hi,
I have a SSH server on my main machine which i can connect to fine remotely.
The problem i have is that i want my friend to be able to connect via SSH but ONLY to his user area.

I have added his public key to my list of authorized_keys and I have added him as a user to my system so now he has his own user area.

When he tries to log in as himself he always gets 'permission denied (public key)' - however, if he uses my username - he is able to login using his passphrase but ends up in my user area.

What step am i missing?

Cheers

ice.

I sounds like you didn't create his keys as that user. First of all, he shouldn't even know your passphrase so you probably want to use "ssh-keygen -N <newpassphrase>" to change it. You may have given him your own public & private keys as well, so you had might as well regenerate the from scratch.
Either generate a pair of keys for him, or better yet have him generate a pair and give you the public key. The add the public key to his $HOME/.ssh/authorized_keys file. That will enable him to log in. You should also disable root logins in /etc/ssh/sshd and use "allowusers <yourusername> <hisusername>" to lock down ssh. Using keys, I assume you disabled regular logins as well.

What is the default group of regular users. If it is "users" then create a group for each user of the same name (as the user) and make that the default, and use "sudo chgrp <default_group> /home/<user> -R" to change the default group in each person's HOME directory.

He will still be able to read system directories. Some like /bin/, /etc/, /usr/bin/, /usr/lib, etc. are needed. If you are going to run your system as a multi-user system, you should look into quotas. Take a look at /etc/security/limits.conf.

Take a look at this part of /etc/ssh/sshd_conf:
This will enable you to use key based authentication but still use pam for controlling limits.

Good Luck!

Hi,
Thanks for the quick and prompt response!!

He has given me his public key which I then added to my 'authorized_keys' file.
He can login using my username - but he enters his passphrase not mine.

I think what I need to do is to put his public key in his home directory /home/<new_user>/.ssh/authorized_keys

However, there is a line in the sshd_config that points to where the authorized_key file resides - if this is commented out, does SSH look for the authorized_keys file in the users directory and not just use the one in my home directory?

What I am trying to do is setup a shared directory on my machine which he can mount on his machine and share files via ssh - but thats the next step.

Will give it a go tonight.

Thanks

ice.

I think the default .ssh/authorized_keys is fine. You can use the '%h' wild card to represent the users homepage "%h/.ssh/authorized_keys" in that case. Yes, the public key should go into the users own home directory and not yours.

See the man pages for ssh_config and sshd_config. Also, the comments in the sshd_config andd ssh_config files are useful.