Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial

To: debian-user@lists.debian.org
Subject: Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
From: Greg Wooledge <wooledg@eeg.ccf.org>
Date: Fri, 23 Sep 2016 08:51:02 -0400
Message-id: <[🔎] 20160923125101.GY3805@eeg.ccf.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] bb5b7b05-480e-e74f-8cbf-afe7d0a65d6e@secure.mailbox.org>
References: <[🔎] 201609211018.55216.gheskett@shentel.net> <[🔎] 20160921162439.GD1361@tuxteam.de> <[🔎] dfb47646-5336-0062-0025-831dc8ec12f8@secure.mailbox.org> <[🔎] 20160922173317.GB15370@tuxteam.de> <[🔎] bb5b7b05-480e-e74f-8cbf-afe7d0a65d6e@secure.mailbox.org>

On Fri, Sep 23, 2016 at 12:31:00PM +0000, Stephan Beck wrote:
> I have created a new user account with
> adduser --disabled-password
> What do I want to do?
> I'd like to login to this account "test" from my normal user account by
> ssh via pubkey authentication. My (normal) user account has its keys
> generated and properly deposited on localhost. I logged into the account
> "test" via su - test, creating a keypair. Fine.

Typically, you want to create the keypair as the user on the machine which
will be the client.  This way the private key never has to be touched,
moved, looked at, etc.

So, you want to ssh
FROM user "stephan" on this machine
TO   user "test"    on this (same) machine

The private key needs to reside in ~stephan/.ssh/ where the client will
see it.

The public key needs to be concatenated into ~test/.ssh/authorized_keys
where the server will see it.

> How do I get this public key onto localhost?

Trick question.  You are already on the correct machine.  You just need
to have everything in the correct places (files/directories) with the
correct ownerships.

> I mean, I can create an authorized_keys file manually, copying the
> public key into this authorized_keys file, but it's still in the user's
> directory where it has been generated, it needs to be sent (or get
> somehow) to localhost.

As user stephan:

stephan@hostname:~$ ssh-keygen

As user root:

stephan@hostname:~$ sudo mkdir -p ~test/.ssh
stephan@hostname:~$ sudo sh -c 'cat ~stephan/.ssh/id_rsa.pub >> ~test/.ssh/authorized_keys'
stephan@hostname:~$ sudo chown test ~test/.ssh ~test/.ssh/authorized_keys
stephan@hostname:~$ sudo chmod 700 ~test/.ssh
stephan@hostname:~$ sudo chmod 600 ~test/.ssh/authorized_keys

(Of course, if you prefer you could just obtain a root shell and then run
all of the commands without sudo.)

As user stephan, to test that it works:

stephan@hostname:~$ ssh test@localhost id

If your username isn't actually "stephan", substitute accordingly.

Reply to:

Follow-Ups:
- Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
  - From: Stephan Beck <sbeck@secure.mailbox.org>
- Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
  - From: Stephan Beck <sbeck@secure.mailbox.org>

References:
- Need a tutorial
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Need a tutorial
  - From: <tomas@tuxteam.de>
- Re: Need a tutorial
  - From: Stephan Beck <sbeck@secure.mailbox.org>
- Re: Need a tutorial
  - From: <tomas@tuxteam.de>
- sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
  - From: Stephan Beck <sbeck@secure.mailbox.org>

Prev by Date: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Next by Date: RESOLVED Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Previous by thread: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Next by thread: Re: sending authorized_keys to localhost from an account being created with adduser --disabled-password [was] Re: Need a tutorial
Index(es):
- Date
- Thread