Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSH Keys for Resellers

Discussion in 'Security' started by tecnotronico, Aug 14, 2011.

  1. tecnotronico

    tecnotronico Active Member

    Joined:
    Apr 17, 2004
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    153
    In order to increase the server's security we want to disable SSH2 Password Authorization and enable SSH Keys to get access for SSH2.

    Well we have some doubts about this and need your appreciated support and answers for the following questions:

    1. How could we generate SSH2 Keys for reseller users instead of just for the root user?

    2. What is the normal procedure to setup the SSH Keys in the server and in the SSH client?

    3. We use the “SSH Secure Shell” software from SSH Communication Security Corp (www.ssh.com). Do you know how could we setup the SSH Keys with this client software?

    4. When we ask for the support of the Datacenter tech's normally we provide them with the SSH User/Pw information to let them get SSH access. If we setup the SSH Keys, What would be the better procedure to give them SSH access for future support? What are your recommendations to assure a secure support process avoiding to provide passwords?.

    Thanks in advance for your appreciated prompt support on this matter.
     
    #1 tecnotronico, Aug 14, 2011
  2. keddie

    keddie Well-Known Member

    Joined:
    Nov 17, 2007
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    56
    I generally use PuttyGen to generate 4096 bit RSA keys for server access. I use putty for shell access and WinSCP for SFTP.

    Used in conjunction with the Pageant SSH agent (for win) I have secure passwordless access to all of my servers, only needing to enter my passphrase once. This makes management of multiple servers / accounts so much easier.

    You can also write a script that will setup a template authorized_keys file on account creation. This means you'll always have secure SSH / SFTP access to client accounts without password resets etc.

    Most DC techs that I've dealt with in the past have been happy to send me a public key that I then add manually to the root authorized_keys file under /root/.ssh/authorized_keys.

    However, there have been times when techs have been unable / unwilling to use keys, in this case I temporarily enable password authentication while they carry out their work, then disable it afterwards.

    The hardest thing with getting people to use keys is the initial setup, once that's done, it's much easier than the old password based method and so much more secure.

    Ked
     
    #2 keddie, Aug 16, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - Keys Resellers
  1. Stuart Mitchell

    SSH Keys not showing in Transfer Tool

    Stuart Mitchell, Oct 29, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    137
    cPanelMichael
    Oct 29, 2018
  2. adamreece.webbox

    SSHD fails with AuthorizedKeysCommandUser unknown error

    adamreece.webbox, Oct 10, 2018, in forum: Security
    Replies:
    3
    Views:
    381
    cPanelLauren
    Oct 11, 2018
  3. Willfosho

    [CPANEL-21776] Mask passphrase when using cPanel to import SSH keys

    Willfosho, Jul 14, 2018, in forum: Security
    Replies:
    2
    Views:
    389
    cPanelMichael
    Jul 16, 2018
  4. greektranslator

    SSH keys and disabling root

    greektranslator, May 26, 2018, in forum: Security
    Replies:
    1
    Views:
    217
    cPanelLauren
    May 29, 2018
  5. tdot

    SOLVED Logging into accounts with keys

    tdot, Dec 5, 2017, in forum: Security
    Replies:
    6
    Views:
    431
    tdot
    Dec 5, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice