User identity and access management in SSH
How to login into the remote server with the same username as the ssh gateway user?
Overview: This article explains how to ensure that an SSH gateway user logs into a remote server with the same username. It covers two methods: pass the user through by ensuring the same username exists on both the gateway and remote servers, and creating a sub SSH user with the same name across all remote servers. It also includes instructions for deleting and adding subssh user on remote servers.
There might be situations where the SSH gateway users need to log in to a remote server with the same username as the SSH gateway user.
For example: How would you ensure that your SSH gateway user 'tony' would always login into the remote server as the system user 'tony' on the remote server?
Method 1. Pass User Through
Refer to the article on Pass-through User.
Note: Note: You would need to ensure that a user with the same name as the jump server user exists on the remote server.
Method 2. Sub SSH User
Here is how to ensure that the SSH gateway user 'tony' would SSH into the remote server and login as the system user 'tony' on the remote server corporate.eznoc.com which belongs to the server group Linux cloud instances.
Note: Make sure to use the Password Management as "Automatic" or " Keep given password", or else the user won't be created on the remote servers that being added after creating sub ssh user.
Note: You can also establish a subordinate SSH user using a non-privileged user allowing a gateway user to log into the remote server as a sub ssh user.
Refer to the article for more details: Create sub ssh user with non-privileged remote ssh user
Step 1: Create the SSH gateway user 'tony'.
Step 2: Create Sub SSH user called 'tony'. This step would create system users by the name 'tony' across the servers added in GUI. If the system user 'tony' already exist on the remote server, then select unmanaged while adding the system user.
Note: You can edit the password and SSH private key of the unmanaged user 'john' by clicking the add/edit option.
Note: If the sub ssh user is unmanaged, ie if the user 'tony' already exists on remote servers, then you can generate key pair for the user 'tony' and paste the private key below. The public key needs to be entered manually on the remote servers. If you are getting the error Wrong passphrase or corrupted key while adding private keys refer article.
Step 3: Edit the user 'tony' and select the 'sub ssh user' 'tony' as well. This will ensure that the jump server user 'tony' will always login to the remote server as the user 'tony' itself.
Step 4: SSH as gateway user 'tony' and enter to the remote server 'centos.server 'and you will be logged in as the user 'tony' on the remote server centos.server. Also, you can see that the Sub SSH User listed in the ezinfo command. The user 'tony' would be logged in as system user 'tony' on all servers.
2. Delete managed or unmanaged SubSSH users?
Step 2 (A): Click on the delete icon of the user.
Step 2 (B): Unmanaged users can simply be deleted by confirming with a click on the yes button.
Step 2 (C): If you want to delete the managed user from remote servers, enable 'Delete user from server.' If you want to delete the home directory of the user from remote servers, enable 'Delete home directory.
3. How to add a SubSSH user on selected remote servers?
Note: Add Sub SSH User to newly created remote servers.
Step 3(A): To create a sub ssh user on a single server or multiple servers at a time, select that remote server from the list and click on Setup Sub SSH Users on selected servers from the right menu bar.
Step 3 (B): After selecting it will prompt for confirmation. Click on Yes for the sub ssh user creation on the selected remote servers.
Note:
To ignore Sub SSH User for a particular remote server enable Ignore Sub SSH User under the Advanced Section of the Server Edit (Server ->Edit-> Ignore Sub SSH User) so that sub SSH User creation will be ignored for that remote server.
Creation of Subssh user fails
If the Ezeelogin gateway server has more remote servers, it will take more time to create the subssh user in all the servers. Refer below article to increase the execution time of the script in the gateway server.
Note: This feature is available from version 7.15.0 only. Refer article to upgrade Ezeelogin to the latest version.
Related Articles:
How to use unmanaged SubSSH users in Ezeelogin?
Access different servers with different subssh users
How to add sub ssh users on remote servers and restrict commands via sudoers file
How to add a subssh user with non privileged remote ssh login user