Hello all,
I have my RPi with rasbian running perfectly and I can SSH to it using public/private key, and I also have disabled the password authentication on the SSH config file.
Now I want to allow someone else to login into my Pi with restricted access to some areas, so I created a new user with an associated password.
The problem is that, when I try to SSH to my Pi with that user it says that "server refused our key".
I'm trying to login using my private key, everything is exactly the same on Putty but when I'm prompted "login as:" I enter the other username and I get that error...
Everything is OK if I login with user Pi.
Already created AllowUsers and AllowGroups on the config file as well...
Spent all afternoon on Google this thing is driving me crazy lol
Re: can't SSH using another username
Hi Flash636
When you ssh as yourself it automatically checks your key and lets you in.
When you ssh as your friend, I think putty will still try to log in with your key. The key (yours) doesn't match the name (your friend's) so it gets rejected. You need to tell putty to use your friend's key, as well as using your friend's name. Go to Putty Configuration-> Connection -> SSH -> Auth -> browse for key file. Select your friends key and it should work.
Or if you are logging in from the linux command line, use ssh -i <key file>
Jim
When you ssh as yourself it automatically checks your key and lets you in.
When you ssh as your friend, I think putty will still try to log in with your key. The key (yours) doesn't match the name (your friend's) so it gets rejected. You need to tell putty to use your friend's key, as well as using your friend's name. Go to Putty Configuration-> Connection -> SSH -> Auth -> browse for key file. Select your friends key and it should work.
Or if you are logging in from the linux command line, use ssh -i <key file>
Jim
Unix engineer since 1989
Re: can't SSH using another username
The key is unique for each user.
To be able to ssh in as a particular user you need to make sure that your local public key ("/home/YOURUSER/.ssh/id_dsa.pub" on Linux) is appended to the /home/REMOTEUSER/.ssh/authorized_keys file on the remote system.
(where YOURUSER and REMOTEUSER are replaced with the correct usernames)
Your friend will also need to copy their public key to the account they wish to log in to.
To be able to ssh in as a particular user you need to make sure that your local public key ("/home/YOURUSER/.ssh/id_dsa.pub" on Linux) is appended to the /home/REMOTEUSER/.ssh/authorized_keys file on the remote system.
(where YOURUSER and REMOTEUSER are replaced with the correct usernames)
Your friend will also need to copy their public key to the account they wish to log in to.
Re: can't SSH using another username
Hello everyone,
First of all, thank you very much for your time helping me out!
I have the standard user "pi" and want to start using two or three diferent ones and stop using the "pi", and I'm one of those two or three users.
So, I'm starting by creating my own user (on the pi) and trying to login to my raspberry through putty with that newly created user account, and that's when I get the error.
@rpdom - As I'm still trying to login with the user I just created for myself, I'm using the same public/private key pair as I'm using in the "pi" login, so my public key is on the authorized_keys file. But your last sentence "Your friend will also need to copy their public key to the account they wish to log in to." made me think, probably I'll need to have a ./ssh directory on my /home/MYUSER right? or something like that, some configuration related to the accounts on the pi...
@cpc464 - Unfortunately the problem isn't on putty's side, but on the server's, I think. Because I'm using the same key file for both login atempts and also the message is "Server refused our key". The only diference between the two login atempts is when the server asks "login as: " and anything other than "pi" will show that error message
I'm guessing I should configure something on the server, but don't know how...
First of all, thank you very much for your time helping me out!
I have the standard user "pi" and want to start using two or three diferent ones and stop using the "pi", and I'm one of those two or three users.
So, I'm starting by creating my own user (on the pi) and trying to login to my raspberry through putty with that newly created user account, and that's when I get the error.
@rpdom - As I'm still trying to login with the user I just created for myself, I'm using the same public/private key pair as I'm using in the "pi" login, so my public key is on the authorized_keys file. But your last sentence "Your friend will also need to copy their public key to the account they wish to log in to." made me think, probably I'll need to have a ./ssh directory on my /home/MYUSER right? or something like that, some configuration related to the accounts on the pi...
@cpc464 - Unfortunately the problem isn't on putty's side, but on the server's, I think. Because I'm using the same key file for both login atempts and also the message is "Server refused our key". The only diference between the two login atempts is when the server asks "login as: " and anything other than "pi" will show that error message
I'm guessing I should configure something on the server, but don't know how...
Re: can't SSH using another username
Yes, you will need a .ssh directory for each user and each will need a copy of your public key in their authorized_keys file.Flash636 wrote:@rpdom - As I'm still trying to login with the user I just created for myself, I'm using the same public/private key pair as I'm using in the "pi" login, so my public key is on the authorized_keys file. But your last sentence "Your friend will also need to copy their public key to the account they wish to log in to." made me think, probably I'll need to have a ./ssh directory on my /home/MYUSER right? or something like that, some configuration related to the accounts on the pi...
Re: can't SSH using another username
Hi OP
It is more usual to create a separate key pair for each user (this is the intention of ssh). But if you want to use the same key pair, the public part must be in the authorized_keys for each user, and the private part of the key must be on your source system, and you must tell ssh/putty to use that specific private key.
It is more usual to create a separate key pair for each user (this is the intention of ssh). But if you want to use the same key pair, the public part must be in the authorized_keys for each user, and the private part of the key must be on your source system, and you must tell ssh/putty to use that specific private key.
Unix engineer since 1989