The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH Keys

Discussion in 'General Discussion' started by GoWilkes, Aug 29, 2011.

  1. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Per the advice in CSF, I'm trying to disable SSH Password Authentication, and enable PubkeyAuthentication.

    In WHM, I went to "Manage root's SSH keys", and generated a key ("The key fingerprint is blah-blah-blah"). OK, so now I have it.... now what? How do I use it to log in via SSH?

    In retrospect, can I still log in using Filezilla if I disable Password Auth? It has an SSH option, but it doesn't say anything about entering a key; just a username, password, and "Account" (which I've never used).
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    What program are you going to use for SSH on your system? You need to generate a private and public key pair on that system, then add that public key to your server as authorized in WHM > Manage root's SSH keys area.
     
  3. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I use Putty when I need to run scripts, otherwise I use Filezilla (which logs in via SSH). Everything else you said went right over my head :)

    I do have the path to the public key (root.pub), and the "key fingerprint" as noted by WHM. After that, I'm lost.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The public key you generated is for your server not for your local system that you are using to log into the server. You have to generate the private and public keys for putty to use on your local system to connect to your server.

    Since you are using putty, you'll need to use the puttygen tool to create keys:

    Using public keys for SSH authentication

    puttygen is downloadable on the same site where you downloaded putty:

    PuTTY Download Page

    After you have the keys, you'll need to import the public key in WHM > Manage root's SSH Keys area
     
  5. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hmm, does that mean that if I disable SSH Password Auth, then I won't be able to log in via Filezilla anymore?
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Are you using sFTP for FileZilla rather than the more secure TLS?
     
  7. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I've been using SFTP, but I don't see a TLS option. I have FTP, SFTP, FTPS, and FTPES.
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    "FTPES - FTP over explicit TLS/SSL" is what it should say when FTPES is selected.
     
  9. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Yes, you're correct. But how do I enter a certificate key here? Still, all it has is a username, password, and account.
     
  10. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You don't enter one there and won't have to. It doesn't use SSH, it uses TLS.
     
  11. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm guessing that you mean, after I download and run PuttyGen? Cause right now, it just gives an error.
     
  12. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    What error are you getting when using FTPES for logging into the machine? Of note, it would be a lot easier if we focused on one issue at a time, since this thread is about using keys and is now discussing FTP instead. First, we should get the keys working.
     
  13. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I apologize; this concept is a bit over my head, and I thought that we WERE talking about the same thing! LOL

    Just to make sure that I explained it correctly in the beginning, I'm hoping to disable SSH Password Auth, and rely on Pubkey Auth. This is exclusively based on the suggestion from CSF firewall.

    But before doing so, I need to make sure that I can get in to my server through both Putty AND Filezilla; I'm just not comfortable enough with Putty to abandon Filezilla altogether.

    With that in mind, I currently have the key generated on the server, but have not downloaded PuttyGen yet. I still have SSH Password Auth enabled, so for the sake of minimizing confusion, let me download PuttyGen and figure out how to get logged in through Putty, and then I'll come back to you to discuss doing the same thing with Filezilla.

    Thanks again, Tristan.
     
  14. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    OK, next question.

    I've read through the PuttyGen page linked above, and created the private and public key with PuttyGen. Now, where do I put it? The doc says:

    ***
    If your server is OpenSSH and is using the SSH 2 protocol, you should follow the same instructions, except that in earlier versions of OpenSSH 2 the file might be called authorized_keys2. (In modern versions the same authorized_keys file is used for both SSH 1 and SSH 2 keys.)

    If your server is ssh.com's SSH 2 product, you need to save a public key file from PuTTYgen (see section 8.2.9), and copy that into the .ssh2 directory on the server. Then you should go into that .ssh2 directory, and edit (or create) a file called authorization. In this file you should put a line like Key mykey.pub, with mykey.pub replaced by the name of your key file.
    ***

    I have no idea which one I'm using, but regardless, I do not have a directory on my server at /.ssh/ or /.ssh2/. Where would either of these directories be?
     
  15. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You would import the public key into WHM > Manage root's SSH Keys area by clicking the "Import" link there, then pasting the public key into the box. If you have a Private key passphrase you had used, please input that passphrase into the field labeled as such.
     
Loading...

Share This Page