The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ssh keys - should public keys be removed? confused...

Discussion in 'General Discussion' started by aww, Sep 19, 2011.

  1. aww

    aww Well-Known Member

    Joined:
    Feb 10, 2005
    Messages:
    152
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    So ssh keys are noted as being more secure and password login should be disabled.

    But if both the private and public keys are stored in cpanel (well, on the server and cpanel links to them) isn't that just as dangerous if a hacker could find a way to collect those files?

    Should public keys be removed from the server or does it actually need them for the auth process?
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Both keys are needed, since the public key is used to decrypt the private key.
     
  3. AunRaza

    AunRaza Member

    Joined:
    Feb 4, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Nothing is 100 % perfect, but public key has many advantages over normal password authentications. Only those with the private key will be able to connect..
     
  4. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The private key should be removed from the server. It is not needed on the server. The private key needs to remain private. It should only exist on your local computer or locally to you.

    The public key will have to remain on the server (on the cPanel account) in order to connect to the account.

    Just don't ever lose the private key. If you lose it, then the public key that was generated with the lost private key will be useless.
     
Loading...

Share This Page