Adding new user - cannot connect via ssh (Permission denied)

[AJMiller]

So I followed the steps on https://github.com/carlalexander/debops-wordpress/wiki/How-to-manage-additional-users and added a new user called 'wordpress' for deployments. I added my ssh key and one from my deployment server to the array of keys. When I try to login as that user, I get a 'Permission denied' error. It looks like the user may have been added but when I run cat /etc/passwd the line for that user shows:

wordpress:x:997:992::/var/www/{mysiteurl.com is here}:/usr/sbin/nologin

Does that cause the user to not be able to login? This is a brand new DO droplet that just had debops-wordpress run on it. Server runs fine. I can ssh in as root just fine as well.

[carlalexander]

I still haven't updated the wiki for deployments yet. You don't need to create a user to configure thw wordpress user that way. You only need:

wordpress__user_allow_remote: true

[carlalexander]

You can refer to this comment for some more details.

[AJMiller]

ok thanks @carlalexander! Tried that option, re-ran debops and still wasn't able to login with the ssh key I provided. I saw a pem file in the /secret folder, so I tried connecting with that, which asked for a password I don't have. Tried all of the generated passwords, but no luck there. Am I missing something?

[carlalexander]

You unfortunately can't rerun the playbook to fix this issue. You need to reconfigure a new server. Sorry :(

…

On Fri, Mar 10, 2017 at 9:56 AM AJ Miller ***@***.***> wrote: ok thanks @carlalexander <https://github.com/carlalexander>! Tried that option, re-ran debops and still wasn't able to login with the ssh key I provided. I saw a pem file in the /secret folder, so I tried connecting with that, which asked for a password I don't have. Tried all of the generated passwords, but no luck there. Am I missing something? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#145 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAn9XOoWqznNLXWJzUPJE7LCUVPXSDZMks5rkWSSgaJpZM4MYexO> .

[AJMiller]

oh bummer. Ok thanks carl. Any way for me to include my own public key for the wordpress user? The deployment system we use generates its own keys and provides us with the public key.

[drybjed]

There's no need to recreate the host from scratch if you can connect to the host as the root user. Login to i and check the SSH log entries in /var/log/auth.log. Correct any issues manually and ensure that you can connect to your chosen account as usual.

[AJMiller]

k thanks @drybjed! It looks like the ansible scripts aren't touching the authorized_keys file after it's initially created. For others who stumble across this: somehow my keys were already installed for the wordpress user so I was able to ssh [email protected] and it logged me in. I was then able to add the deployment server's public key to the ~/.ssh/authorized_keys file and the deployment server was able to log in to the wordpress user account without issue.