Resolved Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

[Peter Carlsson]

When i ssh and run npm i get root as owner and my app brakes. I need to ssh as a customer to run npm build and i have added customer ssh user but i get:

Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

Under: Access to the server over SSH
i also have a lot of options other than Forbidden, what should i choose?

Please advise.

 

[AYamshanov]

Hi Peter Carlsson,

Is it your own server? Did you install Plesk on top of the server or do you deploy image in some Cloud Environment? Looks like a password-based authentication is disabled in SSH-server config. Could you provide details about the environment, Linux version, Plesk version?

 

[Peter Carlsson]

Thank you @AYamshanov .

My server is a 4 GB Memory / 60 GB Disk / AMS3 Digital Ocean VPS with CentOS Linux 7.4.1708 (Core)‬, Plesk Onyx Version 17.5.3 Update #37, last updated on Jan 17, 2018 10:58 AM


I have installed Node 8.x and then Plesk using this:

wget https://autoinstall.plesk.com/plesk-installer
chmod +x plesk-installer
./plesk-installer

 

[Peter Carlsson]

When i created the DO VPS i choosed ssh key. Is that the problem with ssh into the server with another user than root?

 

[AYamshanov]

Hi,

As I know, you can't create a server on DO with password/without ssh key. ssh key is required always. In sshd config of the base image, password authentication is disabled but you can tune it by self.

Updated: Yes, you can create a server without ssh key, then you will receive a root password by email.

 

[Peter Carlsson]

Well, i now created an new VPS on DO and i skipped the ssh key and now i get ordinary ssh login with root password so maybe it will work logging in a customer with ssh.

I just need to know what to select in the customers ssh option, there are plenty of choices besides forbidden?

 

[AYamshanov]

How to enable password authentication:

1. Change "PasswordAuthentication no" to "PasswordAuthentication yes" in /etc/ssh/sshd_config
2. restart sshd with "service sshd restart" as root
3. I test with default user "centos", so, I need to set password for this user "passwd centos" as root
4. Check with "ssh centos@localhost"

 

[Peter Carlsson]

PasswordAuthentication yes allready set upon creating VPS since i didn't checked ssh key.

I added password for user centos and it worked fine so i guess it will work for any customer now.

I just need to know what to select in the customers ssh option, there are plenty of choices besides forbidden?

Thank you so much @AYamshanov im very close to get this all working now and cant wait to bring out the credit card

 

[AYamshanov]

Do you ask about this drop down list?


Here you need to choose a shell for a customer.

• https://www.quora.com/What-is-difference-between-bash-zsh-tcsh-sh-etc-Which-one-should-I-use
• "nologin" registered in system as a shell but not allow login to system by ssh

DESCRIPTION
nologin displays a message that an account is not available and exits
non-zero. It is intended as a replacement shell field for accounts that
have been disabled.

If the file /etc/nologin.txt exists, nologin displays its contents to the
user instead of the default message.

 

[Peter Carlsson]

I appreciate the link but since i'm lacking skills here is it possible that you could recommend a choice for me?

I will never let my customer in to Plesk i just need to do stuff "as my customer" so the permissions on files, folders and processes don't break.

 

[AYamshanov]

I suggest using the same shell as root user (/bin/bash), it will much comfortable

An example how to check root's shell:

# grep ^root /etc/passwd
root:x:0:0:root:/root:/bin/bash

 

[Peter Carlsson]

Ok, so i will choose /bin/bash ?

 

[AYamshanov]

Yes.
Also, you can want to compare /bin/bash and /bin/bash (chrooted). "Chrooted" is more secure but not all system commands are available. Try both, I think you quickly find the differences.

 

[Peter Carlsson]

Works perfect, use only get's access to their stuff. Just how i want it.

Spasiba @AYamshanov