Private Key/Public Key - User Access Failing, need help please!

Okay, so I’ll try to paint this as quick as possible, as I’m trying to get this figured out;

3 Servers (A, B, and C) (all using RHEL - all 3 servers have same key in .ssh path)
2 Users (1 and 2) (using WinSCP)

User 1 + Server A = Access!
User 2 + Server A = Denied
User 1 + Server B = Denied
User 2 + Server B = Denied
User 1 + Server C = Denied
User 2 + Server C = Denied

So, both User 1 and 2 are using the same login information, from different laptops, to access the 3 Servers.

The key on Server A, is the same as B and C. However, User 1 can’t even access Server B or C with the same key, present in the same location.

What am I missing, and what am I doing wrong? Do I need a new key for each user for each device? From what I could find online, the short bits of information I could find, indicated that I could just copy the same key to the other devices, of which have already been done, in the same location.

NOTE: I’m a bit of a Jr Sys Admin, who’s been on a binge to learn as much as I can! This may have been a bit ambitious for me to take on.

1 Like

Can you post the output of the ssh session? If you are on Linux add the -v condition.

So, I’m using WinSCP. The output is just “server refused our key”.

Else the connection authenticates, and I get our login banner message.

Here are my free trouble shooting hints…

I would check ownership and permissions on the keys and .ssh folders. I would also use a hash to check that they are indeed identical. It wouldn’t hurt to look in the authorized_keys file to since that is what really controls access.

I would check /etc/ssh/sshd_config and /etc/ssh/sshd_config.d/* to make sure there isn’t anything funny going on with the ssh daemon.

I would also check the logs on the servers and see if there is any munkey business going on there.

You could also check host name resolution, in case you are ssh’ing into yourhost.com instead of 192.168.1.1. (Maybe it’s DNS?)

2 Likes

I’ll add to the mystery.

authorized_keys (ownership)
Server A - owner is User 2
Server B - owner is root
Server C - owner is User 2

Now, User 1 can access Server A, using a key that’s owned by User 2, with no read access for anyone other than User 2 (600).

I messed around with the file and folder permissions but came up with the same results.

1 Like

It’s not entirely clear to me if users are logging in to RHEL as themselves (user1->[email protected]) or as a different user (e.g. user1->[email protected]).

ssh key based login requires configuration for each user on the server.

Meaning that on RHEL the home folder of user account being logged into needs to have a .ssh folder (e.g. /home/user1/.ssh or /root/.ssh).
To authorize ssh login, you need to have the public key of the user logging (user1, user2, or both) added to the authorized_keys file.

1 Like