Facebook
TwitterPlesk 12.5, CentOS 6.7: ssh auth by certificate
Please make sure that you've granted a shell access to your user. Go to your subscription -> Web Hosting Access and check that "Access to the server over SSH" has something like "/bin/bash"
kiav
Basic Pleskian
I already done it before installing Plesk plugin for ssh keys.
In most cases I've seen earlier the problem is related to improper PuTTY configuration, rather than problems on the server side.
Try to take some Linux machine with the shell access, generate SSH key, put it to Plesk (via SSH keys manager) and check the ability to connect using keys. This action should help to localise the problem (server or client side configuration is not ok).
Try to take some Linux machine with the shell access, generate SSH key, put it to Plesk (via SSH keys manager) and check the ability to connect using keys. This action should help to localise the problem (server or client side configuration is not ok).
kiav
Basic Pleskian
A already use this certyificate on nearly ten servers. Most of them are CentOS servers. But they all use authorized_keys2 instead of authorized_keys (like PLesk plugin does).
File authorized_keys2 is deprecated for ages. Could you tell please which OS do you use? Also please provide the output of the command: ssh -V
File authorized_keys should also work for you then. Unless you've changed the AuthorizedKeysFile variable in sshd_config file.
kiav
Basic Pleskian
1.) I installed CentOS 6.7 Minimal
2.) Installed EPEL, fio, sysbench, deinstalled EPEL.
3.) Chenged hostname (/etc/sysconfig/network, /etc/hosts)
4.) Installed Plesk 12.5
5.) Opened three ports in IPv4 iptables (8443, 8447, 80)
Then I installed several packages and returned EPEL. I did not changed /etc/ssh/sshd_config at all.
2.) Installed EPEL, fio, sysbench, deinstalled EPEL.
3.) Chenged hostname (/etc/sysconfig/network, /etc/hosts)
4.) Installed Plesk 12.5
5.) Opened three ports in IPv4 iptables (8443, 8447, 80)
Then I installed several packages and returned EPEL. I did not changed /etc/ssh/sshd_config at all.
So according to your sshd_config file the authorized_keys file should work. But it doesn't?
kiav
Basic Pleskian
Yes, it dows not work.
kiav
Basic Pleskian
I found solution for root.
The /root/.ssh and /root/.ssh/authorized_keys must be owned by root:root
But what should I do with non-privileged user (e.g. with login user). Under Plesk all files are owned by user:psacln. I can't change ownership to user:user because of absense of such user group.
The restorecon -r /var/www/vhosts/example.com/.ssh does not help too.
The /root/.ssh and /root/.ssh/authorized_keys must be owned by root:root
But what should I do with non-privileged user (e.g. with login user). Under Plesk all files are owned by user:psacln. I can't change ownership to user:user because of absense of such user group.
The restorecon -r /var/www/vhosts/example.com/.ssh does not help too.
kiav
Basic Pleskian
Found in 'man sshd':
~/.ssh/authorized_keys
Lists the public keys (RSA/ECDSA/DSA) that can be used for log-
ging in as this user. The format of this file is described
above. The content of the file is not highly sensitive, but the
recommended permissions are read/write for the user, and not
accessible by others.
If this file, the ~/.ssh directory, or the user’s home directory
are writable by other users, then the file could be modified or
replaced by unauthorized users. In this case, sshd will not
allow it to be used unless the StrictModes option has been set to
“no”.
I checked permisions. Neither user home directory, nor .ssh and authorized_keys are writable by other users. But I tested setting StrictModes to "no" and restartin sshd. It does not help.
~/.ssh/authorized_keys
Lists the public keys (RSA/ECDSA/DSA) that can be used for log-
ging in as this user. The format of this file is described
above. The content of the file is not highly sensitive, but the
recommended permissions are read/write for the user, and not
accessible by others.
If this file, the ~/.ssh directory, or the user’s home directory
are writable by other users, then the file could be modified or
replaced by unauthorized users. In this case, sshd will not
allow it to be used unless the StrictModes option has been set to
“no”.
I checked permisions. Neither user home directory, nor .ssh and authorized_keys are writable by other users. But I tested setting StrictModes to "no" and restartin sshd. It does not help.
Similar threads
