Skip to Content

How will an ssh gateway user login into a remote server/ cloud instance as a system user with the same name as the ssh gateway user?

User identity and access management in SSH

There might be situations where the ssh gateway users needs to login to a remote server with the same username as on the ssh gateway server instead of 'root'.  This feature is used for user id

For example,

How would you ensure that that your ssh gateway user 'tony' would always login into the remote server as the system user 'tony' on the remote server instead of root?

You can use Pass User Through feature or Sub SSH user 

 

Method 1.  Pass User Through 

Refer to the following article on Pass-through User.

You would need to ensure that a user with the same name as the jump server user exists on the remote server.

 

Method 2.  Sub SSH User 

Here is how to ensure that the ssh gateway user 'tony' would ssh into the  remote server and login as the system user 'tony' on the remote server corporate.eznoc.com which belongs to the server group Linux cloud instances

Note: Make sure to use the Password Management as "Automatic" or " Keep given password", or else the user won't be created on the remote servers that being added after creating sub ssh user. 

  1. Create the SSH gateway user 'tony'.
    ssh gateway user list


  2. Create Sub SSH users called 'Tony'. This step would create system users by the name 'tony' across the servers added in gui. If the system user 'tony' already exist on the remote server, then select unmanaged while adding the system user.


    You can edit the password and SSH private key of the unmanaged user 'tony' by clicking the Edit option 

  3. Edit the user 'tony' and select the 'sub ssh user' 'tony' as well. This will ensure that the jump server user 'tony' will always login to remote server as the user 'tony' itself. 
     
    If the sub ssh user is unmanaged, ie if the user 'tony' already exists on remote servers, then you can generate key pair for the user 'tony' and paste the private key below. The public key needs to be entered manually on the remote servers. If you are getting the error Wrong passphrase or corrupted key while adding private keys refer article.
    This feature is available from version 7.15.0 only.
    IAM

  4. ssh as gateway user 'tony' and enter the server corporate.eznoc.com  and you would be logged in as the user 'tony' on the remote server corporate.eznoc.com.  Also, you can see that the Sub SSH User listed in the ezinfo command. The user tony would be logged in as system user tony on all servers.
    subssh-ezsh 

How to add a Sub SSH User on selected remote servers?

Add Sub SSH User to newly created remote servers.

To create a sub ssh user on a single server or multiple servers at a time, select that remote server from the list and click on Setup Sub SSH Users on selected servers from the right menu bar.

After selecting it will prompt for confirmation. Click on Yes for the sub ssh user creation on the selected remote servers.

To ignore Sub SSH User for a particular remote server enable Ignore Sub SSH User under the Advanced Section of the Server Edit  (Server ->Edit-> Ignore Sub SSH User) so that sub SSH User creation will be ignored for that remote server.

Creation of Subssh user fails

If the Ezeelogin gateway server has more remote servers, it will take more time to create the subssh user in all the servers. Refer below article to increase the execution time of the script in the gateway server.

Increase script execution time in gateway server