added new user but cant get into ssh with them

[durangod]

Hi,

i added a new reseller user, added them to the wheel group, did a new key, converted the key to putty format using putty generator just like i did with my root key.

I have it set up just like my root key on my pc however using the new key.

But every time i try to login to ssh with the new user i get this. .

Disconnected: No supported authentication methods available(serversent:publickey,gssapi-keyex,gssapi-with-mic)

so i did some googling, and i tried different things, tried turning on gssapi in the config, that didnt work, i even redid the key totally again, that didnt work. I added AllowedUsers and AllowedGroups to the config with the data, that didnt work.

I know the login works because when i turn on password auth i can log in with new user. But for some reason it does not like it when i have pw auth off.

Im on a vps with centOS 6.5 and OpenVZ and im running configserver firewall.

Any ideas what i can try next, im stumped?

 

[cPanelMichael]

Hello

Have you tried temporarily accessing SSH over a command line SSH utility (e.g. from another server or Linux/OSX) to rule out an issue with the Putty conversion itself?

Thank you.

 

[durangod]

no sir, unfortunately i dont have that option. I cant possible be the only one who has had this issue so im still googling and trying different keywords to see if i can find something on this issue and what might be causing it. I used the same generator in the same way on the root key so the new user key should work as well.

 

[durangod]

I did find this

support.rightscale.com/06-FAQs/FAQ_0038_-_How_can_I_get_PuTTY_to_work_to_SSH_into_running_instances

but im not running rightscale, but i did try their idea about adding a new line into the key before you convert, didnt work for me.

ill keep looking.

 

[durangod]

how about this

http://forums.cpanel.net/f34/ssh-ke...publickey-gssapi-keyex-gssapi-mic-297251.html

the link provided on the bottom post says its because the home dir is encrypted and it cant access it.. Is this true?

 

[durangod]

i think i found part of the problem. Before i did anything with moving anything at all, i wanted to check file permissions on the key files. So in ssh dir i did a list -alh and there is only one rsa key for root, there is no key listed in here for the second key i made.

i see
ssh config
sshd config
sshd config rpmnew
ssh host dsa key but thats a mailtrap
ssh host dsa key pub but thats also a mailtrap
ssh host key
ssh host key pub
ssh host rsa key thats a mailtrap
ssh host rsa key pub thats a mailtrap

there is no key in here for my second user key unless its one of those mailtraps, but not sure why it would be. As a test i deleted my new user ssh key and redid the dir, restarted ssh, and same number of files.

So that new user key is either stored someplace else or its not writing to the dir. What is strange is that it wrote the root key but does not seem to make the new key in the same dir.. wierd

 

[durangod]

I also noticed in my sshd config that my authorized key file location is commented out, it was like that as system default. Should that be?

 

[cPanelMichael]

Please feel free to open a support ticket so we can take a closer look at what you have actually configured. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[durangod]

ok will do thanks. But i did find something, not sure if it means anything. The keys are stored in .ssh not ssh i found them both. And if i had paid attention when i created the key it tells you where its stored grrrr it says its stored in /root/.ssh/ so i went there instead of ssh and there they are both of them.

there is an authorized_keys and an authorized_keys2 so wondering if thats the problem.

we were planning to do the xfer of site files tonight but we will hold off. my host is planning on updating the kernel tonight or tomorrow and also i dont have my SSL cert xfered over yet, so you will get the message when you access.

Ok ill do a ticket now thanks. Whoever works on this ticket please do not change anything on the server, let me do it. My host will freak out if you make any changes, let me do them thanks.

 

[durangod]

Your Request id is: 5282487

 

[durangod]

Ok this should be the resolve for this, samir is awesome, i wish i had his skills. I am off to try this but i am sure it will work now that i understand the process.

the key to this whole issue is this, and new people need to understand this right away. Maybe it needs to be the first sentence on the install docs lol..

"root is managed via WHM and users are created and given privilages in WHM, but after that then users are managed via Cpanel including creating keys for such user"

that means that when you want to create a new user to use for ssh instead of your root, you need to create the user in WHM, add to the wheel group in WHM, then log into Cpanel ip:2083 as that username and that pw you just created and make the ssh key there (not in WHM) '

that is where i messed up, i was creating the ssh key in WHM for the new user and expected it to work. The key for the user has to be created in cPanel

Then you can set PermitRootLogin to no and you should be able to log in an use sudo or su when you need the privilages.

I dont remember ever seeing anywhere, not in install, not in docs, not in any forum post that you had to do the user key via Cpanel. That really needs to be stated in bold anytime we talk about this issue on any post.

Now im off to try it. if you dont hear from me that means it didnt work and i jabbed a inkpen in my eye lol, or it worked lmao

hee hee...

thanks

 

[durangod]

ps, yes it works, so no pen in my eye, just lots of sleepy sleepies lol...

 

[cPanelMichael]

I am happy to see the issue is now resolved. Thank you for updating us with the outcome.