The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH Keys

Discussion in 'General Discussion' started by jhyland87, Jun 12, 2009.

  1. jhyland87

    jhyland87 Well-Known Member

    Joined:
    Dec 8, 2008
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    Im looking to tighten up the security on my server, by disabling root, and forcing SSH Keys.

    if I force SSH Keys, will my users be able to create them in cpanel, so they can connect?
     
  2. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    First off, good for you for using this. :)

    You can have users get their keys from:

    https://<servername>:2083/frontend/x3/telnet/index.html

    this address.

    I would also recommend putting something about the link the sshd banner. So if they get the boot trying to use password auth. They'll get redirected with the quickness to their keys. It might cut back on someone calling you at an odd hour to learn about ssh keys.
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Going to SSH Keys and disabling direct root login is definitely a step in the
    right direction from brute force and direct root attacks. However, if you
    are offering SSH shell access to your users, you have a whole lot more to
    worry about than just those types of attacks.

    I personally don't recommend allowing access to SSH for your users unless
    it is absolutely necessary and I would consider opening up a service to
    perform tasks on their behalf before then thus letting them have SSH only
    like I said if it is absolutely necessary and you can't do their tasks for them!

    Once in the shell, there is literally hundreds of ways to attack and reach
    root escalation even from within a jailshell environment. Plus even with
    SSH Keys enabled, there is a way to still directly compromise accounts
    on Cpanel systems although I am not really at liberty to discuss those
    detail specifics publicly for obvious reasons.

    Bottom line is that going to SSH Keys is definitely a step in the right
    direction if you offer SSH access but SSH itself isn't recommended
    and if you are allowing SSH then you need to perform much more
    extensive security hardening because you still need to be concerned
    about attacks from within inside the server.
     
Loading...

Share This Page