The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible to have global SSH keys?

Discussion in 'Security' started by JayBuys, Aug 11, 2016.

Tags:
  1. JayBuys

    JayBuys Registered

    Joined:
    Aug 11, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    San Diego, CA
    cPanel Access Level:
    Root Administrator
    Here’s the scenario...
    • I have 3 developers all accessing a single WHM server.
    • All 3 developers are admins and can see/manage all sites on the server. No issues there.
    • I’ve disabled FTP and added SSH keys for each of the 3 developers using the “Manage root’s SSH Keys” feature. All 3 can now login to the server via SSH/SFTP as the root user.
    The issue is that when logged in as the root user, all files uploaded are then owned by the root user. WordPress sometimes has issues if the files aren’t owned by the user of the account where they reside. It’s a simple matter of just running chown on the files after upload but it’s an extra step.

    I can also manually add the 3 SSH keys to each individual site through the cPanel “Manage SSH Keys” page but that’s an extra step as well.

    So... Is there any way to have the root SSH keys automatically installed on every site that’s created? Or essentially some other way to have global SSH keys?

    Thanks for any insight you can provide.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    One option to consider is to enable jailed shell access to the individual accounts, and then have your admins "su" into the account username before performing any actions:

    Code:
    su username
    Thank you.
     
  3. JayBuys

    JayBuys Registered

    Joined:
    Aug 11, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    San Diego, CA
    cPanel Access Level:
    Root Administrator
    Thanks... that's helpful but our issue is really less about server administration and more about file transfers. What we're really looking for is an easy solution that will let us login as the account user via a program like FileZilla so that we can easily upload files without having to then change the ownership afterwards.

    Everything I've read so far suggests that this isn't possible without the extra step of enabling the necessary SSH keys on every individual cPanel account. That's an extra step but not a huge one so it looks like that's the route we'll end up going.
     
  4. JayBuys

    JayBuys Registered

    Joined:
    Aug 11, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    San Diego, CA
    cPanel Access Level:
    Root Administrator
    For anyone else who stumbles on this thread...

    If you add/authorize the SSH keys you need on a site in cPanel, it basically just writes those to files on the server in the /home/USERNAME/.ssh folder.

    If you copy the contents of this folder into /root/cpanel3-skel/.ssh/ it should copy them over when a new account is created via WHM. This way you can access your site via the account name using your SSH keys. However, if you do this, the SSH keys for the newly created site will NOT be visible/manageable via cPanel on the new site.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page