ssh public key usage
Added by Ray Burkholder about 1 year ago
I have created a user called 'backup' and assigned a directory. The user is able to login with the user name and password and is able to access the assigned directory.
I tried creating a .ssh/authorized_keys file with appropriate permissions for ssh and put in a public key.
The key doesn't appear to work as expected.
Will a public key work with NexentaStor, and if so, what is the appropriate mechanism for adding the key?
We want to use scp with the ssh private/public key scenario to copy files to and from the server.
Thank you.
Ray.
Replies
RE: ssh public key usage - Added by Linda Kateley about 1 year ago
Can you give an error or something more to go on? not sure how to answer
it would also be useful to know how you created these keys?
what options did you use for ssh-keygen?
RE: ssh public key usage - Added by Linda Kateley about 1 year ago
also what permission did you give to the file?
RE: ssh public key usage - Added by Ray Burkholder about 1 year ago
Thank you for your replies. For comparison sake, I can put the public key into /root/.ssh/authorized_keys, and I am able to login in to the server as root. Using the same key for the 'backup' user doesn't appear to work. Instead of accepting the key, which appears to be ignored, I get a prompt asking for the password (the publickey mechanism is not used, instead keyboard-interactive is used for authentication). Here are the various configuration items:
In /etc/passwd:
backup:x:1002:10:Infrastructure Backups:/volumes/nas01/backup:/bin/sh
/volumes/nas01/backup/.ssh attributes:
drwx------ 2 backup staff 4 Apr 30 15:40 .ssh
In .ssh:
-rw------- 1 backup staff 222 Apr 30 15:40 authorized_keys
As mentioned previously, I can put the public key into /root/.ssh/authorized_keys and can login as root via the private key. The key is a 1024 bit RSA key.
Is using a public/private key for anything else other than root an allowed ability?
I am not familiar with restarting services in nexentastor. If i change to 'LogLevel debug' in /etc/ssh/sshd_config, how do I restart the sshd service? And where will the logging output reside?
RE: ssh public key usage - Added by Linda Kateley about 1 year ago
to restart the service you need to
svcadm restart ssh
RE: ssh public key usage - Added by Linda Kateley about 1 year ago
so you can also...
spawn an sshd in debug mode: /directory/path/sshd -p 5555 -ddd -e
From the client side - ssh -vvv
You might need to paste the output from your sshd debug AND his ssh client session. Advice is to park it into a file, else it'll be very long
RE: ssh public key usage - Added by Ray Burkholder about 1 year ago
Linda,
Your alternate port form for debugging sshd worked. The error log pointed to a directory permissions thing. It didn't like the following, which is a default style created through the Ver. 3.1.1-6829 web portal:
drwxrwxr-x 14 backup staff 21 Apr 30 16:01 backup
I changed the permissions to:
drwxr-x--- 14 backup staff 21 Apr 30 16:01 backup
In summary, sshd checked permissions on the home directory, the .ssh subdirectory, and on the authorized_keys file.
Connection is now being established via public/private key.
Thank you for your assistance.