<div dir="ltr">Hi Michael-<div><br></div><div>I think I'm running into some issue specific to BOnyx permissions. I have this working on other distros. Key placed in the authorized_keys file is rsa 2048</div><div><br>
</div><div>I am hesitant to change some of the perms on this dir tree as it will affect actual vsite accesses.</div><div><br></div><div>thanks for thoughts!</div><div><br></div><div>Brian.</div><div>-----------------------------------</div>
<div><div>Nov 15 15:33:17 www sshd[13150]: Authentication refused: bad ownership or modes for directory /home/.sites/106/site3/.users/14/theuser</div><div><br></div><div>drwxr-xr-x 14 root root 4096 Nov 15 15:27 home</div>
<div><br></div><div>drwxrwxr-x 6 root root 4096 Feb 6 2010 .sites</div><div><br></div><div>drwxrwxr-x 3 root root 4096 Feb 6 2010 106</div><div><br></div><div>drwxrwsr-x 7 nobody site3 4096 Feb 7 2010 site3</div>
<div><br></div><div>drwxr-sr-x 4 root site3 4096 Nov 7 13:51 .users</div><div><br></div><div>drwxr-sr-x 3 root site3 4096 Nov 15 15:28 14</div><div><br></div><div>drwxrws--x 6 theuser site3 4096 Nov 15 15:30 theuser</div>
<div><br></div><div>drwx------ 2 theuser site3 4096 Nov 15 15:30 .ssh</div><div><br></div><div>-rw------- 1 theuser site3 381 Nov 15 15:30 authorized_keys</div></div><div><br></div></div><div class="gmail_extra"><br><br>
<div class="gmail_quote">On Thu, Nov 7, 2013 at 5:17 PM, Michael Stauber <span dir="ltr"><<a href="mailto:mstauber@blueonyx.it" target="_blank">mstauber@blueonyx.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Brian,<br>
<div class="im"><br>
> I have a need for to add key-based auth for one user.<br>
><br>
> I have edited /etc/ssh/sshd-config and enabled pubkey auth and the path for<br>
> the keyfile.<br>
><br>
> if I create the user via useradd -m their directory gets created in /home<br>
> but adding a key to the keyfile I specified does not allow access.<br>
<br>
</div>That's one way to do it, but it's neither necessary to edit the SSHd<br>
config, nor should you create users manually with the "useradd" command.<br>
<br>
If you manually add users with "useradd", then the users will not show<br>
up in the GUI and they cannot be CMU-migrated either.<br>
<br>
All you need to do for key based SSH authentication is this:<br>
<br>
Create the user in question via the GUI. Enable shell access for the<br>
user. Login by SSH as that user.<br>
<br>
Now create an SSH key for that user by running this command as that user<br>
from SSH:<br>
<br>
ssh-keygen -t rsa<br>
<br>
It'll ask a few questions. Simply press return on any question to accept<br>
the defaults. This will create a 2048 bit private and public SSH key<br>
(without password) for that user in ~username/.ssh/<br>
<br>
Next create the file ~username/.ssh/authorized_keys and into that paste<br>
the SSH public key that this user is using to SSH into the box.<br>
<br>
If he's logging in from another Linux box, then that's his<br>
~username/.ssh/id_rsa.pub on that other Linux box, provided the key was<br>
also generated there with "ssh-keygen -t rsa" and standard parameters.<br>
<br>
That public key will look roughly like this, although the part in the<br>
middle is a lot longer:<br>
<br>
ssh-rsa [Lots-of-weird-text] username@workstation.home<br>
<br>
Save the changes.<br>
<br>
Once that's one this user can login by SSH using key based<br>
authentication. If his SSH session sends the key that's stored in<br>
~username/.ssh/authorized_keys, he will be allowed to log in.<br>
<br>
If no key is sent (or the key doesn't match), he'll be asked for the<br>
account password instead.<br>
<br>
That's all there is to do.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
With best regards<br>
<br>
Michael Stauber<br>
_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@mail.blueonyx.it">Blueonyx@mail.blueonyx.it</a><br>
<a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><br>
</font></span></blockquote></div><br></div>