[BlueOnyx:14034] Re: key-based auth for ssh user?

Brian M toomanyhandles at gmail.com
Fri Nov 15 16:32:32 -05 2013 

Hi Michael-

I think I'm running into some issue specific to BOnyx permissions.  I have
this working on other distros.   Key placed in the authorized_keys file is
rsa 2048

I am hesitant to change some of the perms on this dir tree as it will
affect actual vsite accesses.

thanks for thoughts!

Brian.
-----------------------------------
Nov 15 15:33:17 www sshd[13150]: Authentication refused: bad ownership or
modes for directory /home/.sites/106/site3/.users/14/theuser

drwxr-xr-x  14 root root  4096 Nov 15 15:27 home

drwxrwxr-x  6 root  root    4096 Feb  6  2010 .sites

drwxrwxr-x  3 root  root  4096 Feb  6  2010 106

drwxrwsr-x 7 nobody site3 4096 Feb  7  2010 site3

drwxr-sr-x 4 root       site3  4096 Nov  7 13:51 .users

drwxr-sr-x 3 root   site3 4096 Nov 15 15:28 14

drwxrws--x 6 theuser site3 4096 Nov 15 15:30 theuser

drwx------ 2 theuser site3 4096 Nov 15 15:30 .ssh

-rw------- 1 theuser site3  381 Nov 15 15:30 authorized_keys



On Thu, Nov 7, 2013 at 5:17 PM, Michael Stauber <mstauber at blueonyx.it>wrote:

> Hi Brian,
>
> > I have a need for to add key-based auth for one user.
> >
> > I have edited /etc/ssh/sshd-config and enabled pubkey auth and the path
> for
> > the keyfile.
> >
> > if I create the user via useradd -m their directory gets created in /home
> > but adding a key to the keyfile I specified does not allow access.
>
> That's one way to do it, but it's neither necessary to edit the SSHd
> config, nor should you create users manually with the "useradd" command.
>
> If you manually add users with "useradd", then the users will not show
> up in the GUI and they cannot be CMU-migrated either.
>
> All you need to do for key based SSH authentication is this:
>
> Create the user in question via the GUI. Enable shell access for the
> user. Login by SSH as that user.
>
> Now create an SSH key for that user by running this command as that user
> from SSH:
>
> ssh-keygen -t rsa
>
> It'll ask a few questions. Simply press return on any question to accept
> the defaults. This will create a 2048 bit private and public SSH key
> (without password) for that user in ~username/.ssh/
>
> Next create the file ~username/.ssh/authorized_keys and into that paste
> the SSH public key that this user is using to SSH into the box.
>
> If he's logging in from another Linux box, then that's his
> ~username/.ssh/id_rsa.pub on that other Linux box, provided the key was
> also generated there with "ssh-keygen -t rsa" and standard parameters.
>
> That public key will look roughly like this, although the part in the
> middle is a lot longer:
>
> ssh-rsa [Lots-of-weird-text] username at workstation.home
>
> Save the changes.
>
> Once that's one this user can login by SSH using key based
> authentication. If his SSH session sends the key that's stored in
> ~username/.ssh/authorized_keys, he will be allowed to log in.
>
> If no key is sent (or the key doesn't match), he'll be asked for the
> account password instead.
>
> That's all there is to do.
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20131115/b6e6845e/attachment.html>

More information about the Blueonyx mailing list