The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH Keys for Resellers

Discussion in 'Security' started by tecnotronico, Aug 14, 2011.

  1. tecnotronico

    tecnotronico Active Member

    Joined:
    Apr 17, 2004
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    153
    In order to increase the server's security we want to disable SSH2 Password Authorization and enable SSH Keys to get access for SSH2.

    Well we have some doubts about this and need your appreciated support and answers for the following questions:

    1. How could we generate SSH2 Keys for reseller users instead of just for the root user?

    2. What is the normal procedure to setup the SSH Keys in the server and in the SSH client?

    3. We use the “SSH Secure Shell” software from SSH Communication Security Corp (www.ssh.com). Do you know how could we setup the SSH Keys with this client software?

    4. When we ask for the support of the Datacenter tech's normally we provide them with the SSH User/Pw information to let them get SSH access. If we setup the SSH Keys, What would be the better procedure to give them SSH access for future support? What are your recommendations to assure a secure support process avoiding to provide passwords?.

    Thanks in advance for your appreciated prompt support on this matter.
     
    #1 tecnotronico, Aug 14, 2011
  2. keddie

    keddie Well-Known Member

    Joined:
    Nov 17, 2007
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    56
    I generally use PuttyGen to generate 4096 bit RSA keys for server access. I use putty for shell access and WinSCP for SFTP.

    Used in conjunction with the Pageant SSH agent (for win) I have secure passwordless access to all of my servers, only needing to enter my passphrase once. This makes management of multiple servers / accounts so much easier.

    You can also write a script that will setup a template authorized_keys file on account creation. This means you'll always have secure SSH / SFTP access to client accounts without password resets etc.

    Most DC techs that I've dealt with in the past have been happy to send me a public key that I then add manually to the root authorized_keys file under /root/.ssh/authorized_keys.

    However, there have been times when techs have been unable / unwilling to use keys, in this case I temporarily enable password authentication while they carry out their work, then disable it afterwards.

    The hardest thing with getting people to use keys is the initial setup, once that's done, it's much easier than the old password based method and so much more secure.

    Ked
     
    #2 keddie, Aug 16, 2011
(You must log in or sign up to post here.)
Loading...
Similar Threads - Keys Resellers
  1. voidzero

    SOLVED Where can users manage their ssh keys in cPanel?

    voidzero, May 12, 2017, in forum: General Discussion
    Replies:
    5
    Views:
    170
    voidzero
    May 12, 2017
  2. Shadowrider

    Problems with SSH keys / SSH Port

    Shadowrider, Apr 17, 2017, in forum: Security
    Replies:
    1
    Views:
    114
    Infopro
    Apr 17, 2017
  3. trickyx

    DKIM fail, issue new keys?

    trickyx, Aug 24, 2016, in forum: E-mail Discussions
    Replies:
    2
    Views:
    360
    cPanelMichael
    Aug 25, 2016
  4. JayBuys

    Possible to have global SSH keys?

    JayBuys, Aug 11, 2016, in forum: Security
    Replies:
    4
    Views:
    377
    cPanelMichael
    Aug 18, 2016
  5. Dev@SH

    Where are the GnuPG keys?

    Dev@SH, Aug 2, 2016, in forum: General Discussion
    Replies:
    1
    Views:
    237
    cPanelMichael
    Aug 3, 2016

Share This Page