Skip to content
This repository has been archived by the owner on Dec 26, 2020. It is now read-only.

Question --> ssh_allow_users -- Should allow specific logins ? #101

Closed
Office-Manager opened this issue Mar 20, 2017 · 7 comments
Closed

Question --> ssh_allow_users -- Should allow specific logins ? #101

Office-Manager opened this issue Mar 20, 2017 · 7 comments
Labels
question

Comments

@Office-Manager
Copy link

Hi ,

First off , thank you for creating this project and making securing the machines that much easier.

I've one issue though. For a single specific machine I'd like to enable normal ssh login for a specific username.
I thought adding that user to the ssh_allow_users in the defaults would permit it but I'm still seeing the permission denied although I can view the /sshd_config which contains the entry.

I'm just wondering what else is required to be done to enable this behaviour ?
@rndmh3ro
Copy link
Member

Hi,

normally setting this should be enough. However to help you I'd need to see your whole sshd_config and the output in the log, /var/log/auth.log or /var/log/secure depending on your operating system.

@Office-Manager
Copy link
Author

Office-Manager commented Mar 22, 2017
edited

Hey @rndmh3ro thanks for the reply. Sorry for the delay but needed access to the machine to get the information for you

Here is the sshd_config file sshd_config

Also here's the logs from the server once sshd was restarted. var/log/messages and var/log/secure

In a desperation attempt I also tried changing this in the sshd_config file

# Authentication
# --------------

# Secure Login directives.
UseLogin yes

But even then the login was denied ( I added the /var/log/messages output for that attempt to the previous gist too)

@rndmh3ro
Copy link
Member

Well it says failed publickey for efthruser. Did you use the correct one? Are the permissions of /home/efthruser/.ssh correct?
Did you try it with another user?

@Office-Manager
Copy link
Author

So the permissions for .ssh and the files within are correct, however I was hoping I'd be able to delete any authorized keys .... I was hoping if the user was listed it would allow them to enter a password and not require a ssh key for access.

@rndmh3ro
Copy link
Member

The key has to be authorized, otherwise it won't work. These are two layers of security, the authorized key and the sshd_config.
Password auth is disabled in the sshd_config.

@Office-Manager
Copy link
Author

ahh I'm such a numpty ,

PasswordAuthentication no is what i need to change instead of UseLogin yes

@rndmh3ro
Copy link
Member

Glad you got it working!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rndmh3ro @Office-Manager