SSH: Server refused public-key signature despite accepting key!

This will be quick one :). If you are trying to connect to a server via SSH with Putty in combination with Pageant, and you are expecting an error message in the title of this post, chances are, your version of Pageant is too old. Upgrade your Pageant to the latest version and you should be good to go.

Directadmin – auto assign custom authorized_keys for newly created users – SSH access

I setup a Directadmin server which was primary for website hosting. Separating every project with new DirectAdmin user is a good practice security vise. If one website/project is hacked, other sites that are with different users are safe. But creating new users and then set up ssh keys that are allowed for every user can be time consumedly. In this case, ssh public keys were the same for every user as only developers were able to ssh connect to user account. I created a simple script that will create .ssh directory and authorized_keys with public keys for every user.

  • First, create script  user_create_post.sh inside /usr/local/directadmin/scripts/custom/.
  • Create template file with all ssh  public keys that should be assign to every new user. I created file /usr/local/directadmin/data/custom-authorized_keys
  • Add this content to the script:
    #!/bin/sh

    mkdir /home/$username/.ssh
    chown $username:$username /home/$username/.ssh
    cp /usr/local/directadmin/data/custom-authorized_keys /home/$username/.ssh/authorized_keys
    chown $username:$username /home/$username/.ssh/authorized_keys
    chmod 600 /home/$username/.ssh/authorized_keys

    echo "SSH keys added!"

    exit 0;
  • Give this script execution rights
    chmod +x /usr/local/directadmin/scripts/custom/user_create_post.sh

That is it. Every time a new user is created, .ssh directory with authorized_keys will be created inside user’s home account.

SSH without your certificate / overridde ssh certificate

If you want to test if users can ssh to a server with their passwords but your attempt is overridden by your ssh certificate, this is how you can do it.

ssh user@my.hostname.com -o PreferredAuthentications=password

© 2024 geegkytuts.net
Hosted by SIEL


About author