Okay, so I’ll try to paint this as quick as possible, as I’m trying to get this figured out;
3 Servers (A, B, and C) (all using RHEL - all 3 servers have same key in .ssh path)
2 Users (1 and 2) (using WinSCP)
User 1 + Server A = Access!
User 2 + Server A = Denied
User 1 + Server B = Denied
User 2 + Server B = Denied
User 1 + Server C = Denied
User 2 + Server C = Denied
So, both User 1 and 2 are using the same login information, from different laptops, to access the 3 Servers.
The key on Server A, is the same as B and C. However, User 1 can’t even access Server B or C with the same key, present in the same location.
What am I missing, and what am I doing wrong? Do I need a new key for each user for each device? From what I could find online, the short bits of information I could find, indicated that I could just copy the same key to the other devices, of which have already been done, in the same location.
NOTE: I’m a bit of a Jr Sys Admin, who’s been on a binge to learn as much as I can! This may have been a bit ambitious for me to take on.
SOLUTION:
PT1: User entries in /etc/passwd had incorrect home location and couldn’t properly see the key to authenticate with.
PT2: They had two users, using two different keys, but failed to mention this.
I would check ownership and permissions on the keys and .ssh folders. I would also use a hash to check that they are indeed identical. It wouldn’t hurt to look in the authorized_keys file to since that is what really controls access.
I would check /etc/ssh/sshd_config and /etc/ssh/sshd_config.d/* to make sure there isn’t anything funny going on with the ssh daemon.
I would also check the logs on the servers and see if there is any munkey business going on there.
You could also check host name resolution, in case you are ssh’ing into yourhost.com instead of 192.168.1.1. (Maybe it’s DNS?)
It’s not entirely clear to me if users are logging in to RHEL as themselves (user1->user1@rhel) or as a different user (e.g. user1->root@rhel).
ssh key based login requires configuration for each user on the server.
Meaning that on RHEL the home folder of user account being logged into needs to have a .ssh folder (e.g. /home/user1/.ssh or /root/.ssh).
To authorize ssh login, you need to have the public key of the user logging (user1, user2, or both) added to the authorized_keys file.