[paramiko] automated public key auth as another user

Fri Sep 28 12:27:19 PDT 2007

Thanks again Todd for your response. I have good news that was a long
way for a little cookie. As not uncommon, my problem was environment
related.

I've got 7 boxes I can test with and 3 userids I can test with. Out of
this 20+ possible userid/box combinations, I chose THE one for which the
home directory of the userid had permissions set to rwxrwxrwx. Today I
(rather randomly) tried logging in as another user without a password
onto another box and was successful (my goal) and then did the same with
numerous other userids. I eventually identified that the home
directories I was successfully logging into were set to rwxr-xr-x. I
changed the permissions on the home directory on the failing userid/box
combination to rwxr-xr-x and, of course, I logged in without a password.

Thank you for your diligent assistance.

Regards,
Joe 

-----Original Message-----
From: Todd Whiteman [mailto:toddw at activestate.com] 
Sent: Friday, September 28, 2007 1:26 PM
To: Powell, Joe
Cc: paramiko at green.lag.net; Smith, T; Valencik, Kenneth; Nonamaker,
William T
Subject: Re: [paramiko] automated public key auth as another user

Powell, Joe wrote:
> Todd,
> 
> Thank you for responding. Please pardon me if I am being dense. How do

> I create a "specified user's key" (as you state below) without 
> creating that user? Here is my scenario:
> 
> A. I am user "Joe".
> B. I want to login to box 10.1.1.100 as user "Bob" without having to 
> create a user named "Bob" on my box.
> C. I append Joe's public key ~/.ssh/id_rsa.pub to 
> /home/Bob/.ssh/authorized_keys on 10.1.1.111. (I log in to 10.1.1.111 
> without a password as Joe.) D. In my paramiko script, I am unable to 
> log in to 10.1.1.111 as Bob using Joe's private key file, i.e.
> auth_publickey('Bob','/home/Joe/.ssh/id_rsa').
> 
> The best I can do is:
> A. Create user Bob and a key for it on my box.
> B. Copy the key to Joe's .ssh directory as something like
'Bobs_id_rsa'.
> C. Append Bob's public key /home/Bob/.ssh/id_rsa.pub on my box to 
> /home/Bob/.ssh/authorized_keys on 10.1.1.111.
> C. Specify Bob's private key, e.g. /home/Joe/.ssh/Bobs_id_rsa, in the 
> script. This works but it means I have to create Bob.
> 
> Please help me see what I am missing. 
> 
> Regards,
> Joe
> 

Hi Joe,

You may want to read up on how the public/private key system works in 
SSH (there are a lot of pages out there covering this):
   http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html
   http://sourceforge.net/docman/display_doc.php?docid=761&group_id=1

As user Joe, you should be able to setup passwordless connections 
without having to add a Bob user to Joe's machine. I'd try to get this 
working outside of Paramiko first, simple steps are:
   http://lists.debian.org/debian-user/2007/01/msg00339.html

  1. Generate Joe's public/private key "joe_key" and "joe_key.pub"
  2. Add Joe's public key to Bob's "authorized_keys" file.
Now, when you want to login from Joe to Bob:
  3. Joe adds *his* key file to the agent "ssh-add joe_key"
  4. ssh bob at 10.1.1.100

Are you able to get the above setup working?

Cheers,
Todd