0

so I am looking to set up ssh private/public keys between two servers, for use with sftp (and ultimately lftp using sftp - but one step at a time).

I have created the private and public keys, and found that in order to use them, the private key must be owned and only readable by the user connecting.

The problem is, the user I am connecting as doesn't have a /home/ directory on either server (and only exists on the remote server), so when I try to chown, I get chown: invalid user: {userName} - because it doesn't exist locally.

Can anyone suggest a way around this?

--Edit--

I used getent passwd on both servers, and found that the user only exists on the server I'm sftping to. So when I connect as that user (sftp weirdUser@remoteHost), how can I do this using private/public keys?

simonalexander2005
  • 103
  • 10
  • Here is a guide from Ubuntu [Troubleshooting SSH with encrypted home dir](https://help.ubuntu.com/community/SSH/OpenSSH/Keys#Troubleshooting) – Ate Somebits Feb 12 '17 at 10:39

2 Answers2

1

you need to create the user SSH private/public key is just another method of authentication instead of password authentication.

So you need to create the user that is allowed to use the public private key pair http://www.tecmint.com/add-users-in-linux/

Create the user then you can CHOWN to that user.

Martin Barker
  • 279
  • 1
  • 16
  • but the user exists (as I understand it, I didn't set up the server), it just doesn't have a /home directory and you can't log in as it - it's only intended for use in connecting over (S)FTP to another server. – simonalexander2005 Nov 03 '15 at 11:56
  • BUT (S)FTP is SSH so if you can't login as that user it can't exist. i would speak to them – Martin Barker Nov 03 '15 at 11:58
  • I can use `sftp weirdUser@host`, type the password, and log in fine - but the user doesn't exist as far as I can see (using `getent passwd`), so I can't give it a private key file – simonalexander2005 Nov 03 '15 at 12:01
  • OK, just found it on the other server... so how do i give it the private key when it only exists on the server I'm connecting to? – simonalexander2005 Nov 03 '15 at 12:02
  • You need to download the key from the server https://www.digitalocean.com/community/tutorials/how-to-use-sftp-to-securely-transfer-files-with-a-remote-server however i would speak to them as they have created the user but it's directory is not set to /home/user – Martin Barker Nov 03 '15 at 12:08
  • wouldn't that mean that both the public and private keys would be on the remote server then? How does that authenticate who is connecting? – simonalexander2005 Nov 03 '15 at 12:08
  • the remote Server has both as its the server that generated the pair, and the connecting client only has the private key – Martin Barker Nov 03 '15 at 12:10
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/31047/discussion-between-martin-barker-and-simonalexander2005). – Martin Barker Nov 03 '15 at 12:10
  • 3
    Ok, to be clear, key pairs should only ever be generated by the person who will be using them, and generated on the system they'll be connecting from. Private jeys are truly private, and should be protected as if they are your password. Public keys on the other hand, do not need to be protected at all. – EEAA Nov 03 '15 at 13:21
1

You need a ~/.ssh/config file on your local server that will associate your key with the user on the remote server such as:

Host yourremoteserver
    User weirduser
    IdentityFile /home/mylocaluser/.ssh/id_rsa

If you want to create a unique key just for weirduser@yourremoteserver use the -f option on ssh-keygen:

ssh-keygen -t rsa -b 1024 -f weirduser

and replace the IdentifyFile line in the ~/.ssh/config file with:

IdentityFile /home/mylocaluser/.ssh/weirduser

Whichever key you decide to use (the default id_rsa or weirduser), you'll need the contents of the corresponding .pub file inserted into weirduser's authorized_keys on the remote server. After you have your config file setup, try (it'll prompt for the remote password then copy the .pub file to the correct authorized_keys):

ssh-copy-id weirduser@yourremoteserver

(Or you could do this manually)

Brandon Xavier
  • 1,942
  • 13
  • 15