[colug-432] Creating SSH for New User

Steve VanSlyck s.vanslyck at postpro.net
Sun May 10 23:07:07 EDT 2015


This is interesting. It's from
http://www.linuxquestions.org/questions/linux-software-2/passwordless-ssh-setup-not-working-any-ideas-559628/
:

We have had two of us working on getting ssh keys working on a Fedora
Core 13 server. We have done this kind of thing many times before and
truly believe the ssh set up to be a real pain. For one reason or
another you can waste days of time getting it to work.

I have to post this one because the previous poster has almost hit the
nail on the head - and we have spent all this time not seeing it here
because we weren't searching for the right thing. So for all others out
there I think it only right to add a few terms for searching here:

putty keys do not connect cannot ssh connect to linux server Fedora Core
13 cannot ssh linux ssh drops key sshd bugs

OK, the problem is inside the sshd_config file. There is a setting

AuthorizedKeysFile .ssh/authorized_keys

This is a real bad bug because you look at it and you think it is OK.
The problem is that the only way you can find this problem is to see
where it looks. You do this by putting sshd into debug logging (by
changing another setting in sshd_config - LogLevel INFO to LogLevel
DEBUG). When you do that, /var/log/secure shows that sshd is looking for
//.ssh/authorized_keys.

So, the previous poster is correct in saying that changing it to
/root/.ssh/authorized_keys works. But, of course, you then have to use
the same public key for every users (not good). So, the answer is to
amend the sshd_config file to look in all users .ssh folders. I haven't
done this yet, but it should be straight forward (~/ won't cut it. root
sees this as its own home)

So, I have just lost about 20 hours of my life just for that.
Thanks guys.


On Sun, May 10, 2015, at 23:01, Christopher Cavello wrote:
> Is SELinux set to enforcing?


> _________________________________________________
> colug-432 mailing list colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20150510/079299b2/attachment.html 


More information about the colug-432 mailing list