you are going to run your system as a multi-user system, you should look into quotas. Take a look at /etc/security/limits.conf.

Take a look at this part of /etc/ssh/sshd_conf:
Quote:
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
This will enable you to use key based authentication but still use pam for controlling limits.

Good Luck!
 
Old 04-10-2008, 12:17 PM   #3
icedfusion
Member
 
Registered: Jun 2004
Posts: 31

Original Poster
Rep: Reputation: 15
Hi,
Thanks for the quick and prompt response!!

He has given me his public key which I then added to my 'authorized_keys' file.
He can login using my username - but he enters his passphrase not mine.

I think what I need to do is to put his public key in his home directory /home/<new_user>/.ssh/authorized_keys

However, there is a line in the sshd_config that points to where the authorized_key file resides - if this is commented out, does SSH look for the authorized_keys file in the users directory and not just use the one in my home directory?

What I am trying to do is setup a shared directory on my machine which he can mount on his machine and share files via ssh - but thats the next step.

Will give it a go tonight.

Thanks

ice.
 
Old 04-10-2008, 09:43 PM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
I think the default .ssh/authorized_keys is fine. You can use the '%h' wild card to represent the users homepage "%h/.ssh/authorized_keys" in that case. Yes, the public key should go into the users own home directory and not yours.

See the man pages for ssh_config and sshd_config. Also, the comments in the sshd_config andd ssh_config files are useful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
User Creationg : ssh/sftp user jail to $HOME only routers Solaris / OpenSolaris 2 10-30-2007 12:28 AM
adding IP alias to eth0 via SSH? natv Linux - Networking 4 02-21-2007 05:02 PM
SSH adding user Mojosue Linux - Software 8 02-10-2005 07:41 AM
Adding SSH username/password Temujin_12 *BSD 1 12-31-2004 11:36 PM
Adding a Drive with Fedora Core 3 SSH Tha relliK Linux - Hardware 0 12-22-2004 09:53 PM


All times are GMT -5. The time now is 11:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration