Arch Linux

RalphORama

Member

Registered: 2013-09-07

Posts: 8

Public key authentication for users with non-standard home directory?

I'm working on setting up a server, and I've stumbled across a strange problem. I can't seem to get public key authentication working for a user that has a non-standard home directory location. I have a user for my Nginx server (aptly named nginx). This user's home directory is /usr/share/nginx, the location of the files for my webserver. However, I'd like to be able to log in as this user over SSH. For security reasons, I use public key authentication as the only means of authentication for SSH.
With my default user (let's call them 'deploy'), whose keyfiles are located in /home/deploy/.ssh, public key authentication works perfectly. However, with the same permission and folder structure, I can't log in as nginx over SSH. How can I fix this?

Relative information:
- Parts of sshd_config

AllowUsers deploy nginx
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no

- ls /usr/share/nginx -la && ls /usr/share/nginx/.ssh -la

drwx------   2 nginx nginx  4096 Jan  5 15:56 .ssh
-r-------- 1 nginx nginx 738 Jan  5 15:56 authorized_keys

- when I run a diff on /usr/share/nginx/.ssh/authorized_keys and /home/deploy/.ssh/authorized_keys, the two files are identical.

Slithery

Administrator

From: Norfolk, UK

Registered: 2013-12-01

Posts: 5,776

Re: Public key authentication for users with non-standard home directory?

What happens when you try to log in as the nginx user?

Run the ssh command with full verbosity (-vvv) and post the output.

---

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

owain

Member

Registered: 2009-08-24

Posts: 251

Re: Public key authentication for users with non-standard home directory?

What are the permissions on the directory /usr/share/nginx/.ssh? Anything other than 700, and sshd will probably complain (but only on the server, not to the client).

However, I have to ask, why the non-standard user? I presume the nginx user has a /bin/false shell in /etc/passwd (which sshd might also dislike)?

RalphORama

Member

Registered: 2013-09-07

Posts: 8

Re: Public key authentication for users with non-standard home directory?

What happens when you try to log in as the nginx user?

Run the ssh command with full verbosity (-vvv) and post the output.

I'm using KiTTY / Filezilla to access the user, so I'm not sure how to do full verbosity. When I try to log in with KiTTY, I get the error "Disconnected: No supported authentication methods available (server sent: publickey)

What are the permissions on the directory /usr/share/nginx/.ssh? Anything other than 700, and sshd will probably complain (but only on the server, not to the client).

However, I have to ask, why the non-standard user? I presume the nginx user has a /bin/false shell in /etc/passwd (which sshd might also dislike)?

drwx------   2 nginx nginx  4096 Jan  5 15:56 .ssh
-r--------  1 nginx nginx  738 Jan  5 15:56 authorized_keys

Also, I have nginx set up with /bin/bash as the shell. I have the nginx user set up for convenience, honestly.

Last edited by RalphORama (2015-01-06 18:55:00)

Spider.007

Member

Registered: 2004-06-20

Posts: 1,175

Re: Public key authentication for users with non-standard home directory?

Have a look at the journal on the server; what does it tell you when you attempt to login? I also have to mention that system/application-users aren't meant to be used for logins. You're supposed to use proper permissions and groups for that