I have both id_rsa and id_rsa.pub in my ~/.ssh folder.
I followed this tutorial (it's basically the repo's README file) to add myuser with my id_rsa.pub key.
When I test using Test Kitchen, I try to login via ssh with ssh mysuser#192.168.33.33 but it asks for a password.
I logged using kitchen login to check /home/myuser/.ssh and /home/myuser/.ssh/authorized_keys permission, both seems to be OK, drwx---- and rw---- owned by myuser group root (though myuser doesnt belong to root group). And yes, my public key is in the authorized_keys file.
I'm runing SELinux on permissive. Bento/centos-6.7
Why is it asking for a password, am I missing something?
UPDATE:
I just read /var/log/secure and it said bad ownership or modes for directory /home/web.
The owner of /home/web is web_admin user, group web_admin.
The owner of /home/web/.ssh is myuser user, group root.
I'm attempting to SSH as myuser. Is that what's wrong?
Related
I've done a chmod 777 on my home folder, where the .ssh folder is, and now I cannot login.
I've restored permission on all files but still cannot login. Should I change anything in order to be able to login again.
I get this message: Server refused our key
On other servers I can login properly.
Thank you.
ssh rejects key-based logins if permissions allow other people to tamper with your authorized_keys file. You need to check /, /home, /home/yourname, /home/yourname/.ssh and /home/yourname/.ssh/authorized_keys. All of those must not be group or world writeable.
Typically you want the .ssh directory permissions to be 700 (drwx------) and the public key (.pub file) to be 644 (-rw-r--r--). Your private key (id_rsa) should be 600 (-rw-------).
Stolen from: Permissions on private key in .ssh folder?
I have a Centos 6.4 server and I need to assign certificate to user's login so that he doesn't need to enter password during login. The user has already provided the id_rsa.pub -file. I don't have his credentials and I'm working with the root account
The was no .ssh directory under his home folder so I created one, but I don't know how to advance from here..
so, as root you need to create a $HOME/.ssh/authorized_keys with the right owner and permissions. Something like this should work
cd /home/theuser
mkdir .ssh
cp /some/path/id_rsa.pub .ssh/authorized_keys
chown theuser .ssh .ssh/authorized_keys
chmod 700 . .ssh .ssh/authorized_keys
the permission may not have to be so tight but if it's to loose ssh won't allow the key to be used and complain about it in some syslog.
I have built an MF container image and pushed it. I have copied the file in (Mac) ~/.ssh/id_rsa.pub to mfpf-server/usr/ssh before building the image.
I am trying to connect using the command in Mac terminal:
ssh -i ~/.ssh/id_rsa admin#public_ip
It says:
Permission denied (publickey).
Any idea? What is the user I shall use?
your problem is very probably related to the permissions of the pub key copied on the container or to the configuration of your key.
You could check the permissions of key copied on the container, sshd is really strict on permissions for the authorized_keys files: if authorized_keys is writable for anybody other than the user or can be made writable by anybody other than the user, sshd will refuse to authenticate (unless sshd is configured with StrictModes no)
Moreover such a problem won't be showed using ssh -v, it will showed only on daemon logs (on the container)
From man sshd(8):
~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in
as this user. The format of this file is described above. The
content of the file is not highly sensitive, but the recommended
permissions are read/write for the user, and not accessible by
others.
If this file, the ~/.ssh directory, or the user's home directory
are writable by other users, then the file could be modified or
replaced by unauthorized users. In this case, sshd will not
allow it to be used unless the StrictModes option has been set to
“no”.
So I suggest you to check about the files and directories permissions.
Then check that the content of your pub key has been copied correctly on authorized_keys listing
/root/.ssh/authorized_keys
To access the container with the ssh key you need to use the "root" user.
ssh -i ~/.ssh/id_rsa root#<ip address>
For some reason, after a plesk update, I can no longer login to ssh as root using my old password. I have tried to create a user with:
/bin/bash & /bin/bash (chrooted) in plesk
Which lets me login but has no root privileges. How can I either recover my old password or get access to the ssh config to check whether root login is disabled. I installed ssh term in plesk, but that bums out with an error of:
jarsigning exception
Guess it's because there is only the default certificate on the server. I would be grateful if someone could help with this as I have reached a point where I am struggling to find other things to try. Many thanks
Plesk 11.5 CentOS 6 SSH Client
Once you are logged with the non-root user try to type "su" or "su root" and the enter your root password, it will allow you to become root.
Note that su allow you to login as any user, the syntax is "su username".
I created a new ebs backed EC2-instance and the necessary key-pair. Now I am able to connect to the instance as ubuntu user. Once i did that I created another user and added it to the sudoers list but I am unable to connect to the instance as the new user I created.
I get the following error. I am using the same key to connect with the new user i created. Can somebody help me. Am I missing something here?
Permission denied (publickey)"
Okay I think i figured it out.
The first technique is to login by password. The idea is to login as the ubuntu user or root user and go to /etc/ssh/sshd_config file and turn the PasswordAuthentication to yes and run
/etc/init.d/ssh reload
If you try to connect now you ec2 allows you to log with the password of the user that was created. Though this is not really secure.
Second is you create a key-pair and copy the id-rsa.pub file and move it to the /home/new-user/.ssh/authorized_keys file and change permissions to 600 and assign to the appropriate user(new-user in this case).
I found this to be amazingly useful
http://blog.taggesell.de/index.php?/archives/73-Managing-Amazon-EC2-SSH-login-and-protecting-your-instances.html
SSH is very picky about the directory and file permissions. Make sure that:
The directory /home/username/.ssh has permission "700" and is owned by the user (not root!)
The /home/username/ssh/authorized_keys has permission "600" and is owned by the user
Copy your public key into the authorized_keys file.
sudo chown -R username:username /home/username/.ssh
sudo chmod 0700 /home/username/.ssh
sudo chmod 0600 /home/username/.ssh/authorized_keys
You can do all that as a root user. There is no need to allow temporarily in /etc/ssh/ssh_config to passwords.
Sid, I did what you mentioned but I still got the same error
The first technique is to login by password. ...
It took a reboot to get it to work. (Just in case anyone else wants this insecure method to work) The public key method is a major pain to make it work with remote desktop apps