Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can't open ssh/authorized_keys of user

I know this may be trivial for some of you.

I'm not a linux expert, and I'm trying to play around with git. To do so I wanted to try to add my public SSH key to the ~/.ssh/authorized_keys of my user git.

the problem though is that when I login with putty into my server with the git user, I can't access any file called ~/.ssh/authorized_keys.

So I tried to do that with root, maybe this is the solution, but I thought there was one authorized_keys per user.

I can see the authorized key, but I don't wannat mess everything up, so I would like to be clear on this one. Is there a way to use my git user account and to modify the ssh/authorized_keys?

Thanks a lot!

like image 467
Thoma Biguères Avatar asked Feb 11 '13 19:02

Thoma Biguères


1 Answers

Sounds like you're almost there! I'm not sure exactly what you have and haven't done though, so I'll explain the whole process.

First, I'm guessing (because you're using puTTY) that your computer runs Windows? If so, first you'll need to install Git for Windows, which you can download from the official Git website. Download it and install it, accepting the default choices in the installer.

That will leave you with an item in your Start menu called Git Bash. You'll use this to perform what comes next. (You don't actually need Git itself installed, but the Git for Windows installer adds some additional tools like ssh-keygen that you will need.)

If your computer is actually running Linux or Mac OS X rather than Windows then you already have the tools you need. You can follow the same instructions, but instead of using Git Bash to enter commands, use a terminal window.

From now on, I'll just refer to typing things "in the terminal". If you're using Windows, type these things in the Git Bash window.

Step 1: On your own computer, check for an SSH key pair

In the terminal, type:

ls ~/.ssh/id_rsa*

This should list two files: id_rsa and id_rsa.pub. If they exist, move on to step 2. If not, type:

ssh-keygen

then follow the prompts to create them. Then run the ls command again to confirm that they're now there.

Step 2: Upload your public SSH key to the server

The public key is the one called id_rsa.pub. You can upload it to the server using the scp command:

scp ~/.ssh/id_rsa.pub [email protected]

Enter the git user's password when prompted.

Step 3: add your key to the git user's authorized_keys file

First SSH in to the server as the git user:

ssh [email protected]

Enter the git user's password again. Once you're logged in as the git user, type the following:

mkdir -p ~/.ssh/

This will create the .ssh directory if it doesn't already exist. If it does exist, it doesn't do anything.

Now add your key to the authorized_keys file:

cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

That will take the contents of id_rsa.pub, the file that you just uploaded, and add them to the end of the authorized_keys file. If authorized_keys doesn't exist, this command will create it first.

(Note: Be really careful to type two right angled brackets (>>) in that command line. Two right angled brackets means append the contents of id_rsa.pub to the authorized_keys file. If you only use one that means replace the contents of authorized_keys with the contents of id_rsa.pub, and you don't want to do that.)

You can check this has worked by running cat on each file and making sure that you can see the contents of id_rsa.pub at the end of authorized_keys:

cat ~/id_rsa.pub
cat ~/.ssh/authorized_keys

Once you've confirmed that, delete id_rsa.pub; you won't need it again.

rm ~/.ssh/id_rsa.pub

Finally, set permissions on the .ssh directory and .ssh/authorized_keys so that only the owner of those files (the git user) can access them. Otherwise, the SSH server will refuse to use them. So:

chmod 700 ~/.ssh
chmod 400 ~/.ssh/authorized_keys

That makes the directory usable only by the git user, and the file inside it only accessible to the git user.

You should find that you're now good to go!

like image 181
Simon Whitaker Avatar answered Sep 30 '22 06:09

Simon Whitaker