linux - ssh via public keys failing for account on CentOS 6 with user id below 500 -


i converted non-login user jenkins, created jenkins ci server installation, allow log in doing following:

  1. adding home dir , shell in /etc/passwd file jenkins user
  2. creating home directory

i created public private key pair by

  1. added public & private keys in .ssh directory in new home space
  2. created , authorized_keys file
  3. set correct permissions .ssh directory , contents.

now, on machine, root can su - jenkins , become jenkins user. however, on remote machine cannot ssh public key machine (as jenkins user respective keys).

i created new user on machine via useradd, copied jenkins ssh keys on account , able log in user using keys.

i'm stumped special jenkins user blocking ssh public key access. thing sticks out in mind jenkins user created user id of 498. there blocking 'system' user allowing ssh?

the end of ssh command -v enabled failing login user jenkins looks this:

 debug1: authentications can continue: publickey,gssapi-keyex,gssapi-with-mic  debug1: next authentication method: publickey  debug1: trying private key: id_rsa  debug1: read pem private key done: type rsa  debug1: authentications can continue: publickey,gssapi-keyex,gssapi-with-mic  debug1: no more authentication methods try.  permission denied (publickey,gssapi-keyex,gssapi-with-mic).

the successfull login user foo (with same keys):

 debug1: authentications can continue: publickey,gssapi-keyex,gssapi-with-mic  debug1: next authentication method: publickey  debug1: trying private key: id_rsa  debug1: read pem private key done: type rsa  debug1: authentication succeeded (publickey).  authenticated jenkins.internal.nara.me ([54.83.203.146]:22).  debug1: channel 0: new [client-session]  debug1: requesting no-more-sessions@openssh.com  debug1: entering interactive session.  debug1: sending environment.  debug1: sending env lang = en_us.utf-8

you missing among :

  • permission on home directory of jenkins user not right (like not owned user, or world or group-writableà
  • ssh not allowing key-based authentication users
  • having unexpected carrigae-return in authorized_keys file

to debug this, reload sshd 

loglevel verbose

in /etc/ssh/sshd_config

and @ /var/log/auth.log (or centos equivalent) information on why key not accepted. in verbose mode, sshd says why ;)


Comments

Post a Comment

Popular posts from this blog

javascript - RequestAnimationFrame not working when exiting fullscreen switching space on Safari -

request animation frame stops working when exiting fullscreen clicking on original space's safari window. fine if fullscreen mode canceled escape key or calling cancelfullscreen(). steps reproduce: open https://dl.dropboxusercontent.com/u/769042/prezi/safari-fullscreen.html click "draw raf", kittie appears click "fullscreen", go fullscreen click "draw raf", kittie appears go space original safari was, showing "click exit fullscreen mode", click anywhere, out fullscreen click "draw raf", nothing happens what handling click calling: window.requestanimationframe(draw); which draws on canvas context: function draw() { ctx.drawimage(img, math.random()*500|0, math.random()*400|0, 100, 100); } i checked .hidden , .visibilitystate, updated correctly. tested on osx 10.9.3, safari 7.0.4 (9537.76.4). has workaround/solution other switching old settimeout? this sounds webkit bug 88940 : using reque
Read more

Python ctypes access violation with const pointer arguments -

i have api i'm trying wrap in python (2.7.6 on win7) code using ctypes. here's api: client_dllfunc bool clientapi search_exporttoclipcopy(clienthsearch handle, int channel, lpctstr filename, const time_t& from, const time_t& to, const bool* cameras, int length, bool usepassword, lpctstr password, bool includetextin = false, bool excludeplayer = false); the issue i'm having cameras argument; , i've had issue other const pointer arguments well. here's how i'm wrapping api: def search_exporttoclipcopy(self, hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, password, includetextin=true, excludeplayer=false): exporttoclipcopy = self.sdkdll.search_exporttoclipcopy exporttoclipcopy.argtypes = [c_int, c_int, c_wchar_p, c_long, c_long, pointer(c_bool), c_int, c_bool, c_wchar_p, c_bool, c_bool] exporttoclipcopy.restype = c_bool exporttoclipcopy(hsearch, csearch, filename, tfrom, tto, cameras, length, usepassword, pass
Read more