Public Key for users with no domain

bsaverino

Member
Dec 4, 2013
13
0
1
cPanel Access Level
Root Administrator
So you can SSH in as the user?

Generate the key pair, ssh-copy-id -i [path to public key] [email protected]

It should ask you for your password, and if good, copy the key over.

-Jason
I followed your steps but after seeing the result I think there is some confusion. I am looking to close root from login. I am then looking at disabling passwords. I would like to create a user that I can use for this task. I have a user that has been created and has no domain attached to it. It is in the wheel group so it has su access. I need to add keys to this user so I can login without a password. I have already created a .ssh directory and an authorized_key file. With your step there is now a public and a private key generated as well. I figured that adding a authorized key file would do the trick but that didn't work.
 

jgillmanjr

Active Member
PartnerNOC
Feb 9, 2012
25
0
51
Lansing, MI
cPanel Access Level
DataCenter Provider
Err, I should have indicated that the key pair should have been generated on the machine you will be connecting from. You won't be doing on the server itself.

The ssh-copy-id utility would then pull the public key and add that to the ~/.ssh/authorized_keys file.

Hopefully that makes a little more sense.

-Jason
 

bsaverino

Member
Dec 4, 2013
13
0
1
cPanel Access Level
Root Administrator
The Authorized keys file already had my key and anyone else who had a key that needed access.

Now that all that is out of the way, any other ideas?
 

bsaverino

Member
Dec 4, 2013
13
0
1
cPanel Access Level
Root Administrator
Let me be more specific on your step.

I added all of the keys I would like imported to authorized keys into the .ssh folder. I can't add those keys because the user doesn't own a domain. For example a user was created through ssh but owns no domain using this setup method How To Create a WHM Reseller Without an Associated Domain

I then used your line to add the key to authorized keys. ssh-copy-id -i /home/username/.ssh/myName.pub username

I think the username should probably be [email protected] however this user has no associated domain. Does that make sense?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

The username for SSH access would be standalone and not prefixed to @hostname. What error message are you receiving when attempting to access SSH as that user?

Thank you.
 

jgillmanjr

Active Member
PartnerNOC
Feb 9, 2012
25
0
51
Lansing, MI
cPanel Access Level
DataCenter Provider
bsaverino,

I think I may have identified the issue here based on your last post.

You don't need to worry about creating the keypair from the machine you'll be connecting to, as indicated. You would do that on the machines you're connecting from.

Also, you won't be running ssh-copy-id on the server either, you run that from the machines/users you'll be connecting from (unless you share the private key that you'll be using).

So say you'll be connecting from 'clientA' with user 'userA' to 'hostB' via 'userB' (userB being the non-cPanel account related user). This is what the setup might look like after the keypair has been setup for userA:

Code:
[email protected] $ ssh-copy-id -i ~/.ssh/id_dsa.pub [email protected]

<it should ask you for the password, and will copy over the key into authorized_keys if things go well>
Then after that, just ssh [email protected], and if things were setup properly, it shouldn't prompt you for a password.

- - - Updated - - -

I should also note that hostB doesn't have to be any particular domain. It can be any domain or IP that will resolve or be assigned to the server (and an IP that SSH will be listening on).
 

bsaverino

Member
Dec 4, 2013
13
0
1
cPanel Access Level
Root Administrator
Ok let me take a step back. We have public keys setup on a lot of other servers (even other cPanel servers) but this situation seems to be different. We have all of the public keys in a list. We added all of those keys inside of authorized_keys, restarted sshd and then tried to login. It still asked for a password for that user.

I then tried to add individual .pub files for each user (essentially copying what some of our other cpanel servers public key records look like). Restarted sshd and then tried to login. It still asked for a password. I am pretty sure that anything
ssh-copy-id
is really just adding items that already exist because I manually put them in to the authorized_keys file already.

It seems like in a cPanel system that another step needs to be taken, since there is no GUI to interact with because the user has been created in ssh and has no domain assigned to the user. We have given the new user reseller privileges so we can see the user there, however we can't add keys or authorize keys on the front end. So the question really is, is there a way to authorize a key in ssh besides adding it to the authorized_keys file?

This seems really trivial but I feel like I am missing something. Thank you for the help.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Feel free to open a support ticket using the link in my signature if you would like us to take a closer look at your existing configuration and determine why it's not working as you expect it to. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

bsaverino

Member
Dec 4, 2013
13
0
1
cPanel Access Level
Root Administrator
I removed the user and created a user with a fake domain and it took care of the issue. This method won't work for dns only but it will have to do for the time being. Maybe when I find more time I will open a ticket. This problem carries through all 5 of our cpanel servers.