ssh restrictions for user authentication

user2967267 asked:

RHEL 6.8, i have a user locally authenticated and not entirely certain if that user has setup key based logins already from another node to connect to the node in question.

I’m thinking of regenerating the ssh keys for the user in order to prevent him from logging in using the previously setup keys.

I have “root” access to the node. What’s the best way forward to restrict the key based login that would have been set but to keep the same account for other services which we currently use the account for.

My answer:

By default, the list of keys that a user can use to log in to any particular node is stored in $HOME/.ssh/authorized_keys on the node being logged into.

The private key that the user uses to make connections is stored in the node which originates the connection.

If you want to prevent a user logging in using a particular key, you can simply remove it from their authorized_keys file. But be aware that the user can always put it back themselves, if they can log in to that node or otherwise access that file. You can also change the path to the authorized keys file by setting AuthorizedKeysFile in /etc/ssh/sshd_config to a file which the user cannot access. But keep in mind that this will apply to all users.

As for determining how a user authenticated, that information is in your log file /var/log/secure. For example:

# grep Accepted /var/log/secure
Nov 26 03:13:46 www sshd[13925]: Accepted password for user1 from port 3481 ssh2
Nov 26 03:20:22 www sshd[14216]: Accepted publickey for dev2 from port 64386 ssh2: RSA SHA256:...omitted...

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.