The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Question on SSH Keys for cPanel users.

Discussion in 'General Discussion' started by Acenet Andyb, Aug 18, 2010.

  1. Acenet Andyb

    Acenet Andyb Member
    PartnerNOC

    Joined:
    Apr 6, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I noticed WHM -> Manage SSH Keys where you can set this up but it appears to setup a key for root access. Is it possible to setup a SSH key for an individual cPanel user and restrict them to their home folder? Once the key is created using WHM, how would I go about setting the restriction if possible?

    Thank you.
     
  2. Acenet Andyb

    Acenet Andyb Member
    PartnerNOC

    Joined:
    Apr 6, 2008
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Scratch this. It appears this is done with putty keygen on the client side.
     
  3. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    cPanel account users may import or generate unique SSH keys using cPanel via the following menu path (with linked documentation):

    Using the included Jailed Shell will apply more restrictive SSH access, versus a Normal Shell, as configured using WHM via the following menu path:

    The following configuration option may be used to ensure that the default shell is jailed if and or when WHM is used to grant SSH access:
     
  4. callmelann

    callmelann Member

    Joined:
    Aug 22, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    SSH Key === for === cpanel user account (not root)

    Hi,

    Its not that easy. I just found this issue while trying to securing my server right now. Create a key in Manage SSH Keys is just for root account. I cannot access SSH if I use this key for cpanel account. In the public key also state the root@server.domain.tld. Note that I am using Putty.

    Jailed shell can be use only awhen cpanel user login SSH using password. I have no luck to try using key generated in Manage SSH Keys. Generate using OpenSSL then Import Key might be a chance. Still trying...

    Actually I want to disable SSH Password Authorization Tweak so root and all cpanel account must be login using key, not password.


     
  5. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    SSH keys are installed to specific accounts; for example, SSH keys installed for root are for root access only. If you want to access SSH by logging-in as a specific user you would need to install the SSH key in the specific user's cPanel account.

    If the SSH key is installed to the correct account you wish to login as, and if the SSH key is "authorized" then you may access SSH and login as that user regardless if the user's shell is Jailed or Normal.

    You may disable Password Authentication in the SSH daemon configuration and still access SSH using a Jailed Shell. You may toggle Password Authentication in the SSH daemon via WebHost Manager: WHM: Main >> Security Center >> SSH Password Authorization Tweak
     
    #5 cPanelDon, Aug 23, 2010
    Last edited: Aug 23, 2010
  6. callmelann

    callmelann Member

    Joined:
    Aug 22, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi, Thank you for the reply. Yes I know how to enable disable SSH Password Tweak, Jailed/unjailed a user, authorize/unauthorize or manage a key :)

    I also notice generated key in the Security >> SSH/Shell Access >> Manage SSH Keys is only for root account.

    The only thing is "How to generate a SSH key for cpanel user" as one of the question by the original poster. I believe people reading this thread still dont know how.

    more specific:

    I am not sure what do you mean by install. either in cPanel interface or in shell command. In user cPanel, there is no such thing about SSH key or may be I miss something there. I notice about GnuPG Keys but I think it use for communication and email. I just generate GnuPG key from cPanel and import to WHM Manage SSH Keys, success but not displayed in the Public Key. Only Private Key displayed, from the private key, I generate putty PPK format but error shown "puttygen: error loading `/root/.ssh/testkeySSH': file does not begin with OpenSSH key header". I dont have an idea to convert it from PGP to putty PPK. Still have no luck.
     
  7. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    What you have described leads me to believe the cPanel accounts being tested are using a Feature List where "SSH Connection Window" is disabled or not allowed.

    Via root access to WebHost Manager, please ensure that "SSH Connection Window" is allowed, that is, enabled, in your Feature List(s):

    If you are experiencing difficulty enabling access to managing SSH keys in cPanel, please submit a support request so that we may assist with troubleshooting.
     
  8. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    When I import a public key via cPanel, it says that it was successful and I see the .pub file in the /home/username/.ssh/ folder, but it isn't listed on the manage keys page so I can't authorise it.
     
    #8 mikelegg, Nov 24, 2010
    Last edited: Nov 24, 2010
  9. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    We managed to get the SSH key working for a jailed shell user by manually creating the "authorized_keys" file in their /home/username/.ssh/ folder and adding the public key to it.

    cPanel: Main >> Security >> SSH/Shell Access >> Manage SSH Keys still doesn't recognise that the key exists.

    Should imported keys be manageable via cPanel?
     
    #9 mikelegg, Nov 24, 2010
    Last edited: Nov 24, 2010
  10. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    What cPanel & WHM version is used when the issue occurs? I was not yet able to reproduce the described behavior during my initial testing using cPanel 11.29.91, a development build.
     
  11. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    11.26.20 Stable
     
  12. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    I'm on WHM 11.28.87 now and the keys generated by cPanel don't work in Putty and the keys generated by Putty Key Generator won't import into cPanel.
     
  13. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
  14. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Did the patch provided work for you to correct the issue in the meantime? That post specifically handles details on how to temporarily resolve what is happening until the case has been pushed into your existing version.
     
  15. mikelegg

    mikelegg Well-Known Member

    Joined:
    Mar 29, 2005
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    16
    I wasn't sure how to apply the patch so I just added the public key manually.
     
Loading...

Share This Page