The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Public Key for users with no domain

Discussion in 'Security' started by bsaverino, Apr 9, 2014.

  1. bsaverino

    bsaverino Member

    Joined:
    Dec 4, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  2. jgillmanjr

    jgillmanjr Active Member
    PartnerNOC

    Joined:
    Feb 9, 2012
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lansing, MI
    cPanel Access Level:
    DataCenter Provider
    So you can SSH in as the user?

    Generate the key pair, ssh-copy-id -i [path to public key] user@host

    It should ask you for your password, and if good, copy the key over.

    -Jason
     
  3. cPJerry

    cPJerry Member
    Staff Member

    Joined:
    May 13, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The keys should be added to /home/user/.ssh/authorized_keys

    :)
     
  4. bsaverino

    bsaverino Member

    Joined:
    Dec 4, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I followed your steps but after seeing the result I think there is some confusion. I am looking to close root from login. I am then looking at disabling passwords. I would like to create a user that I can use for this task. I have a user that has been created and has no domain attached to it. It is in the wheel group so it has su access. I need to add keys to this user so I can login without a password. I have already created a .ssh directory and an authorized_key file. With your step there is now a public and a private key generated as well. I figured that adding a authorized key file would do the trick but that didn't work.
     
  5. jgillmanjr

    jgillmanjr Active Member
    PartnerNOC

    Joined:
    Feb 9, 2012
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lansing, MI
    cPanel Access Level:
    DataCenter Provider
    Err, I should have indicated that the key pair should have been generated on the machine you will be connecting from. You won't be doing on the server itself.

    The ssh-copy-id utility would then pull the public key and add that to the ~/.ssh/authorized_keys file.

    Hopefully that makes a little more sense.

    -Jason
     
  6. bsaverino

    bsaverino Member

    Joined:
    Dec 4, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The Authorized keys file already had my key and anyone else who had a key that needed access.

    Now that all that is out of the way, any other ideas?
     
  7. bsaverino

    bsaverino Member

    Joined:
    Dec 4, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Let me be more specific on your step.

    I added all of the keys I would like imported to authorized keys into the .ssh folder. I can't add those keys because the user doesn't own a domain. For example a user was created through ssh but owns no domain using this setup method How To Create a WHM Reseller Without an Associated Domain

    I then used your line to add the key to authorized keys. ssh-copy-id -i /home/username/.ssh/myName.pub username

    I think the username should probably be username@hostname.com however this user has no associated domain. Does that make sense?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The username for SSH access would be standalone and not prefixed to @hostname. What error message are you receiving when attempting to access SSH as that user?

    Thank you.
     
  9. jgillmanjr

    jgillmanjr Active Member
    PartnerNOC

    Joined:
    Feb 9, 2012
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Lansing, MI
    cPanel Access Level:
    DataCenter Provider
    bsaverino,

    I think I may have identified the issue here based on your last post.

    You don't need to worry about creating the keypair from the machine you'll be connecting to, as indicated. You would do that on the machines you're connecting from.

    Also, you won't be running ssh-copy-id on the server either, you run that from the machines/users you'll be connecting from (unless you share the private key that you'll be using).

    So say you'll be connecting from 'clientA' with user 'userA' to 'hostB' via 'userB' (userB being the non-cPanel account related user). This is what the setup might look like after the keypair has been setup for userA:

    Code:
    userA@clientA $ ssh-copy-id -i ~/.ssh/id_dsa.pub userB@hostB
    
    <it should ask you for the password, and will copy over the key into authorized_keys if things go well>
    
    Then after that, just ssh userB@hostB, and if things were setup properly, it shouldn't prompt you for a password.

    - - - Updated - - -

    I should also note that hostB doesn't have to be any particular domain. It can be any domain or IP that will resolve or be assigned to the server (and an IP that SSH will be listening on).
     
  10. bsaverino

    bsaverino Member

    Joined:
    Dec 4, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok let me take a step back. We have public keys setup on a lot of other servers (even other cPanel servers) but this situation seems to be different. We have all of the public keys in a list. We added all of those keys inside of authorized_keys, restarted sshd and then tried to login. It still asked for a password for that user.

    I then tried to add individual .pub files for each user (essentially copying what some of our other cpanel servers public key records look like). Restarted sshd and then tried to login. It still asked for a password. I am pretty sure that anything
    is really just adding items that already exist because I manually put them in to the authorized_keys file already.

    It seems like in a cPanel system that another step needs to be taken, since there is no GUI to interact with because the user has been created in ssh and has no domain assigned to the user. We have given the new user reseller privileges so we can see the user there, however we can't add keys or authorize keys on the front end. So the question really is, is there a way to authorize a key in ssh besides adding it to the authorized_keys file?

    This seems really trivial but I feel like I am missing something. Thank you for the help.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket using the link in my signature if you would like us to take a closer look at your existing configuration and determine why it's not working as you expect it to. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  12. bsaverino

    bsaverino Member

    Joined:
    Dec 4, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I removed the user and created a user with a fake domain and it took care of the issue. This method won't work for dns only but it will have to do for the time being. Maybe when I find more time I will open a ticket. This problem carries through all 5 of our cpanel servers.
     
Loading...

Share This Page