Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I have setup OpenSSH on an Ubuntu 8.04 server. I am using Putty on a Windows box to connect to the server. I have two accounts on the box. Each account has a /home directory. One of the accounts is the main account that was setup when Ubuntu was installed. The other account is a user account that I created from the command line.
I generated an SSH key pair. I copied the public key to the .ssh/authorized_keys file. I set the permissions for the file and the directory.
I can connect to the box just fine using the default "admin" account that was setup as part of the Ubuntu install process.
When I try to connect using the other user account, Putty returns the error "The server rejected our key."
The permissions for .ssh and everything else for the two accounts are configured identically.
After a lot of troubleshooting my best guess is that it is some sort of account permission problem? The "admin" account can sudo, the account that SSH is having problems with can't.
Please help. I've been beating my head against this thing for four or five hours at this point. I've even generated new keys and the issue persists.
The way to troubleshoot problems like this is by reviewing your system logs. I'm not really familiar with Ubuntu systems, but some guesses about the logs you may need to check are /var/log/secure, /var/log/auth (or similar), /var/log/messages.
I haven't used pam_winbind, but I am presuming you have explicitly configured it and are intentionally using it..?
I'm not sure yet if the "AllowUsers" message is a red herring or is related to the problem cause. (Check not only AllowUsers in sshd_config, but also DenyUsers, AllowGroups, and DenyGroups, just for grins. Also make sure that if you're using the form USER@HOST, that HOST is correct.)
So, it seems like the answer is to grant the new user access to whatever facility pam_winbind is checking. Just like itadmin...
I did setup winbind intentionally. The box in question is part of an Active Directory domain and is hosting a Subversion repository. I had to setup winbind and Samba so that the backup software could access the repository.
The new user is setup in Active Directory and winbind should recognize it as a valid account. I think it really has something to do with that setcred function. I have posted a question to the SecureShell mailing list. I'm hoping that one of the developers has some clue.