Linux: How to setup authorized_keys so can log in as different user

0

local user ID: GregD remote user ID: GregTD

I know how to setup authorized_keys so I can log in as GregD. but I need to connect to a server as GregTD, and despite having added my authorized_keys to .ssh/ (yes have have the permissions set correctly), and even having successfully run ssh-copy-id, I'm still asked for a password when I try to ssh GregTD@foo

Listing of remote .ssh:

GregTD@foo $ ls -alh
total 32K
drwx------+ 2 GregTD GregTD 4.0K Mar 29 10:53 ./
drwxrwxr-x+ 6 GregTD GregTD 4.0K Mar 29 10:52 ../
-rw-------+ 1 GregTD GregTD  398 Mar 29 10:53 authorized_keys
lrwxrwxrwx. 1 GregTD GregTD   15 Mar 29 10:31 authorized_keys2 -> authorized_keys
-rw-rw-r--+ 1 GregTD GregTD  188 Mar 29 10:18 known_hosts

Listing of my .ssh:

$ ls -alh ~/.ssh/
total 200
drwx------   16 GregD  GregD   544B Mar 29 10:53 ./
drwxr-xr-x+ 184 GregD  GregD   6.1K Mar 26 09:37 ../
-rwx------    1 GregD  GregD   2.1K Feb 28 12:09 authorized_keys*
-rwx------    1 GregD  GregD   679B Feb 28 12:09 config*
-rw-------    1 GregD  GregD   1.7K Feb 28 12:09 github_rsa
-rw-r--r--    1 GregD  GregD   401B Feb 28 12:09 github_rsa.pub
-rw-------    1 GregD  GregD   1.6K Feb 28 12:09 id_rsa
-rw-r--r--    1 GregD  GregD   398B Feb 28 12:09 id_rsa.pub
-rwx------    1 GregD  GregD    47K Mar 19 21:15 known_hosts*

What I've done:

$ ssh-copy-id GregTD@foo
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/GregD/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
GregTD@foo's password: 

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'GregTD@foo'"
and check to make sure that only the key(s) you wanted were added.


$ ssh -v GregTD@foo
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/GregD/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to foo [10.146.103.127] port 22.
debug1: Connection established.
debug1: identity file /Users/GregD/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/GregD/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/GregD/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/GregD/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/GregD/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/GregD/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/GregD/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/GregD/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to foo:22 as 'GregTD'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: A key
debug1: Host 'foo' is known and matches the ECDSA host key.
debug1: Found key in /Users/GregD/.ssh/known_hosts:124
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/GregD/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /Users/GregD/.ssh/id_dsa
debug1: Trying private key: /Users/GregD/.ssh/id_ecdsa
debug1: Trying private key: /Users/GregD/.ssh/id_ed25519
debug1: Next authentication method: password
GregTD@foo's password:

Ran ssh -vv twice, once as GregTD (failed), and once as GregD (success)

There were two differences: Failed:

debug1: rekey after 4294967296 blocks
debug2: key: /Users/m082166/.ssh/id_rsa (0x7fef96e12320)

Success:

debug1: rekey after 4294967296 blocks
debug2: key: /Users/m082166/.ssh/id_rsa (0x7fb600e0a420)
...
debug1: Offering RSA public key: /Users/m082166/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279

2nd success (wanted to see if key changed. It did):

debug2: key: /Users/m082166/.ssh/id_rsa (0x7fb600e0a420)

Is any of this useful? What I'm trying to do should work, yes?

Greg Dougherty

Posted 2018-03-29T16:03:52.917

Reputation: 111

What's the content of /Users/GregD/.ssh/? Your private key is read from there and seems to be missing: No such file or directory. – yahol – 2018-03-29T16:19:53.923

1May need to look into /var/log/auth.log or /var/log/dmesg on the remote system. – LawrenceC – 2018-03-29T16:41:06.173

"debug1: key_load_public: No such file or directory" is looking for a certificate file for the key. Which isn't needed, since otherwise none of my other remote logins would work. I've added an ls for my .ssh – Greg Dougherty – 2018-03-29T17:01:02.390

You're right, my mistake. Adding to @LawrenceC's comment: also /var/log/secure on CentOS/RHEL/Fedora-like systems. Will increasing verbosity show message after "Offering RSA public key..."? – yahol – 2018-03-29T17:17:08.253

How do I increase verbosity? Unfortunately, neither auth.log nor dmesg exist, and secure is only readable by root, which I am not – Greg Dougherty – 2018-03-29T17:23:31.500

You can increase verbosity up to 3 levels: -v, -vv, -vvv. Try first with -vv, as it produces some interesting output. – yahol – 2018-03-29T17:30:00.057

Ran it with -vv, added results – Greg Dougherty – 2018-03-29T17:53:50.330

Maybe there’s some weird interaction with LibreSSL and openSSL if your sshd is linked against OpenSSL. Make sure ssh and sshd are same version. – LawrenceC – 2018-03-30T18:58:19.120

@LawrenceC I have two accounts on the server, one GregD one GregTD. I can connect with my public-private key pair just fine as GregD. I only have problems connecting to the GregTD – Greg Dougherty – 2018-04-04T14:45:46.753

No answers

Asked: 2018-03-29T16:03:52.917

Viewed: 155 times

Active: 2018-03-29T17:53:25.443