VirtualBox allow ssh through NAT only after login local user
- VirtulBox: 6.0
- Host: Arch Linux
- Guest: Ubuntu 16.04.5 LTS
- SSH server: OpenSSH_7.2p2
I configure Port Frowarding: guest 22 -> host localhost:2022.
Authentication method only is "publickey".
When I start my VM I can connect as root but not local user:
ssh -p 2022 root@localhost-> success
ssh -p 2022 user@localhost->user@localhost: Permission denied (publickey).
If I login in VM's window ssh for user will be allowed.
But if I logout in VM's window new ssh connection for user will be denied.
How allow connections for user after start VM (without local login in window)?
ubuntu ssh virtualbox
asked Jan 12 at 9:10
petrikozpetrikoz
31
add a comment |
- VirtulBox: 6.0
- Host: Arch Linux
- Guest: Ubuntu 16.04.5 LTS
- SSH server: OpenSSH_7.2p2
I configure Port Frowarding: guest 22 -> host localhost:2022.
Authentication method only is "publickey".
When I start my VM I can connect as root but not local user:
ssh -p 2022 root@localhost-> success
ssh -p 2022 user@localhost->user@localhost: Permission denied (publickey).
If I login in VM's window ssh for user will be allowed.
But if I logout in VM's window new ssh connection for user will be denied.
How allow connections for user after start VM (without local login in window)?
ubuntu ssh virtualbox
asked Jan 12 at 9:10
petrikozpetrikoz
31
Yes, it is. Thank you! Post your comment as answer I will choose it.
– petrikoz
Jan 12 at 10:43
add a comment |
- VirtulBox: 6.0
- Host: Arch Linux
- Guest: Ubuntu 16.04.5 LTS
- SSH server: OpenSSH_7.2p2
I configure Port Frowarding: guest 22 -> host localhost:2022.
Authentication method only is "publickey".
When I start my VM I can connect as root but not local user:
ssh -p 2022 root@localhost-> success
ssh -p 2022 user@localhost->user@localhost: Permission denied (publickey).
If I login in VM's window ssh for user will be allowed.
But if I logout in VM's window new ssh connection for user will be denied.
How allow connections for user after start VM (without local login in window)?
ubuntu ssh virtualbox
asked Jan 12 at 9:10
petrikozpetrikoz
31
- VirtulBox: 6.0
- Host: Arch Linux
- Guest: Ubuntu 16.04.5 LTS
- SSH server: OpenSSH_7.2p2
I configure Port Frowarding: guest 22 -> host localhost:2022.
Authentication method only is "publickey".
When I start my VM I can connect as root but not local user:
ssh -p 2022 root@localhost-> success
ssh -p 2022 user@localhost->user@localhost: Permission denied (publickey).
If I login in VM's window ssh for user will be allowed.
But if I logout in VM's window new ssh connection for user will be denied.
How allow connections for user after start VM (without local login in window)?
ubuntu ssh virtualbox
ubuntu ssh virtualbox
asked Jan 12 at 9:10
petrikozpetrikoz
31
asked Jan 12 at 9:10
petrikozpetrikoz
31
asked Jan 12 at 9:10
petrikozpetrikoz
31
asked Jan 12 at 9:10
petrikozpetrikoz
31
asked Jan 12 at 9:10
petrikozpetrikoz
31
31
Yes, it is. Thank you! Post your comment as answer I will choose it.
– petrikoz
Jan 12 at 10:43
add a comment |
Yes, it is. Thank you! Post your comment as answer I will choose it.
– petrikoz
Jan 12 at 10:43
Yes, it is. Thank you! Post your comment as answer I will choose it.
– petrikoz
Jan 12 at 10:43
Yes, it is. Thank you! Post your comment as answer I will choose it.
– petrikoz
Jan 12 at 10:43
add a comment |
1 Answer
1
active
oldest
votes
Probably the user's home directory along with ~/.ssh/authorized_keys is encrypted; locally logged user makes it readable.
There is this question on Unix & Linux SE: Can't do SSH public key login under encrypted home. From there:
In the
ssh_configfile, you can can change the location of where it looks for your private key. You could probably do something like make a new folder at/etc/ssh/keys/and put yourid_rsaprivate key file in there and then change theIdentityFileoption inssh_configto look in the new location. In doing so you'll want to take certain measures to secure your private key.
This is assuming you're the only user of the computer. If not, you can make folders like
/etc/ssh/keys/john/and/etc/ssh/keys/dogbert/and then in theIdentityFileoption put/etc/ssh/keys/%u/id_rsa
But also:
But if your encryption techinque uses your password as a key to decrypt everything you will still have to type it in to get everything decrypted.
So a true passwordless login will not work here (unless you want to store your password somewhere in cleartext to be automatically fed to the decryption process, but this is even more unsecure then not encrypting at all).
[…]
Ubuntu uses ecryptfs to mount an encrypted partition on login time (so when you supply your password) […]. [After you login via SSH without the password] you will not have your home folder unencrypted automatically. To mount it unencrypted you will have to enter this on every login:
/sbin/mount.ecryptfs_private
Which will ask you for your login password again.
answered Jan 12 at 10:53
Kamil MaciorowskiKamil Maciorowski
27.2k155982
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1393456%2fvirtualbox-allow-ssh-through-nat-only-after-login-local-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Probably the user's home directory along with ~/.ssh/authorized_keys is encrypted; locally logged user makes it readable.
There is this question on Unix & Linux SE: Can't do SSH public key login under encrypted home. From there:
In the
ssh_configfile, you can can change the location of where it looks for your private key. You could probably do something like make a new folder at/etc/ssh/keys/and put yourid_rsaprivate key file in there and then change theIdentityFileoption inssh_configto look in the new location. In doing so you'll want to take certain measures to secure your private key.
This is assuming you're the only user of the computer. If not, you can make folders like
/etc/ssh/keys/john/and/etc/ssh/keys/dogbert/and then in theIdentityFileoption put/etc/ssh/keys/%u/id_rsa
But also:
But if your encryption techinque uses your password as a key to decrypt everything you will still have to type it in to get everything decrypted.
So a true passwordless login will not work here (unless you want to store your password somewhere in cleartext to be automatically fed to the decryption process, but this is even more unsecure then not encrypting at all).
[…]
Ubuntu uses ecryptfs to mount an encrypted partition on login time (so when you supply your password) […]. [After you login via SSH without the password] you will not have your home folder unencrypted automatically. To mount it unencrypted you will have to enter this on every login:
/sbin/mount.ecryptfs_private
Which will ask you for your login password again.
answered Jan 12 at 10:53
Kamil MaciorowskiKamil Maciorowski
27.2k155982
add a comment |
Probably the user's home directory along with ~/.ssh/authorized_keys is encrypted; locally logged user makes it readable.
There is this question on Unix & Linux SE: Can't do SSH public key login under encrypted home. From there:
In the
ssh_configfile, you can can change the location of where it looks for your private key. You could probably do something like make a new folder at/etc/ssh/keys/and put yourid_rsaprivate key file in there and then change theIdentityFileoption inssh_configto look in the new location. In doing so you'll want to take certain measures to secure your private key.
This is assuming you're the only user of the computer. If not, you can make folders like
/etc/ssh/keys/john/and/etc/ssh/keys/dogbert/and then in theIdentityFileoption put/etc/ssh/keys/%u/id_rsa
But also:
But if your encryption techinque uses your password as a key to decrypt everything you will still have to type it in to get everything decrypted.
So a true passwordless login will not work here (unless you want to store your password somewhere in cleartext to be automatically fed to the decryption process, but this is even more unsecure then not encrypting at all).
[…]
Ubuntu uses ecryptfs to mount an encrypted partition on login time (so when you supply your password) […]. [After you login via SSH without the password] you will not have your home folder unencrypted automatically. To mount it unencrypted you will have to enter this on every login:
/sbin/mount.ecryptfs_private
Which will ask you for your login password again.
answered Jan 12 at 10:53
Kamil MaciorowskiKamil Maciorowski
27.2k155982
add a comment |
Probably the user's home directory along with ~/.ssh/authorized_keys is encrypted; locally logged user makes it readable.
There is this question on Unix & Linux SE: Can't do SSH public key login under encrypted home. From there:
In the
ssh_configfile, you can can change the location of where it looks for your private key. You could probably do something like make a new folder at/etc/ssh/keys/and put yourid_rsaprivate key file in there and then change theIdentityFileoption inssh_configto look in the new location. In doing so you'll want to take certain measures to secure your private key.
This is assuming you're the only user of the computer. If not, you can make folders like
/etc/ssh/keys/john/and/etc/ssh/keys/dogbert/and then in theIdentityFileoption put/etc/ssh/keys/%u/id_rsa
But also:
But if your encryption techinque uses your password as a key to decrypt everything you will still have to type it in to get everything decrypted.
So a true passwordless login will not work here (unless you want to store your password somewhere in cleartext to be automatically fed to the decryption process, but this is even more unsecure then not encrypting at all).
[…]
Ubuntu uses ecryptfs to mount an encrypted partition on login time (so when you supply your password) […]. [After you login via SSH without the password] you will not have your home folder unencrypted automatically. To mount it unencrypted you will have to enter this on every login:
/sbin/mount.ecryptfs_private
Which will ask you for your login password again.
answered Jan 12 at 10:53
Kamil MaciorowskiKamil Maciorowski
27.2k155982
Probably the user's home directory along with ~/.ssh/authorized_keys is encrypted; locally logged user makes it readable.
There is this question on Unix & Linux SE: Can't do SSH public key login under encrypted home. From there:
In the
ssh_configfile, you can can change the location of where it looks for your private key. You could probably do something like make a new folder at/etc/ssh/keys/and put yourid_rsaprivate key file in there and then change theIdentityFileoption inssh_configto look in the new location. In doing so you'll want to take certain measures to secure your private key.
This is assuming you're the only user of the computer. If not, you can make folders like
/etc/ssh/keys/john/and/etc/ssh/keys/dogbert/and then in theIdentityFileoption put/etc/ssh/keys/%u/id_rsa
But also:
But if your encryption techinque uses your password as a key to decrypt everything you will still have to type it in to get everything decrypted.
So a true passwordless login will not work here (unless you want to store your password somewhere in cleartext to be automatically fed to the decryption process, but this is even more unsecure then not encrypting at all).
[…]
Ubuntu uses ecryptfs to mount an encrypted partition on login time (so when you supply your password) […]. [After you login via SSH without the password] you will not have your home folder unencrypted automatically. To mount it unencrypted you will have to enter this on every login:
/sbin/mount.ecryptfs_private
Which will ask you for your login password again.
answered Jan 12 at 10:53
Kamil MaciorowskiKamil Maciorowski
27.2k155982
answered Jan 12 at 10:53
Kamil MaciorowskiKamil Maciorowski
27.2k155982
answered Jan 12 at 10:53
Kamil MaciorowskiKamil Maciorowski
27.2k155982
answered Jan 12 at 10:53
Kamil MaciorowskiKamil Maciorowski
27.2k155982
27.2k155982
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1393456%2fvirtualbox-allow-ssh-through-nat-only-after-login-local-user%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Yes, it is. Thank you! Post your comment as answer I will choose it.
– petrikoz
Jan 12 at 10:43