I am not a sysadmin (I am s software developer) and I am finding the following difficulty working on a Linux CentOS 7 remote machine of a customer.
I am using MobaxTerm to connect to this machine. they provided me a .ppk file and a user.
The .ppk file contains something like this:
PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: MY CUSTOMER KeyPair
Public-Lines: 6
.....................................................................
.....................................................................
.....................................................................Importing this file I can log in into this machine without problem with the usere that they gived to me.
Then, after that I logged in with this provided user, I created a bran new root user using the following commands:
sudo adduser my_new_user
sudo passwd my_new_user
sudo usermod -aG wheel my_new_userafter that I have done this operation I can change user by:
su - my_new_userit works fine and it seems that I have root access.
the problem is that now I can't access via SSH using this my_new_user user. If I try to prompt this username when I perform the log-in I obtain the following error message:
Server refused our key
No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic)I suppose that this error depends by the fact that the imported .ppk file is related to the provided user and not for this brand new user (infact if I disable the .ppk import I obtain the same error also using the original provided user). I think that maybe I have to generate a new .ppk file also for this new user. Is it my reasoning correct? In case what is the correct procedure to generate this and have the chance to log in also with my brand new user?
1 Answer
SSH keys are indeed user-specific, although the user assignment is done on the server and isn't a property of the key itself. The same key can be used to access multiple users/hosts but needs to be separately authorized for each user.
On Linux, the list of permitted keys is stored in the ~/.ssh/authorized_keys file within each user's home directory. It contains a list of public keys (in the OpenSSH format), with one key per line.
Loading your .ppk file in PuTTYgen (or even generating a new key) would directly show its public key in the OpenSSH format, which you can copy into your new user account's "authorized_keys" file.
(if you're editing the file with 'nano', make sure to disable its line-wrapping.)
Also, make sure your customer is actually okay with you creating new accounts on their server, since that's usually the responsibility of sysadmins and not of software developers.
3