1

I am not a sysadmin\network specialist (I am s software developer) and I am finding the following difficulty working on a Linux CentOS 7 remote machine of a customer.

I am using MobaxTerm to connect to this machine. they provided me a .ppk file and a user.

The .ppk file contains something like this:

PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: MY CUSTOMER KeyPair
Public-Lines: 6
.....................................................................
.....................................................................
.....................................................................

Importing this file (into the MobaxTerm "Advanced SSH settings --> Use private key") I can log in into this machine without problem with the user that they gived to me.

Then, after that I logged in with this provided user, I created a bran new root user using the following commands:

sudo adduser my_new_user
sudo passwd my_new_user
sudo usermod -aG wheel my_new_user

after that I have done this operation I can change user by:

su - my_new_user

it works fine and it seems that I have root access.

the problem is that now I can't access via SSH using this my_new_user user. If I try to prompt this username when I perform the log-in I obtain the following error message:

Server refused our key

No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)

I suppose that this error depends by the fact that the imported .ppk file is related to the provided user and not for this brand new user (infact if I disable the .ppk import I obtain the same error also using the original provided user).

reading online it seems to understand that the same key can be used to access multiple users/hosts but needs to be separately authorized for each user. So I tried to do the following operation:

Into my new user directory I manually created the .ssh directory:

[anobili@prod-whazu-nodo1 ~]$ pwd
/home/anobili
[anobili@prod-whazu-nodo1 ~]$ ls -a
.  ..  .bash_history  .bash_logout  .bash_profile  .bashrc  .ssh
[anobili@prod-whazu-nodo1 ~]$

Then I copied the /home/originaluser/.ssh/authorized_keys file (where originaluser is the user that they provedied me) into the brand new .ssh folder of my new user. It now contains this authorized_keys file containing the key:

[anobili@prod-whazu-nodo1 .ssh]$ pwd
/home/anobili/.ssh
[anobili@prod-whazu-nodo1 .ssh]$ ls -a
.  ..  authorized_keys
[anobili@prod-whazu-nodo1 .ssh]$

Now I expected that I can log in in the same way via SSh also with anobili user but I still obtain the previous error message.

What is wrong? What am I missing? How can I try to fix this issue?

AndreaNobili
  • 197
  • 2
  • 5

1 Answers1

1

First and foremost: use ls -lhAZ (-Z on a SELinux enabled System), it shows Linux file ownership, permissions and SELinux label.

Reset permissions on the directory and file:

# DAC - Restore permissions
chmod 0700 ~anobili/.ssh
chmod 0600 ~anobili/.ssh/authorized_keys
# Restore ownership
chown -R anobili ~anobili/.ssh
# MAC - Restore SELinux 
restorecon -R ~anobili/.ssh

This is what it's supposed to look like:

$ ls -lhaZ | grep .ssh
drwx------. 2 user group unconfined_u:object_r:ssh_home_t:s0  4.0K Feb 21 18:52 .ssh
$ ls -lhaZ .ssh
-rw-------. 1 user group unconfined_u:object_r:ssh_home_t:s0 0 Feb 21 18:53 authorized_keys
fuero
  • 9,591
  • 1
  • 35
  • 40