LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-20-2012, 09:42 AM   #1
parkarnoor
Member
 
Registered: Apr 2010
Posts: 54

Rep: Reputation: 1
keybased authentication for non root user.


hi

i have keybased authentication and it works for root user fine.

i issued following commands:

from-machine#ssh-keygen -t rsa

and created passphrase.

i copied id_rsa.pub to remote machine. and appended to authorized_keys file.

it works for root.

but it doesnot work for non root users say. sshuser

i created a user on from-machine. and logon using that user.

su - sshuser

ssh-keygen -t rsa.

i copied the file using

scp -r id_rsa.pub root@192.168.1.3 and appended to authorized_keys.

but i run this command from sshuser.

sshuser$#ssh 192.168.1.3

it gave permission denied.

do i need to have an account on 192.168.1.3 for sshuser.

Regards,
parkar
UAE
 
Old 08-20-2012, 09:57 AM   #2
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
check the permissions on both the remote computer and local computer .ssh directory

Code:
drwx------.  2 ray ray 4096 Aug 17 13:52 ./
drwx------. 62 ray ray 4096 Aug 18 12:44 ../
-rw-------   1 ray ray  730 Aug 17 13:52 authorized_keys
-rw-------   1 ray ray 3243 Jul 13 18:21 id_rsa
-rw-r--r--   1 ray ray  743 Jul 13 18:21 id_rsa.pub
-rw-r--r--   1 ray ray 9563 Jul 13 17:56 known_hosts
if the permissions are to lose, ssh will fail for rsa keys.
 
Old 08-20-2012, 10:00 AM   #3
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
this is typically how i setup rsa keys and then get them over to the other computer:

Code:
Directions for creating the rsa key and making the two
 servers talk to each other without password.

        1st change directory into .ssh and check what files are there.

                [rx30@rx30 ~]$ cd .ssh
                [rx30@rx30 .ssh]$ ls -l
                total 4
                -rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts

        2nd create the rsa key.

                [rx30@rx30 .ssh]$ ssh-keygen -t rsa -b 4096
                Generating public/private rsa key pair.
                Enter file in which to save the key (/usr/rx30/.ssh/id_rsa):
                Enter passphrase (empty for no passphrase):
                Enter same passphrase again:
                Your identification has been saved in /usr/rx30/.ssh/id_rsa.
                Your public key has been saved in /usr/rx30/.ssh/id_rsa.pub.
                The key fingerprint is:
                cb:b0:40:c6:e9:f4:9e:f5:71:fc:c3:00:c0:f7:c6:75 rx30@rx30.localdomain

        3rd check that there are two new files with the following permissions

                [rx30@rx30 .ssh]$ ls -l
                total 12
                -rw------- 1 rx30 group 3243 Jun 22 15:50 id_rsa
                -rw-r--r-- 1 rx30 group  743 Jun 22 15:50 id_rsa.pub
                -rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts
        
        4th change directory back to the users /home/ray

                [rx30@rx30 .ssh]$ cd

        5th copy the key to the remote server

                [rx30@rx30 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub rx30@XXX.XXX.XXX.XXX
                25
                rx30@XXX.XXX.XXX.XXX's password:
                Now try logging into the machine, with "ssh 'rx30@XXX.XXX.XXX.XXX'", and check in:

                .ssh/authorized_keys

                to make sure we haven't added extra keys that you weren't expecting.

        6th, follow directions on the screen.

                [rx30@rx30 ~]$ ssh rx30@XXX.XXX.XXX.XXX
                Last login: Fri Jun 22 14:12:08 2012 from 10.10.4.77
                [rx30@rx30 ~]$ exit
 
Old 08-20-2012, 10:01 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
well of course you would. This has nothing to do with keys. SSH will use the current user name when connecting to a server. so if you are "sshuser" and you don't explicitly give a username then it will try to log in as "sshuser" remotely. It wouldn't make sense at all for it to log in as root, as root is, at an ssh level, just another user account.

check out the ssh-copy-id tool, that makes setting up the keys much simpler.
 
1 members found this post helpful.
Old 08-20-2012, 03:55 PM   #5
parkarnoor
Member
 
Registered: Apr 2010
Posts: 54

Original Poster
Rep: Reputation: 1
hi lleb,

i tried this steps:

ssh-copy-id -i ~/.ssh/id_rsa.pub rx30@XXX.XXX.XXX.XXX
25
rx30@XXX.XXX.XXX.XXX's password:
Now try logging into the machine, with "ssh 'rx30@XXX.XXX.XXX.XXX'", and check in:

.ssh/authorized_keys


i tried this way in my setup:

ssh-copy-id -i ~/.ssh/id_rsa.pub sshuser@192.168.1.3
sshuser@192.168.1.3 password:

which password i will enter. there is no sshuser on 192.168.1.3.

i am getting permission denied message.

and where the location of above .ssh/authorized_keys , is it under root or sshuser.

if sshuser then there is no account for sshuser in remote machine right?

Regards,
parkar
UAE
 
Old 08-20-2012, 04:11 PM   #6
lleb
Senior Member
 
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
um, the rx30 is my user on a computer. you will have to put in your own user name. it should then work for you.

ssh basics:

ssh remote_user@remote_IP

in most cases root is not allowed to ssh for security reasons.

the location is in the users /home/ directory. so for your sshuser it would be /home/sshuser/.ssh/

if there is no users called sshuser on the remote computer you will not be allowed to connect, you must have the correct user/pw as if you were standing in front of that computer.

Last edited by lleb; 08-20-2012 at 04:17 PM.
 
Old 08-20-2012, 04:17 PM   #7
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143Reputation: 2143
I think you need to clarify exactly what user you will be sshing FROM, and what user you will be sshing TO.

In your OP, you created ssh keys for sshuser, copied them to ROOT's authorized_keys on the remote server, then tried to log into the remote server as sshuser (which, as you said, doesn't exist on the remote server...so of course it failed).

As acid_kewpie said, if you don't specify a user when you SSH into a machine, it assumes that you're sshing in as your current user name. If that user doesn't exist on the remote machine, then you must specify what user you want to SSH in as.

Last edited by suicidaleggroll; 08-20-2012 at 04:18 PM.
 
Old 08-21-2012, 02:27 AM   #8
parkarnoor
Member
 
Registered: Apr 2010
Posts: 54

Original Poster
Rep: Reputation: 1
ok,

so i need a useraccount on remote machine in my case sshuser.

so that means i need useraccount on both local and remote machine.

as i created sshuser on localmachine (ssh connecting from) , i created rsa key, copied to remote computer under root (which is not correct). if i tried to copy using sshuser@192.168.1.3 then no user exists on the system and as exptected no permission.

clarify if i need two accounts. or only one account exists.
 
Old 08-21-2012, 03:04 AM   #9
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
we HAVE clarified this. Please try to read our replies properly. and this is all still NOTHING to do with SSH keys even.

The keys need to be associated with the account you are logging in to obviously. Your door keys don't unlock next doors house do they? That would be stupid. same applies here.

Last edited by acid_kewpie; 08-21-2012 at 03:07 AM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Cronjob: Could not authenticate PAM user ... Authentication failure (for root?!?) JZL240I-U Linux - Security 11 03-14-2019 02:05 PM
su: Authentication failure for root user even login wright user passwd jsaravana87 Linux - Server 1 02-09-2012 12:36 PM
SSH Keybased authentication for "root" user on linux. adastane Linux - Networking 2 12-13-2007 04:57 AM
Authentication Problem when logging as a non root user sashi_jk Linux - Software 2 06-28-2007 01:57 AM
Authentication failed Starting X for any User but root aimstr8 Linux - Software 4 02-27-2004 01:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration