LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   SSH login problem for additional users after password-less login setup (http://www.linuxquestions.org/questions/linux-newbie-8/ssh-login-problem-for-additional-users-after-password-less-login-setup-788198/)

uncle-c 02-10-2010 06:24 AM

SSH login problem for additional users after password-less login setup
 
Hi folks,
I've set up password-less login for user1 on a Ubuntu machine to login automatically into a Fedora box using the publickey authentication method. Everything is working smoothly. Now, there is a user2 on Fedora but he does not have an account on Ubuntu. I tried to login as user2 from Ubuntu to but got the following error :

Code:

user1@Ubuntu:~$ ssh user2@192.168.xxx.xxx
Permission denied (publickey,gssapi-with-mic).
user1@Ubuntu:~$

Predictably neither scp or sftp work either. I have several questions as a result.

1.Is the SSH server rejecting user2 login because I am inadvertently using user1 keys (as I am logged in as user1) ?

2. Do I need to have a user2 account on Ubuntu and public/private key authentication setup with Fedora for user2 to be able to login ?

3. Is there a method I can use to password login as user2 from Ubuntu to Fedora (even though there is no user2 account on Ubuntu) AND still keep password-less login for user1 or do I have to have password-less login for both ?

At present the only way to access the user2 account from Ubuntu is to SSH using the user1 account and then su to user2.

Thanks
C

eyemole80 02-10-2010 07:15 AM

You should had get the password prompt for user2.
Check sshd_config file in fedora if you have enabled any access controls?

Also try ruuning following command which will reveal more information.

ssh -v user2@192.168.xxx.xxx

uncle-c 02-10-2010 09:42 AM

Here is the output from ssh -v user2@192.168.xxx.xxx

Code:

OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.xxx.xxx [192.168.xxx.xxx] port 22.
debug1: Connection established.
debug1: identity file /home/USER1/.ssh/identity type -1
debug1: identity file /home/USER1/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/USER1/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1
debug1: match: OpenSSH_5.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.x.xxx' is known and matches the RSA host key.
debug1: Found key in /home/USER1/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Next authentication method: publickey
debug1: Offering public key: /home/USER1/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic
debug1: Trying private key: /home/USER1/.ssh/identity
debug1: Trying private key: /home/USER1/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-with-mic).

HTH

uncle-c 02-10-2010 12:51 PM

Thanks eyemole.Managed to sort out the problem, it was an edit I had made to the sshd_config file when I had set up passwordless login for user1. To allow for others users to login using passwords I had to make the following change in the sshd_config file


# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no

to

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes


All times are GMT -5. The time now is 02:22 AM.