I am trying to setup a passwordless login from machineA to machineB for my user david which already exits. This is what I did to generate the authentication keys:
[email protected]:~$ ssh-keygen -t rsa ........ [email protected]:~$ ssh-keygen -t rsa ........
After that I copied id_rsa.pub (/home/david/.ssh/id_rsa.pub) key of machineA into machineB authorized_keys file (/home/david/.ssh/authorized_keys) key.
And then I went back to machineA login screen and ran below command and it worked fine without any issues. So I was able to login into machineB as david user without asking for any password.
Question:
Now I created a new user on machineA and machineB both by running this command only useradd golden. And now I want to ssh passwordless from this golden user into machineB from machineA. I did same exact step as above but it doesn’t work.
[email protected]:~$ sudo su - golden [email protected]:~$ ssh-keygen -t rsa ........ [email protected]:~$ sudo su - golden [email protected]:~$ ssh-keygen -t rsa ........
And then I copied id_rsa.pub key /home/golden/.ssh/id_rsa.pub for golden user from machineA to machineB authorized_keys file /home/golden/.ssh/authorized_keys. And when I try to ssh, it gives me:
[email protected]:~$ ssh [email protected] Connection closed by 23.14.23.10
What is wrong? It doesn’t work only for golden user which I created manually through this command useradd. I am running Ubuntu 14.04. Is there any settings that I need to enable for this manual user which I created?
In the machineB auth.log file, below is what I am seeing when I run this command from machineA ssh -vvv [email protected] to login
Jan 3 17:56:59 machineB sshd[25664]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key Jan 3 17:56:59 machineB sshd[25664]: pam_access(sshd:account): access denied for user `golden' from `machineA' Jan 3 17:56:59 machineB sshd[25664]: pam_sss(sshd:account): Access denied for user golden: 10 (User not known to the underlying authentication module) Jan 3 17:56:59 machineB sshd[25664]: fatal: Access denied for user golden by PAM account configuration [preauth]
Is there anything I am missing? Below is how my directory structure looks like:
[email protected]:~$ pwd /home/golden [email protected]:~$ ls -lrtha total 60K -rw------- 1 golden golden 675 Nov 22 12:26 .profile -rw------- 1 golden golden 3.6K Nov 22 12:26 .bashrc -rw------- 1 golden golden 220 Nov 22 12:26 .bash_logout drwxrwxr-x 2 golden golden 4.0K Nov 22 12:26 .parallel drwxr-xr-x 2 golden golden 4.0K Nov 22 12:34 .vim drwxr-xr-x 7 root root 4.0K Dec 22 11:56 .. -rw------- 1 golden golden 17K Jan 5 12:51 .viminfo drwx------ 2 golden golden 4.0K Jan 5 12:51 .ssh drwx------ 5 golden golden 4.0K Jan 5 12:51 . -rw------- 1 golden golden 5.0K Jan 5 13:14 .bash_history [email protected]:~$ pwd /home/golden [email protected]:~$ ls -lrtha total 56K -rw------- 1 golden golden 675 Dec 22 15:10 .profile -rw------- 1 golden golden 3.6K Dec 22 15:10 .bashrc -rw------- 1 golden golden 220 Dec 22 15:10 .bash_logout drwxr-xr-x 7 root root 4.0K Jan 4 16:43 .. drwx------ 2 golden golden 4.0K Jan 5 12:51 .ssh -rw------- 1 golden golden 9.9K Jan 5 12:59 .viminfo drwx------ 6 golden golden 4.0K Jan 5 12:59 . -rw------- 1 golden golden 4.6K Jan 5 13:10 .bash_history
Update:
In machineA:
cat /etc/passwd | grep golden golden:x:1001:1001::/home/golden:/bin/bash
In machineB:
cat /etc/passwd | grep golden golden:x:1001:1001::/home/golden:/bin/bash
Answer
The issue is with PAM stack configuration. Your host is configured with pam_access and default configuration is not allowing external/SSH access for the new user golden ,even though your keys are setup properly.
Adding golden user into /etc/security/access.conf as below fixed the issue.
+:golden:ALL
To see more information readman access.conf which explains each field of this file. Look at examples section to understand the order and meanings of LOCAL, ALL etc