LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-07-2013, 05:51 PM   #1
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,001

Rep: Reputation: 67
problem with ssh key - separate users with same uid, group?


I'm working with a guy who has given me an account on his Red Hat server. I.e., I can login via SSH. The weird bit is that my account shares a uid and gid with his account. Is this normal or a really bad idea?

The problem I'm having is that I want to put my public key in ~/.ssh/authorized_keys on the server so that I can login via key pair. I have tried putting it in a variety of places but ssh never attempts to use the key pair for authentication.

I had some confusion at first because my user (sneakyimp) and his user (hisuser) apparently each have their own home directory (/home/sneakyimp and /home/hisuser). I've tried putting my public key in both these places but it doesn't work:
/home/hisuser/.ssh/authorized_keys
/home/sneakyimp/.ssh/authorized_keys

I also tried logging in and putting the key in ~/.ssh/authorized_keys and that doesn't work either.

when I login using ssh sneakyimp@example.com, the prompt and whoami tell me that I am logged in as hisuser.

I've tried to look at the contents of /etc/ssh/sshd_config but I don't have read permission on the file.

Can anyone help me figure out where to put my public key?
 
Old 01-07-2013, 11:41 PM   #2
RaviTezu
Member
 
Registered: Nov 2012
Location: India
Distribution: Fedora, CentOs, RHEL
Posts: 164

Rep: Reputation: 24
Can you please paste the outputs of the following commands?
1. id sneakyimp
2. id hisuser

You may try this also:
1. Change directory(cd) to /home/sneakyimp/.ssh
2. you'll find a file name similar to id_rsa.pub
==> If you dont find a file use ssh-keygen command to generate the keys(you may use a passphrase if you want).
3. Now ssh-copy-id -i id_rsa.pub remote-host-name
==> you can use the remote host name if you have DNS working or you may specify the ip address of the remote-host.
==> "ssh-copy-id -i id_rsa.pub remote-host-name" assumes you are having same username in your system and in your remote system ==> If not you should mention your username(username in remote system) at the beginning of the "remote-host-name" as... ssh-copy-id -i id_rsa.pub xxxxxxx@remote-host-name
here xxxxxxx= username in remote system.
4. You'll be prompted to enter the password assigned to the remote username(xxxxxxx).
5. When you enter a correct password your public key will be copied to the /home/xxxxx/.ssh/authorized_keys.
6. From now, you can login to the remote host without a password.

****Note: Mark this post as helpful,if it helps you.
 
Old 01-08-2013, 12:35 AM   #3
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,001

Original Poster
Rep: Reputation: 67
Here is the output of the commands:
Code:
[hisuser@hostname ~]$ id sneakyimp
uid=504(hisuser) gid=504(hisuser) groups=504(hisuser)
[hisuser@hostname ~]$ id hisuser
uid=504(hisuser) gid=504(hisuser) groups=504(hisuser),10(wheel),48(apache)

the .ssh stuff just plain does not work -- there are no .ssh directories in either home directory. As I mentioned in my original post, I have tried putting my public key in a variety of locations. I have done this many times on other hosts and it works just fine.
 
Old 01-08-2013, 12:51 AM   #4
RaviTezu
Member
 
Registered: Nov 2012
Location: India
Distribution: Fedora, CentOs, RHEL
Posts: 164

Rep: Reputation: 24
Quote:
-- there are no .ssh directories in either home directory.
Does it mean..you're not having .ssh directory???

If so...

You can create the .ssh directory & authorized_keys file in it manually.

Can you try this?

Last edited by RaviTezu; 01-08-2013 at 01:03 AM.
 
Old 01-08-2013, 01:04 AM   #5
RaviTezu
Member
 
Registered: Nov 2012
Location: India
Distribution: Fedora, CentOs, RHEL
Posts: 164

Rep: Reputation: 24
Did you execute the ssh-keygen command?
 
Old 01-08-2013, 01:43 AM   #6
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,001

Original Poster
Rep: Reputation: 67
Quote:
Originally Posted by RaviTezu View Post
Does it mean..you're not having .ssh directory???

If so...

You can create the .ssh directory & authorized_keys file in it manually.

Can you try this?
I appreciate your help, but did you actually read my original post? I did in fact create an .ssh directory and I put my public key in there. I am no stranger to this operation. I don't need to generate another keypair because I already have one.
 
Old 01-08-2013, 02:13 AM   #7
RaviTezu
Member
 
Registered: Nov 2012
Location: India
Distribution: Fedora, CentOs, RHEL
Posts: 164

Rep: Reputation: 24
I'm sorry..if my posts made you angry.

Can you please post the output when you execute:

Quote:
ssh-copy-id remote-hostname
Do you get any permission denied messages?
 
Old 01-08-2013, 02:47 AM   #8
sneakyimp
Senior Member
 
Registered: Dec 2004
Posts: 1,001

Original Poster
Rep: Reputation: 67
this is the output:
Code:
sneakyimp@my-workstation:~/$ ssh-copy-id sneakyimp@dev.example.com
sneakyimp@dev.example.com's password: 
Now try logging into the machine, with "ssh 'sneakyimp@dev.example.com'", and check in:

  ~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
But, when I try to login, it continues to ask me for my password:
Code:
sneakyimp@my-workstation:~/$ ssh sneakyimp@dev.example.com
sneakyimp@dev.example.com's password:
which means that copying this file had no effect. but I had indicated previously that I had attempted to manually place my public key in a variety of locations.

When I us my password to login after running that command, I see that the command has copied not just the public key that I want to copy but others as well to ~/.ssh/authorized_keys (which is the same as /home/sneakyimp/.ssh/authorized_keys).
 
Old 01-08-2013, 03:56 AM   #9
RaviTezu
Member
 
Registered: Nov 2012
Location: India
Distribution: Fedora, CentOs, RHEL
Posts: 164

Rep: Reputation: 24
I created a user with name "remote" on my system & changed the uid & gid to the local user uid & gid.
as you can see it from the below:
Quote:
local:x:1001:1001:local user:/home/local:/bin/bash
remote:x:1001:1001::/home/remote:/bin/bash
Quote:
[root@machine ~]# id remote
uid=1001(local) gid=1001(local) groups=1001(local)
[root@machine ~]# id local
uid=1001(local) gid=1001(local) groups=1001(local),4(adm)
When i executed the ssh-copy-id for the first time..and entered the password, i got:
Quote:
Could not chdir to home directory /home/remote: permission denied.
as the home dir of "remote" user had different uid(uid assigned to "remote" when i created the user using useradd). so i changed it to "local" user uid.., using chown command.

After that..ssh-copy-id worked fine.. & i'm able to login without a password prompt.

I can post you the /etc/ssh/ssh_config file content if you want,though i didn't even touched it.

local system os: Fedora16
remote systemos : Fedora17.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SSH & RSA public key problems, works only for certain users? warwolf Linux - Networking 2 05-27-2011 07:17 AM
SSH access problems: Can only allow users SSH access by adding to root group dhupke Slackware 10 12-21-2008 10:48 AM
restrict ssh users to single user group winkydo Ubuntu 2 02-25-2008 12:07 PM
Only allowing users in a single group to ssh from internet eggi Linux - Security 4 12-19-2005 12:06 PM
how to change uid group id mfrangos79 Linux - General 1 11-07-2005 08:19 PM


All times are GMT -5. The time now is 02:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration