adding a user to ssh
hi,
I have a SSH server on my main machine which i can connect to fine remotely. The problem i have is that i want my friend to be able to connect via SSH but ONLY to his user area. I have added his public key to my list of authorized_keys and I have added him as a user to my system so now he has his own user area. When he tries to log in as himself he always gets 'permission denied (public key)' - however, if he uses my username - he is able to login using his passphrase but ends up in my user area. What step am i missing? Cheers ice. |
I sounds like you didn't create his keys as that user. First of all, he shouldn't even know your passphrase so you probably want to use "ssh-keygen -N <newpassphrase>" to change it. You may have given him your own public & private keys as well, so you had might as well regenerate the from scratch.
Either generate a pair of keys for him, or better yet have him generate a pair and give you the public key. The add the public key to his $HOME/.ssh/authorized_keys file. That will enable him to log in. You should also disable root logins in /etc/ssh/sshd and use "allowusers <yourusername> <hisusername>" to lock down ssh. Using keys, I assume you disabled regular logins as well. What is the default group of regular users. If it is "users" then create a group for each user of the same name (as the user) and make that the default, and use "sudo chgrp <default_group> /home/<user> -R" to change the default group in each person's HOME directory. He will still be able to read system directories. Some like /bin/, /etc/, /usr/bin/, /usr/lib, etc. are needed. If you are going to run your system as a multi-user system, you should look into quotas. Take a look at /etc/security/limits.conf. Take a look at this part of /etc/ssh/sshd_conf: Quote:
Good Luck! |
Hi,
Thanks for the quick and prompt response!! He has given me his public key which I then added to my 'authorized_keys' file. He can login using my username - but he enters his passphrase not mine. I think what I need to do is to put his public key in his home directory /home/<new_user>/.ssh/authorized_keys However, there is a line in the sshd_config that points to where the authorized_key file resides - if this is commented out, does SSH look for the authorized_keys file in the users directory and not just use the one in my home directory? What I am trying to do is setup a shared directory on my machine which he can mount on his machine and share files via ssh - but thats the next step. Will give it a go tonight. Thanks ice. |
I think the default .ssh/authorized_keys is fine. You can use the '%h' wild card to represent the users homepage "%h/.ssh/authorized_keys" in that case. Yes, the public key should go into the users own home directory and not yours.
See the man pages for ssh_config and sshd_config. Also, the comments in the sshd_config andd ssh_config files are useful. |
All times are GMT -5. The time now is 11:52 AM. |