The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Enable account with OpenSSH Finger Print

Discussion in 'General Discussion' started by Doctor, May 30, 2003.

  1. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    A hosting client just told me he installed OpenSSH on his OWN computer... and ask me to enable his hosting account with a finger print. My questions are:

    1. Why would he want something like that?

    2. Is it a security risk on my server if I enable his account with the finger print?

    3. How do I enable for him?

    Any help would be appreciated. Thanks.

    cPanel.net Support Ticket Number:
     
  2. desario

    desario Member

    Joined:
    Oct 30, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    First of all, I assume he wants access to his account w/ ssh keys, not a fingerprint (a fingerprint is just a checksum of a key).

    Are running on some RedHat distro? If so, the default setup should be handle what he's looking for.

    You don't need to do a thing for him. He does it all himself by copying his public ssh key into his account on the server. He should follow this howto:
    http://www.puddingonline.com/~dave/...-HOWTO/document/html/SSH-with-Keys-HOWTO.html
    Section 4.4 deals with the part of distributing keys to the server.

    To answer each of your questions:
    1. Bottom line is that it makes life easier, while still maintaining a high level of security. It allows you to use public/private key cryptography keys for a challenge/response style authentication. Combined with the ssh-agent, this makes authentication to various accounts much simpler, which can help in automation scripts or just day-to-day operations.

    2. Not at all.

    3. If you're running openssh on a RedHat box, you should be all set. Can anyone else speak to other distros/OSes? (BSD/mandrake?)

    cPanel.net Support Ticket Number:
     
  3. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Hello Desario,

    Thanks for your clear explanation. As I have only enabled Jailshell for his account, will he get full access if he logs in using OpenSSH? Since I have never used OpenSSH myself, it is a bit unclear to me how it works as an SSH client.

    cPanel.net Support Ticket Number:
     
  4. desario

    desario Member

    Joined:
    Oct 30, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    "full access" as in root access? No. He is still onliny logging in to his account.

    I have not used the jailshell setup in CP yet, so I can't speak to whether or not there are problems with it and ssh keys, but I can't imagine any. The important thing is that the ssh key is in the ~username/.ssh/authorized_keys2 file. There should be not difference if that happens to be within a jailed environment, but again... I haven't tried.

    cPanel.net Support Ticket Number:
     
  5. Doctor

    Doctor Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    180
    Likes Received:
    0
    Trophy Points:
    16
    Thanks, Desario! I can finally see the light!

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page