ssh keys - should public keys be removed? confused...

aww

Well-Known Member
Feb 10, 2005
152
0
166
cPanel Access Level
Root Administrator
So ssh keys are noted as being more secure and password login should be disabled.

But if both the private and public keys are stored in cpanel (well, on the server and cpanel links to them) isn't that just as dangerous if a hacker could find a way to collect those files?

Should public keys be removed from the server or does it actually need them for the auth process?
 

AunRaza

Member
Feb 4, 2011
8
0
51
Nothing is 100 % perfect, but public key has many advantages over normal password authentications. Only those with the private key will be able to connect..
 

sparek-3

Well-Known Member
Aug 10, 2002
2,039
229
368
cPanel Access Level
Root Administrator
The private key should be removed from the server. It is not needed on the server. The private key needs to remain private. It should only exist on your local computer or locally to you.

The public key will have to remain on the server (on the cPanel account) in order to connect to the account.

Just don't ever lose the private key. If you lose it, then the public key that was generated with the lost private key will be useless.