Solved ssh: why i cannot use Public key with users not in wheel group ?

[Roland]

Hi,


I try to use a ssh connection with Public Key (ECDSA)

In client:

I create a private/public key
ssh-keygen -t ecdsa
i choose filename: id_ecdsa_toto


In remote server: IP:AAA.BBB.CCC.DDD
I create a new user: toto. toto is not in wheel group.

I add my public key
id_ecdsa_toto.pub in /home/toto/.ssh/authorized_keys2

when i try connect
ssh -i .ssh/ecdsa_toot AAA.BBB.CCC.DDD

Permission denied (publickey).

ssh -i .ssh/ecdsa_toot AAA.BBB.CCC.DDD -vvv

debug1: Offering ECDSA public key: id_ecdsa_toto
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).

if i put toto in the WHEEL group, i have not the problem...

debug1: Offering ECDSA public key: id_ecdsa_toto
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ecdsa-sha2-nistp256 blen 104

Thanks,

Roland

 

[aaron]

IIRC authorized_keys2 has been deprecated for some time now. Just put the pub key in authorized_keys .

 

[Roland]

Hi Aaron,

thanks but,

with toto's privileges
/home/toto/.ssh # mv authorized_keys2 authorized_keys

with root's privileges
service sshd restart

sorry, same result...

I still can not connect without being in the wheel group

Roland

 

[ShelLuser]

Did you make any changes in /etc/ssh/sshd_config? I'd start there. For example the AllowGroups option. I'd also carefully check the file permission bits for the users .ssh directory. Is it possible that you generated that while being root and now he doesn't have access unless he's part of the wheel group?

 

[Roland]

Problem solved.
Is it possible that you generated that while being root and now he doesn't have access ? yes

Thanks ShelLuser.