The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

added new user but cant get into ssh with them

Discussion in 'Security' started by durangod, Jul 28, 2014.

  1. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Hi,

    i added a new reseller user, added them to the wheel group, did a new key, converted the key to putty format using putty generator just like i did with my root key.

    I have it set up just like my root key on my pc however using the new key.

    But every time i try to login to ssh with the new user i get this. .

    Code:
    
    Disconnected: No supported authentication methods available(serversent:publickey,gssapi-keyex,gssapi-with-mic)
    
    

    so i did some googling, and i tried different things, tried turning on gssapi in the config, that didnt work, i even redid the key totally again, that didnt work. I added AllowedUsers and AllowedGroups to the config with the data, that didnt work.

    I know the login works because when i turn on password auth i can log in with new user. But for some reason it does not like it when i have pw auth off.

    Im on a vps with centOS 6.5 and OpenVZ and im running configserver firewall.

    Any ideas what i can try next, im stumped?
     
    #1 durangod, Jul 28, 2014
    Last edited: Jul 28, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Have you tried temporarily accessing SSH over a command line SSH utility (e.g. from another server or Linux/OSX) to rule out an issue with the Putty conversion itself?

    Thank you.
     
  3. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    no sir, unfortunately i dont have that option. I cant possible be the only one who has had this issue so im still googling and trying different keywords to see if i can find something on this issue and what might be causing it. I used the same generator in the same way on the root key so the new user key should work as well.
     
  4. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    I did find this

    support.rightscale.com/06-FAQs/FAQ_0038_-_How_can_I_get_PuTTY_to_work_to_SSH_into_running_instances

    but im not running rightscale, but i did try their idea about adding a new line into the key before you convert, didnt work for me.

    ill keep looking.
     
  5. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
  6. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    i think i found part of the problem. Before i did anything with moving anything at all, i wanted to check file permissions on the key files. So in ssh dir i did a list -alh and there is only one rsa key for root, there is no key listed in here for the second key i made.

    i see
    ssh config
    sshd config
    sshd config rpmnew
    ssh host dsa key but thats a mailtrap
    ssh host dsa key pub but thats also a mailtrap
    ssh host key
    ssh host key pub
    ssh host rsa key thats a mailtrap
    ssh host rsa key pub thats a mailtrap

    there is no key in here for my second user key unless its one of those mailtraps, but not sure why it would be. As a test i deleted my new user ssh key and redid the dir, restarted ssh, and same number of files.

    So that new user key is either stored someplace else or its not writing to the dir. What is strange is that it wrote the root key but does not seem to make the new key in the same dir.. wierd
     
    #6 durangod, Jul 29, 2014
    Last edited: Jul 29, 2014
  7. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    I also noticed in my sshd config that my authorized key file location is commented out, it was like that as system default. Should that be?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please feel free to open a support ticket so we can take a closer look at what you have actually configured. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  9. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    ok will do thanks. But i did find something, not sure if it means anything. The keys are stored in .ssh not ssh i found them both. And if i had paid attention when i created the key it tells you where its stored grrrr :( it says its stored in /root/.ssh/ so i went there instead of ssh and there they are both of them.

    there is an authorized_keys and an authorized_keys2 so wondering if thats the problem.

    we were planning to do the xfer of site files tonight but we will hold off. my host is planning on updating the kernel tonight or tomorrow and also i dont have my SSL cert xfered over yet, so you will get the message when you access.

    Ok ill do a ticket now thanks. Whoever works on this ticket please do not change anything on the server, let me do it. My host will freak out if you make any changes, let me do them thanks. :)
     
  10. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Your Request id is: 5282487
     
  11. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Ok this should be the resolve for this, samir is awesome, i wish i had his skills. :) I am off to try this but i am sure it will work now that i understand the process.

    the key to this whole issue is this, and new people need to understand this right away. Maybe it needs to be the first sentence on the install docs lol..

    "root is managed via WHM and users are created and given privilages in WHM, but after that then users are managed via Cpanel including creating keys for such user"

    that means that when you want to create a new user to use for ssh instead of your root, you need to create the user in WHM, add to the wheel group in WHM, then log into Cpanel ip:2083 as that username and that pw you just created and make the ssh key there (not in WHM) '

    that is where i messed up, i was creating the ssh key in WHM for the new user and expected it to work. The key for the user has to be created in cPanel

    Then you can set PermitRootLogin to no and you should be able to log in an use sudo or su when you need the privilages.

    I dont remember ever seeing anywhere, not in install, not in docs, not in any forum post that you had to do the user key via Cpanel. That really needs to be stated in bold anytime we talk about this issue on any post.

    Now im off to try it. if you dont hear from me that means it didnt work and i jabbed a inkpen in my eye lol, or it worked lmao

    hee hee...

    thanks
     
    #11 durangod, Jul 30, 2014
    Last edited: Jul 30, 2014
  12. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    ps, yes it works, so no pen in my eye, just lots of sleepy sleepies lol...
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page