LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-08-2014, 09:27 AM   #1
sniper8752
Member
 
Registered: Oct 2012
Posts: 339

Rep: Reputation: Disabled
using keys for ssh connection


I am trying to create public/private keys to connect to my ssh server. I use puttygen/putty, and when I connect, it tells me that the "server refused our key". I ran the following commands:
Code:
# chmod 700 ~/.ssh
# chmod 600 ~/.ssh/authorized_keys
and added this line to the sshd_config file:
Code:
AuthorizedKeysFile %h/.ssh/authorized_keys
But I still get the same error. The key in the authorized_keys file is all on one line.

EDIT: By the way, I followed this tutorial: https://www.digitalocean.com/communi...nnect-to-a-vps

Last edited by sniper8752; 08-08-2014 at 09:29 AM.
 
Old 08-08-2014, 10:32 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,808

Rep: Reputation: 604Reputation: 604Reputation: 604Reputation: 604Reputation: 604Reputation: 604
what's in /var/log/secure or /var/log/auth.log about it? (you also should mention what distro and version you are running)
 
Old 08-08-2014, 05:02 PM   #3
sniper8752
Member
 
Registered: Oct 2012
Posts: 339

Original Poster
Rep: Reputation: Disabled
Raspbian. It's for my Raspberry Pi.
Code:
User ftpuser from computer not allowed because not listed in AllowUsers
input_userauth_request: invalid user ftpuser [preauth]
In sshd_config, I have AllowUsers ftpuser.
 
Old 08-10-2014, 03:26 PM   #4
sniper8752
Member
 
Registered: Oct 2012
Posts: 339

Original Poster
Rep: Reputation: Disabled
Anybody have any ideas?
 
Old 08-10-2014, 05:23 PM   #5
kbnuts
Member
 
Registered: Apr 2014
Posts: 45

Rep: Reputation: Disabled
Well you could take out the allowusers directive and see if the lockdown is causing it and it's a syntax issue.
 
Old 08-10-2014, 08:26 PM   #6
sniper8752
Member
 
Registered: Oct 2012
Posts: 339

Original Poster
Rep: Reputation: Disabled
I still get the error that the server refused the key.
 
Old 08-10-2014, 08:30 PM   #7
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,387

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
ftpuser is in /etc/passwd in the server? (grep ftpuser /etc/passwd)
 
Old 08-10-2014, 08:35 PM   #8
sniper8752
Member
 
Registered: Oct 2012
Posts: 339

Original Poster
Rep: Reputation: Disabled
yes; /var/www:/bin/bash

For sshd_config:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
 
Old 08-10-2014, 08:46 PM   #9
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,387

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
Are you able to connect to the server with putty using a password?
 
Old 08-10-2014, 10:30 PM   #10
sniper8752
Member
 
Registered: Oct 2012
Posts: 339

Original Poster
Rep: Reputation: Disabled
yes
 
Old 08-11-2014, 09:24 AM   #11
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,387

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
You did run these commands as root ?
Code:
# chmod 700 ~/.ssh
# chmod 600 ~/.ssh/authorized_keys
.ssh dir needs to be in /var/www according to output of greping ftpuser in passwd file
and permissions need to be set as ftpuser

Last edited by keefaz; 08-11-2014 at 09:26 AM.
 
Old 08-11-2014, 09:34 AM   #12
sniper8752
Member
 
Registered: Oct 2012
Posts: 339

Original Poster
Rep: Reputation: Disabled
so .ssh should be in /var/www? why is it in the user's home directory?
I did run these, but will run them again. Should the user owner be ftpuser, as well as the group owner?
 
Old 08-11-2014, 11:58 AM   #13
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,387

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
Quote:
Originally Posted by sniper8752 View Post
so .ssh should be in /var/www? why is it in the user's home directory?
Yes /var/www is home user dir for ftpuser according to passwd
.ssh should be in user dir according to sshd_config (%h/.ssh)
Quote:
Originally Posted by sniper8752 View Post
Should the user owner be ftpuser,
Yes
Quote:
Originally Posted by sniper8752 View Post
as well as the group owner?
Yes, see which group ftpuser belongs to in passwd for fptuser line (4th field)
or more simple, as root : "id ftpuser"

Last edited by keefaz; 08-11-2014 at 12:02 PM. Reason: added more details in answer
 
Old 08-11-2014, 03:59 PM   #14
sniper8752
Member
 
Registered: Oct 2012
Posts: 339

Original Poster
Rep: Reputation: Disabled
What if I want to allow other users to login?
 
Old 08-11-2014, 07:23 PM   #15
keefaz
LQ Guru
 
Registered: Mar 2004
Distribution: Slackware
Posts: 5,387

Rep: Reputation: 397Reputation: 397Reputation: 397Reputation: 397
Eventually users can login to ftpuser account if they have their public keys appended to /var/www/.ssh/authorized_keys file, then login as: ssh ftpuser@server

But it has some security concerns for sure.

Anyway if you tell what specifically your plan is from the start, you'll get more productive answers I think
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to set SSH keys on SSH server mansour Linux - Newbie 27 01-16-2011 12:44 PM
SSH host keys are not being read correctly from .ssh/known_hosts. bartonski Linux - Software 3 10-29-2009 05:40 PM
SSH host keys VS SSH keys kenneho Linux - Security 3 09-11-2008 07:03 AM
SSH Connection Closed only when RSA Keys are present Sburk Linux - Software 3 06-07-2007 03:09 PM
Configuring SSH to accept only keys (already have keys) fr0st Linux - Security 3 11-04-2003 04:31 AM


All times are GMT -5. The time now is 12:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration