SSH login, how to set keys to user accounts

Question

I have 3 people with 3 windows machine and 1 ubuntu 12.04 server. I have created each user account and added them to the sudo group. I have copied the public keys straight from puttygen straight into the authenticated_keys file.

I want to know how to tell each key to allow a specific user in. all the keys end in rsa-ssh "date". all the keys work for my account but not for any of the other accounts when I want one key to work for one account.

I have tried adding user@computername at the end of the key in the authenticated_keys files, but no luck. I just get No Supported Authentication methods available.

I have looked all over google but cant find a easy explanation.

Thank you for any help.

Answer 1

You have to copy the ssh public keys to each user account. Otherwise, the keys will only work for your account.

~/.ssh/authorized_keys

Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as this user.

So, every user that will use the keys to log in, needs their respective keys in each users ~/.ssh/authorized_keys.

Related

• https://security.stackexchange.com/q/34216/27973
• https://apple.stackexchange.com/q/21959
• How to use multiple ssh keys with different accounts and hosts

Answer 2

You want the SSH Server in Linux to accept incoming requests. Therefore it exists a file containing all acceptable public keys for that specific user(!): ~/.ssh/authenticate_keys

Also: As we need the keys locally on the connection-accepting system. Copy somehow (e.g. with SCP-Connection with password authentication) the public key-parts (that with -pub at the end) into the ~/.ssh directory !

The following is to be done for each user in the Linux system. So best would be (for beginners) to log in to each user seperatly and do the steps. More experienced users would login only once and change user id's...

Start of your work-loop:

So login to user1:

Check if '.ssh' directory does exist, if not just create the '.ssh' directory yourself: mkdir ~/.ssh

In ~/.ssh/authenticate_keys each line has a public(!) key. So if you 'cat' into it use '>>' to not overwrite contents and add at the end (if this file was not existing before it doesn't matter, it will be created automatically): e.g.

cat id_rsa.user1.pub >>~/.ssh/authenticate_keys

Then it is important to have the right user-rights (if not SSL will refuse to accept the keys, so it's important!):

==> the directory itself

chmod 700 ~/.ssh

==> and the public-keys-file

chmod 600 ~/.ssh/authenticate_keys

You are done with "user1", logout, and login with "user2" ... repeat and replace "user1" by "user2" key ...