Error when ssh to remote server when using sudo user

Question

Trying to do ssh to remote machine over sudo user and getting error but doing ssh thru my normal user getting connection error. Here is the detail process.

case_1 - ssh by Normal User - Working fine

• Login to host machine via putty using NormalUser/Password
• generated ssh key using ssh-keygen. Got the private ssh key id_rsa & id_rsa.pub at HostMachine/NormalUser/.ssh.
• copy the HostMachine/NormalUser/.ssh/id_rsa.pub public key data to RemoteMachine/NormalUser/.ssh/authorized_keys
• on HostMachine, do ssh NormalUser@RemoteMachine. Login to the RemoteMachine without asking password. Working fine.

case_2 - ssh by Sudo User - Connection Error

• Login to host machine via putty using NormalUser/Password

• sudo to power user using sudo su - PowerUser

• generated ssh key using ssh-keygen. Got the private ssh key id_rsa & id_rsa.pub at HostMachine/PowerUser/.ssh.

• copy the HostMachine/PowerUser/.ssh/id_rsa.pub public key data to RemoteMachine/PowerUser/.ssh/authorized_keys

• on HostMachine, do ssh PowerUser@RemoteMaehchine. Can NOT login to the RemoteMachine. Getting below error

Is the process mentioned in Case_2 is not allowed in Unix/ssh protocol? If so, then whats the alternate to use ssh for PowerUser.

If not restricted by Unix/ssh, whats I am missing here.

Error--:

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Trying private key: /lch/fxclear/PowerUser/.ssh/identity
debug1: Offering public key: /lch/fxclear/PowerUser/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: SHA1 fp 74:56:cd:eb:f5:00:32:22:9f:e6:42:38:b1:bc:45:b6:6e:00:2f:6e
debug1: read PEM private key done: type RSA
Connection closed by 10.81.37.35

Update_1--: Tried the similar process from new host server to same destination server, similar behavior for both the users but bit diff error as below.

Error--:

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:11175)

debug2: we did not send a packet, disable method
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /lch/fxclear/PowerUser/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:tSSIY3zE4zXhDddegqs4UvvfEGwjmHN54pNZWSekWMo
Authentication failed.

Answer 1

I think there's a permission problem here. Seems like the id_rsa & id_rsa.pub belong to root and can't be read.

There are two probable solutions for you:

1. Add your user to root group (not recommended)

2. change the keys owner using chown

Answer 2

Finally able to resolve this.

Turns out to be my organisations Unix group level restriction who can use ssh to remote login to another box.

The "NormalUser" belonged to a group (on the remote host) where the ssh remote login allowed, where as not for the "PowerUser" group.

On the RemoteHost, the Unix Team added the "PowerUser" to the ssh allowed group and it works fine now.