The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH Keys

Discussion in 'General Discussion' started by jhyland87, Jun 12, 2009.

  1. jhyland87

    jhyland87 Well-Known Member

    Dec 8, 2008
    Likes Received:
    Trophy Points:
    Im looking to tighten up the security on my server, by disabling root, and forcing SSH Keys.

    if I force SSH Keys, will my users be able to create them in cpanel, so they can connect?
  2. Eric

    Eric Administrator
    Staff Member

    Nov 25, 2007
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    First off, good for you for using this. :)

    You can have users get their keys from:


    this address.

    I would also recommend putting something about the link the sshd banner. So if they get the boot trying to use password auth. They'll get redirected with the quickness to their keys. It might cut back on someone calling you at an odd hour to learn about ssh keys.
  3. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    Going to SSH Keys and disabling direct root login is definitely a step in the
    right direction from brute force and direct root attacks. However, if you
    are offering SSH shell access to your users, you have a whole lot more to
    worry about than just those types of attacks.

    I personally don't recommend allowing access to SSH for your users unless
    it is absolutely necessary and I would consider opening up a service to
    perform tasks on their behalf before then thus letting them have SSH only
    like I said if it is absolutely necessary and you can't do their tasks for them!

    Once in the shell, there is literally hundreds of ways to attack and reach
    root escalation even from within a jailshell environment. Plus even with
    SSH Keys enabled, there is a way to still directly compromise accounts
    on Cpanel systems although I am not really at liberty to discuss those
    detail specifics publicly for obvious reasons.

    Bottom line is that going to SSH Keys is definitely a step in the right
    direction if you offer SSH access but SSH itself isn't recommended
    and if you are allowing SSH then you need to perform much more
    extensive security hardening because you still need to be concerned
    about attacks from within inside the server.

Share This Page