Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-20-2012, 09:42 AM
|
#1
|
Member
Registered: Apr 2010
Posts: 54
Rep:
|
keybased authentication for non root user.
hi
i have keybased authentication and it works for root user fine.
i issued following commands:
from-machine#ssh-keygen -t rsa
and created passphrase.
i copied id_rsa.pub to remote machine. and appended to authorized_keys file.
it works for root.
but it doesnot work for non root users say. sshuser
i created a user on from-machine. and logon using that user.
su - sshuser
ssh-keygen -t rsa.
i copied the file using
scp -r id_rsa.pub root@192.168.1.3 and appended to authorized_keys.
but i run this command from sshuser.
sshuser$#ssh 192.168.1.3
it gave permission denied.
do i need to have an account on 192.168.1.3 for sshuser.
Regards,
parkar
UAE
|
|
|
08-20-2012, 09:57 AM
|
#2
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983
|
check the permissions on both the remote computer and local computer .ssh directory
Code:
drwx------. 2 ray ray 4096 Aug 17 13:52 ./
drwx------. 62 ray ray 4096 Aug 18 12:44 ../
-rw------- 1 ray ray 730 Aug 17 13:52 authorized_keys
-rw------- 1 ray ray 3243 Jul 13 18:21 id_rsa
-rw-r--r-- 1 ray ray 743 Jul 13 18:21 id_rsa.pub
-rw-r--r-- 1 ray ray 9563 Jul 13 17:56 known_hosts
if the permissions are to lose, ssh will fail for rsa keys.
|
|
|
08-20-2012, 10:00 AM
|
#3
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983
|
this is typically how i setup rsa keys and then get them over to the other computer:
Code:
Directions for creating the rsa key and making the two
servers talk to each other without password.
1st change directory into .ssh and check what files are there.
[rx30@rx30 ~]$ cd .ssh
[rx30@rx30 .ssh]$ ls -l
total 4
-rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts
2nd create the rsa key.
[rx30@rx30 .ssh]$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/usr/rx30/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /usr/rx30/.ssh/id_rsa.
Your public key has been saved in /usr/rx30/.ssh/id_rsa.pub.
The key fingerprint is:
cb:b0:40:c6:e9:f4:9e:f5:71:fc:c3:00:c0:f7:c6:75 rx30@rx30.localdomain
3rd check that there are two new files with the following permissions
[rx30@rx30 .ssh]$ ls -l
total 12
-rw------- 1 rx30 group 3243 Jun 22 15:50 id_rsa
-rw-r--r-- 1 rx30 group 743 Jun 22 15:50 id_rsa.pub
-rw-r--r-- 1 rx30 group 2980 Jun 13 12:02 known_hosts
4th change directory back to the users /home/ray
[rx30@rx30 .ssh]$ cd
5th copy the key to the remote server
[rx30@rx30 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub rx30@XXX.XXX.XXX.XXX
25
rx30@XXX.XXX.XXX.XXX's password:
Now try logging into the machine, with "ssh 'rx30@XXX.XXX.XXX.XXX'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
6th, follow directions on the screen.
[rx30@rx30 ~]$ ssh rx30@XXX.XXX.XXX.XXX
Last login: Fri Jun 22 14:12:08 2012 from 10.10.4.77
[rx30@rx30 ~]$ exit
|
|
|
08-20-2012, 10:01 AM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
well of course you would. This has nothing to do with keys. SSH will use the current user name when connecting to a server. so if you are "sshuser" and you don't explicitly give a username then it will try to log in as "sshuser" remotely. It wouldn't make sense at all for it to log in as root, as root is, at an ssh level, just another user account.
check out the ssh-copy-id tool, that makes setting up the keys much simpler.
|
|
1 members found this post helpful.
|
08-20-2012, 03:55 PM
|
#5
|
Member
Registered: Apr 2010
Posts: 54
Original Poster
Rep:
|
hi lleb,
i tried this steps:
ssh-copy-id -i ~/.ssh/id_rsa.pub rx30@XXX.XXX.XXX.XXX
25
rx30@XXX.XXX.XXX.XXX's password:
Now try logging into the machine, with "ssh 'rx30@XXX.XXX.XXX.XXX'", and check in:
.ssh/authorized_keys
i tried this way in my setup:
ssh-copy-id -i ~/.ssh/id_rsa.pub sshuser@192.168.1.3
sshuser@192.168.1.3 password:
which password i will enter. there is no sshuser on 192.168.1.3.
i am getting permission denied message.
and where the location of above .ssh/authorized_keys , is it under root or sshuser.
if sshuser then there is no account for sshuser in remote machine right?
Regards,
parkar
UAE
|
|
|
08-20-2012, 04:11 PM
|
#6
|
Senior Member
Registered: Dec 2005
Location: Florida
Distribution: CentOS/Fedora/Pop!_OS
Posts: 2,983
|
um, the rx30 is my user on a computer. you will have to put in your own user name. it should then work for you.
ssh basics:
ssh remote_user@remote_IP
in most cases root is not allowed to ssh for security reasons.
the location is in the users /home/ directory. so for your sshuser it would be /home/sshuser/.ssh/
if there is no users called sshuser on the remote computer you will not be allowed to connect, you must have the correct user/pw as if you were standing in front of that computer.
Last edited by lleb; 08-20-2012 at 04:17 PM.
|
|
|
08-20-2012, 04:17 PM
|
#7
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
I think you need to clarify exactly what user you will be sshing FROM, and what user you will be sshing TO.
In your OP, you created ssh keys for sshuser, copied them to ROOT's authorized_keys on the remote server, then tried to log into the remote server as sshuser (which, as you said, doesn't exist on the remote server...so of course it failed).
As acid_kewpie said, if you don't specify a user when you SSH into a machine, it assumes that you're sshing in as your current user name. If that user doesn't exist on the remote machine, then you must specify what user you want to SSH in as.
Last edited by suicidaleggroll; 08-20-2012 at 04:18 PM.
|
|
|
08-21-2012, 02:27 AM
|
#8
|
Member
Registered: Apr 2010
Posts: 54
Original Poster
Rep:
|
ok,
so i need a useraccount on remote machine in my case sshuser.
so that means i need useraccount on both local and remote machine.
as i created sshuser on localmachine (ssh connecting from) , i created rsa key, copied to remote computer under root (which is not correct). if i tried to copy using sshuser@192.168.1.3 then no user exists on the system and as exptected no permission.
clarify if i need two accounts. or only one account exists.
|
|
|
08-21-2012, 03:04 AM
|
#9
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
we HAVE clarified this. Please try to read our replies properly. and this is all still NOTHING to do with SSH keys even.
The keys need to be associated with the account you are logging in to obviously. Your door keys don't unlock next doors house do they? That would be stupid. same applies here.
Last edited by acid_kewpie; 08-21-2012 at 03:07 AM.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 05:36 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|