Community Forums
Connect with us on LinkedIn
SSH Keys
  
+ Reply to Thread
Results 1 to 3 of 3
  1. 06-12-2009 04:57 PM #1
    jhyland87
    jhyland87 is offline
    Member
    Join Date
    Dec 2008
    Posts
    153

    Default SSH Keys

    Im looking to tighten up the security on my server, by disabling root, and forcing SSH Keys.

    if I force SSH Keys, will my users be able to create them in cpanel, so they can connect?
    Reply With Quote Reply With Quote
  2. 06-12-2009 09:11 PM #2
    cPanelEric
    cPanelEric is offline
    Support Manager cPanelEric's Avatar
    Join Date
    Nov 2007
    Location
    Texas
    Posts
    488
    cPanel/Enkompass Access Level

    Root Administrator
    Send a message via AIM to cPanelEric

    Default

    First off, good for you for using this.

    You can have users get their keys from:

    https://<servername>:2083/frontend/x3/telnet/index.html

    this address.

    I would also recommend putting something about the link the sshd banner. So if they get the boot trying to use password auth. They'll get redirected with the quickness to their keys. It might cut back on someone calling you at an odd hour to learn about ssh keys.
    --Eric
    www|twitter|xbox|linkedin
    Reply With Quote Reply With Quote
  3. 06-13-2009 09:40 AM #3
    Spiral
    Spiral is offline
    BANNED
    Join Date
    Jun 2005
    Location
    Wild Wild West
    Posts
    2,025
    Send a message via AIM to Spiral

    Lightbulb

    Quote Originally Posted by jhyland87 View Post
    Im looking to tighten up the security on my server, by disabling root, and forcing SSH Keys.

    if I force SSH Keys, will my users be able to create them in cpanel, so they can connect?
    Going to SSH Keys and disabling direct root login is definitely a step in the
    right direction from brute force and direct root attacks. However, if you
    are offering SSH shell access to your users, you have a whole lot more to
    worry about than just those types of attacks.

    I personally don't recommend allowing access to SSH for your users unless
    it is absolutely necessary and I would consider opening up a service to
    perform tasks on their behalf before then thus letting them have SSH only
    like I said if it is absolutely necessary and you can't do their tasks for them!

    Once in the shell, there is literally hundreds of ways to attack and reach
    root escalation even from within a jailshell environment. Plus even with
    SSH Keys enabled, there is a way to still directly compromise accounts
    on Cpanel systems although I am not really at liberty to discuss those
    detail specifics publicly for obvious reasons.

    Bottom line is that going to SSH Keys is definitely a step in the right
    direction if you offer SSH access but SSH itself isn't recommended
    and if you are allowing SSH then you need to perform much more
    extensive security hardening because you still need to be concerned
    about attacks from within inside the server.
    Reply With Quote Reply With Quote
«   Server won't accept more than 128 connections... (tried everything) | Username Format? »     
Similar Threads & Tags
Similar threads

  1. SSH Keys
    By GoWilkes in forum cPanel and WHM Discussions
    Replies: 14
    Last Post: 09-04-2011, 10:48 AM
  2. SSH using Keys
    By taylordouglas in forum Security
    Replies: 2
    Last Post: 05-24-2010, 12:43 AM
  3. How to connect in SSH after create key in Manage SSH Keys
    By konrath in forum cPanel and WHM Discussions
    Replies: 2
    Last Post: 07-03-2009, 10:57 PM
  4. SSH Keys How-TO ?Help?
    By Mysteerie in forum cPanel and WHM Discussions
    Replies: 0
    Last Post: 12-23-2007, 11:22 PM
  5. SSH Keys
    By prof in forum New User Questions
    Replies: 5
    Last Post: 09-22-2007, 03:23 PM
Linkedin       Facebook       Twitter       RSS       Flickr       YouTube