On my system ssh client authentication was allowed for root, but I wanted ssh client authentication to be allowed only for non root users.
To disable ssh as root, I changed the PermitRootLogin yes to PermitRootLogin no, but now I am not able to ssh to my platform.
Can anybody let me know how I can enable ssh client authentication only for non root users?
The configuration of ssh server is done in a file called /etc/ssh/sshd_config. You should open this file and check the following:
1) Is there any of the following instructions?
AllowUsers ...
AllowGroups ...
DenyUsers ...
DenyGroups ...
If so, you will have to change it to allow connection as yourself.
2) Is there an instruction stating:
PasswordAuthentication no
If there is, it means ssh authentication can occur only through cryptographic keys. Since you obviously do not have one, this effectively bars you from ssh'ing into the system.
Change this to
PasswordAuthentication yes
so that you may test whether this is the whole solution to your problem. Once you have persuaded yourself ssh works for you too, establish a cryptographic key for yourself, and turn off PasswordAuthentication again. On the Net there are many useful guides on how to use keys rather than passwords for authentication. Do it. Your security will greatly improve.
To complete this test, you will have to restart your SSH server, otherwise the changes introduced into /etc/ssh/sshd_config will not come into effect. Doing that depends on your system:
sudo service ssh restart
or sudo systemctl daemon-reload sudo systemctl restart sshd
(the first one is for Debian and derivatives, the second one for Arch Linux, Fedora, and in general systemd systems).
3.) Is there an instruction
PermitRootLogin no
while you are trying to log in as root? If so, change the above no into a yes.
If this still does not solve the problem, you will have to provide debugging details, which can be obtained by issuing on the client machine
ssh me@my_pc -vv
which outputs a fair amount of data, useful for this task. There is an equivalent (and much more informative, for obvious security reasons) option to be issued on the server: you need first to stop the service,
sudo service ssh stop
sudo systemctl stop sshd
and then restart it with
sudo /usr/sbin/sshd -Dd
sudo /usr/bin/sshd -Dd
again for the two types of systems (I am not sure for systemd distros apart from Arch, perhaps the first form applies to all systems apart from Arch).
This will generate info necessary for debugging.
Not sure what kind of Linux / Unix you are using. I often use Ubuntu, where it's like this:
Login through SSH as a normal user is allowed by default. You can login by
ssh -l myuser myhost
or by
ssh myuser@myhost
Have you tried it like this? If yes, I can think of the following common reasons for failure:
To debug, try to use -vvv while trying to login with ssh, as this gives you a lot of debug messages about what SSH is trying and what happens.
ssh -vvvvand you'll get more clues. It's some configuration issue.nonrootuser? please add all the additional information (including your other comment) to your question, so people do not have to read the comments to fully understand your problem.