SSH Password Authentication Tweak Disables SFTP

markb14391

Well-Known Member
Jun 9, 2008
305
2
68
Hi,

We want to offer SFTP to our users. And we want to use the SSH password authentication tweak for security (only allowing key-based access).

But, of course, when we activate the SSH password tweak, it also disables SFTP access.

Is there a workaround?

Of course we could allow password access with no root access (wheel user escalate to root), but we'd rather not.

Any ideas?

Thanks!

Mark
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Filezilla supports use of private keys. Import your private key in the filezilla settings, and when you use SFTP just leave the password blank.

If you don't want to do that, you could enable pw auth, but set the ssh permitrootlogin setting to "without-password" which allows only key based logins for root.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
I am happy to see you received a helpful answer. I am marking this thread as [Resolved].

Thank you.
 

360webfirm

Well-Known Member
Oct 5, 2016
96
10
58
Ottawa
cPanel Access Level
Root Administrator
This might be a silly question for some, but if I have SSH Password authentication disabled, can I still access WinSCP to SFTP/SCP into server to retrieve backups? I have created private and public SSH keys in WHM but cannot figure out of its possible to use for WinSCP as FileZilla is being marked as malware and I don't want to use it.


I am just looking for the easy and secure way to sftp into my server to download backups to be stored on my local backup drive. Any help would be greatly appreciated. I can connect no issues with password authentication enabled, but do not wish to keep this enabled for security purposes.
 

360webfirm

Well-Known Member
Oct 5, 2016
96
10
58
Ottawa
cPanel Access Level
Root Administrator
I know that, but I would like to connect to the server via SFTP using WinSCP with keys. I can do it all with using root and root password. Just dont think its secure enough leaving password authentication open while I download or upload backups with WinSCP using password.
 

360webfirm

Well-Known Member
Oct 5, 2016
96
10
58
Ottawa
cPanel Access Level
Root Administrator
I was able to figure it out. I created a SSK private key on server, converted it to PPK file, added it to WinScp, then connected to server with password authenictaion disabled and using a passphrase.
 
  • Like
Reactions: cPRex