I spent some time logged into a server (Debian) trying to get Samba access to work better from my Mac.
After logging out and attempting to log back in I was unable to log in using my private key which has been working for years.
Private key login worked for another user from the same client machine, and I was able to modify the sshd.config to allow password login so that I could log back onto the server.
What could I have done to break the keyed login just for my username and why?
I was messing around with creating a Samba password for my username, and I also made my home folder 777 to try to get write access working from Samba. (This was NOT a recursive chmod so the folders below are not 777.)
Your home directory should never be ugo+rwx (777). You should not allow other users to write to your home directory. The ssh daemon checks for file system permissions and will refuse to use the contents of ~/.ssh/ if it or its parent (~/) is writable by other users.
See http://www.openssh.org/faq.html question # 3.14.
Also see 'man sshd_config' and StrictModes (don't turn it off).
Hope this helps.
You can turn on logging in your sshd config if it isn't already. That'll tell you exactly what went wrong. It's often a permission problem on the files in ~/.ssh
The logfile is usually in either /var/log/secure or /var/log/auth.log
There is another possibility that none of the earlier answers have raised: SELinux. If this is active, it will prevent the .ssh folder from being accessed via a Samba share.
It is easy to test: temporarily disable SELinux ("setenforce 0") and see if the .ssh folder can be accessed.
Related
I would like to connect to a Windows server via SSH with private and public key from my local Windows machine.
The problem is that I can not figure out how and am asked to enter the password every time.
Eventually I want to setup remote coding with vs code but as the ssh program faces the same problem as in VS code I think we can leave VS code out of the picture.
Generally the connection to the server is working. So if I type ssh {myuser}#{servername} I am prompted to write my password and afterwards the console is connected to the server.
Now I would like to set it up in a way that I do not need to write my password every time, there for I setup public and private key following this tutorial.
But the system still ask my for a password each time. Does anyone know what the problem might be?
I would guess that the permissions might be an issues. In the link listed above they mentioned that I should set the permissions to 700 for the .ssh folder and 640 for the authorized_keys file. As Windows does not hove the chmod command (or at least it does not seem to change the permissions) this could be the problem.
I have also put the public key in the authorized_keys file of the .ssh folder of the user I am using.
Also as the copying with cat and | did not work I moved the files there manually but otherwise is sticked to the tutorial.
Does anyone know what the issue is?
Furthermore I managed to connect both the server and the client to a bit bucket server using ssh key with out a problem.
I've been working with the server only for 2 days so I am sorry if that is simple question. I looked everywhere, but didn't find an answer.
So I have a Google compute engine account and I have owner privileges. When I run
gcloud compute ssh instance --zone us-central1-a
it works, but it creates a key with username that it takes from my computer account.
So when I am in google shell I can add or remove files using sudo. But when I go to Filezilla I have to use ssh file key and username from that key. And the only folder that accessible with that username is it's own folder. I am not sure what is the problem so I gave all the facts I could.
I'm not entirely sure I'm answering the right question, but I'll take a stab at it. The ssh keys created by/used by gcloud are specific to a particular linux user on your VM. As you note, you can use sudo when ssh'd in to edit files/directories owned by different users---the way this works is that you (roughly speaking) temporarily switch users to root when doing the file edit.
An scp client like Filezilla isn't going to be able to switch users that way. So you'll need a different technique to edit files with Filezilla.
I suggest ssh-ing in to your vm and using chmod or chown to change the ownership of files/directories that you want to use with Filezilla. Alternatively you could you use useradd -G to add you username to a group that can edit the files you care about.
Exactly what you'll do depends on the security policy you want to enforce for your files, but there a lots of decent options. The key test to run---can you get to a state where you can edit the files when logged in with SSH, but not using sudo? If so then you should be able to edit the files with Filezilla.
I am trying to access an ec2 instance using a different (mac) computer. In order to do so, I created a new keypair, used chmod 600 to set the permission, and then used ssh-add. When I try to ssh into my ec2 instance, I get "permission denied (publickey)". I'm sure my error is something idiotic and simple, but I can't seem to find it, can anyone help me out?
You need to ensure the ~/.ssh/id_rsa.pub (if it's an RSA key) from your Mac is appended to the ~/.ssh/authorized_keys file on the target machine. Normally, if this is a default Amazon API, the user is "ec2-user" -- ~ec2-user/.ssh/authorized_keys
REMEMBER TO APPEND and not remove other entries in that file -- else, you risk locking yourself out of that machine ...
is your private key on the new computer?
You need to put that on the computer you ssh in with. I usually keep mine on a flash drive.... I am not running linux atm so i forget the default directory it checks. Maybe this joggs your memory some. I think the directory would be like ~/.id_rsa/ or something?
I'm moving from an old shared host to a dedicated server at MediaTemple. The server is running Plesk CP, but, as far as I can tell, there's no way via the Interface to do what I want to do.
On the old shared host, running cPanel, I creative a .zip archive of all the website's files. I downloaded this to my computer, then uploaded it with FTP to the new host account I'd set up.
Finally, I logged in via SSH, navigated to the directory the zip was stored in (something like var/www/vhosts/mysite.com/httpdocs/ and ran the unzip command on the file sitearchive.zip. This extracted everything just the fine. The site appeared to work just fine.
The problem: When I tried to edit a file through FTP, I got Error - 160: Permission Denied. When I Get Info for the file I'm trying to edit, it says the owner and group is swimwir1.
I attemped to use chown at this point to change owner - and yes, as you may be able to tell, I'm a little inexperienced in SSH ;) luckily the server was new, since the command I ran - chown -R newuser / appeared to mess a load of stuff up. The reason I used / on the end rather than /var/www/vhosts/mysite.com/httpdocs/ was because I'd already cded into their, so I presumed the / was relative to where I was working. This may be the case, I have no idea, either way - Plesk was no longer accessible, although Apache and things continued to work. I realised my mistake, and deciding it wasn't worth the hassle of 1) being an amateur and 2) trying to fix it, I just reprovisioned the server to start afresh.
So - what do I do to change the owner of these files correctly?
Thanks for helping out a confused beginner!
Jack
Your command does indeed specify an absolute path to the root of the filesystem. Any path that begins with a '/' is absolute. You need:
chown -R newuser .
or:
chown -R newuser /var/www/vhosts/mysite.com/httpdocs
I guess I'm being a little hesitant but I deal with vcs's occasionally and always get asked for some sort of prompt, of course I'm attempting to access an external machine which I'm sshing into.
Basically my question is, say I don't have root access on this machine, would it still be possible to set this up? I've skimmed through reading it a couple times and I'm pretty sure I got the method down - you generate pub/private keys, sftp to the machine and throw your public into some authorized_keys directory. How is this managed with multiple users for example? Could the generic file name ( the .pub ) get overwritten, or am I completely misunderstanding the process here and it's setup to allow multiple keys natively?
If I'm not a sudoer and one of the server's directories needs to be chmod'd to say 700 whereas it's 655, I can't really do anything other than ask for su access, right?
If you have ssh access to the remote machine, you can generate the key pair on your local machine, add the public key to the authorized_users file on the remote machine, and then use this for authentication. You don't need root privileges to do this. The keys and authorized_files usually reside under your home directory ( myhome/.ssh/authorized_keys etc) so they don't get confused between users.
Your questions about setting directory permissions is unrelated, but if you own the directory or its parent (or its parent...) you will be able to set any permissions on the file in that directory.
Sounds to me like it might be time to curl up with a general *nix administration book, perhaps? Not light reading, but it can be useful and I always find it most informative to learn the details when I'm actually struggling with them.
I ssh all the time into a machine that allows su or sudo. But, it's set up not to allow ssh via "ssh root#machine". So to answer your question, yes it's possible.
You can only change the directory permissions if you own the directory or if you have root access.