The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wheel Group and SSH Keys

Discussion in 'Security' started by sebastian13, Sep 3, 2014.

  1. sebastian13

    sebastian13 Registered

    Joined:
    Sep 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I want to disable direct root logins to my server, which runs WHM with Centos 6.5 and add specific user to the wheel group in order to be able to perform tasks with root privileges using `su`, but cannot find the answer to my problem anywhere - I spent whole day yesterday re-searching online - and no answer.

    I've done the following - while logged in via ssh as root, I've created new user:

    `newuser newsuperuser`

    and I've set the password for it

    `passwd newuserpassword`

    I then went ahead and added that user to the wheelgroup, by going to:

    `Security Center > Manage Wheel Group Users`

    and added newsuperuser to it.

    I then went to:

    `Security Center > Manage root's SSH Keys`

    and generated new key with newpassword - then authorised it.

    Next I've copied the private key to my local (Mac OSX) .ssh directory, run chmod 600 and added file to ssh session:

    `ssh-add newsuperuser_key`

    typed password when prompted.

    Now if I try to connect to the server via ssh using:

    `ssh newsuperuser@800.800.800.800`

    (using the correct IP address :) - I get:

    `Permission denied (publickey,gssapi-keyex,gssapi-with-mic).`

    Any idea what I'm doing wrong? Does wheel group work with ssh keys at all?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    There are several threads open where users have reported this error message. You can search for the following term on Google to see a list of these threads:

    Code:
    "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)." site:forums.cpanel.net
    Let us know if any of those solutions are helpful.

    Thank you.
     
  3. sebastian13

    sebastian13 Registered

    Joined:
    Sep 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I've spent hours on google trying to find the solution, but none of the ones I've found worked for my case - hence I've decided to post it here.

    Can someone assist?


     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Just to clarify, it wasn't a generic Google search, but a list of threads on the cPanel forums with users experiencing that issue. Each thread has potential solutions, so I wanted to be sure you reviewed them before proceeding. If you have, then please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  5. sebastian13

    sebastian13 Registered

    Joined:
    Sep 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks - already did.
     
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    By authorizing a key for root, it gets placed in /root/.ssh/authorized_keys

    If you need to log in as newuser, that public key needs to be put in /home/newuser/.ssh/authorized_keys

    I am unaware of a way to do this via WHM, but it can easily be copied over command line.
     
  7. sebastian13

    sebastian13 Registered

    Joined:
    Sep 3, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    You can authorize keys via WHM - when you either generate or import one, you have option to authorize it - all of my keys are, but it still doesn't work. I can only log in as root@ bot not the user I've set up manually with its own key.
     
  8. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    How are you authorizing keys for non-root users via WHM? As far as I know you can only authorize keys for root logins using the WHM interface. The username on the key itself is irrelevant for that. I've been doing this for years (sshing to an alternate user using keys). To put a public key into another account it has to be placed in /home/newuser/.ssh/authorized_keys

    When you ssh newuser@hostname.com, the SSH server on hostname.com looks in /home/newuser/.ssh/ for any authorized keys. Keys in /root/.ssh/ are only checked when you ssh as root to that server. When you authorize a key using WHM's key management, that's where it goes (/root/.ssh). Other user accounts can't be logged into using that key until it's copied to their home directories .ssh folder with proper permissions.
     
    #8 quizknows, Sep 4, 2014
    Last edited: Sep 4, 2014
Loading...

Share This Page