You need to chose (nearly any) other shell, preferable bash, for the new user.
Greetings
David
The user has to be in the ssh group as well.
Aslo having this "problem" and my noobness cant decypher your tips.
My plan was to get SSH going so I could setup some unofficial pluggins working but thinking I should get the security up and going first as I tipically dont do such things later on. I was going to put in my own public and private keys on the admin user since root is a big nono.
I am feeling a little lost after starting up my OMV box thinking I could do more from the webgui... even after months reading I cant shake the feeling of being to much of a noob to understand this...
Go to the webinterface where you added the user. Select the ssh group from the group selection and chose bash as shell.
Greetings
David
Thanks David, you pulled me out of the pit I have been stuck in, now I just have to get this working.
I have now gotten the public key on the server in the right place by using the sudo command alot (and set the ssh dir to mode 700) but Putty still asks me for a password when I try to log on. I will have to look better into this tomorrow but I feel I am on the right track.
Because under OMV the ssh server is configured this way that a user is required to be in the ssh group to be able to connect via ssh.
Greetings
David
UPDATE:
I think it was just a permissions issues (ITS ALWAYS A PERMISSIONS ISSUE, lol).
Fixed by doing this to the .ssh DIRECTORY for the user.
chmod -v g=-s .ssh
mode of `.ssh' changed to 0700 (rwx------)And now it looks like I can log in using the public key with both the user and the root, without entering a password.
Original Problem:
I have a similar issue, but in my case, publickey logins only work with root, and not with other users. Using password authentication, I can log into SSH with both root and the user. After setting up publickeys and disabling password authentication, only root can log in via the publickey method and I get a Permission denied (publickey) for the user.
I have tried every thing i think is relevant from these guides and more:
https://sites.google.com/site/…howto/generate-an-ssh-key
https://help.ubuntu.com/community/SSH/OpenSSH/Keys
http://www.openssh.com/faq.html
My user has a home directory on a data drive, and is in the SSH group. I created two different rsa keys on my client (one for each user), and successfully added them using ssh-copy-id for each respective user. (I know about using '-i path/to/key.pub' to select different keys aside from the default id_rsa)
I looked in these files:
/media/uid-x-x-x/folders/user/.ssh/authorized_keys
~/.ssh/authorized_keys
and found the correct public keys inside. With one oddity, the root authorized keys file has a -----BEGIN RSA PRIVATE KEY----- section with a private key, and I am not sure where it came from. The user authorized_keys file contains only the publickey strings. If it needs to have a private key in there, which I don't think that it does, I don't know how to get it there.
The file permissions/owner for the user files did not seem to be correct at first, and I thought I fixed them using chmod an chown.
For the root account, ls- al it looks like this.
drwx------ 2 root root 4096 Feb 23 13:11 .
drwx------ 5 root root 4096 Jan 31 22:56 ..
-rw------- 1 root root 2564 Feb 23 15:07 authorized_keys
and for the user account.
drw---S---+ 2 user users 55 Feb 23 15:23 .
drwxr-sr-x+ 3 user users 49 Feb 23 14:24 ..
-rw-------+ 1 user users 399 Feb 23 14:24 authorized_keys
Not sure what that S is for the .ssh directory.
So this is what happens when i try to log in as the user:
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: [name_of_rsa]
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
and looking in the auth.log, nothing shows up about this.
Even if it is a permissions issue, I tried setting StrictModes no in /etc/ssh/sshd_config, and still no change.
the syslog for sshd is set to info level. And that does not display any of those messages.
if you want to test and debug sshd, try this good tutorial
http://sfxpt.wordpress.com/201…d-server-configuration-2/
I confirm by default you can't login.
You must add ssh group to the user.
If you're anal about security (and I am on this issue...) I disable root ssh access. I ssh as a user, then switch to root once I'm logged into the machine.
Yes, I know, it is my case : root ssh access is disabled.
And after user SU 
I can't use sudo.
There are no webUI to add an user to sudoers file.
This is a good future feature, isn't it ??
Just add the user to the sudo group. You can do that in the web interface.
Yes, I know, it is my case : root ssh access is disabled.
And after user SU
I can't use sudo.
There are no webUI to add an user to sudoers file.
This is a good future feature, isn't it ??
Why would you us sudo, if you can log in as root?
Here's my point.. if for some reason your user account was compromised and someone gained command line access to the machine.. if the user is in the sudo group.. they can be as destructive w/ sudo as they can with root access. If you have a good, solid password for root.. they'd not only have to crack your user password, but they'd have to also crack your root password (assuming the user didn't have sudo access).
None of my users have sudo access.
I am agree with you KM0201, i needn't sudo.
I would have an explanation, have got it : security reason 
If they access your system with your user account, they can probably delete most, if not all, of your data files. Corrupting the system would be the least of my worries at that point.
That said, I don't have users in the sudo group on most of my omv systems (just my dev box). My Ubuntu and Linux Mint systems have the user added to sudo group automatically. Can't be that bad of an idea if the two biggest distros in the world do it...
My Ubuntu and Linux Mint systems have the user added to sudo group automatically.
As far as I know, that only accounts for the User within the installation routine
Also, maybe we can have Volker allow the removal of the users group to implement a dedicated SSH User?
Greetings
David
Yep, just the first user is automatically added to sudo.
Created a Feature Request, but we will see how Volker reacts.
http://bugtracker.openmediavault.org/view.php?id=1275
Greetings
David
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!