The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The - SSH Connection Window - in cPanel. Is this secure?

Discussion in 'General Discussion' started by jols, Apr 9, 2009.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    With regards to the SSH Connection Window which can be enabled for hosted accounts in WHM. Is this thing secure?

    Is it more secure than typical SSH jailed access?

    Do you have to enable jailed access in WHM to get this to work for a hosted account?

    Anything on this would be helpful. Thanks very much.
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The SSH connection window is powered by a Java applet that establishes a secure shell (SSH) connection to your server. This is simply a Java applet that does the same thing you could do by using PuTTY or the ssh command to connect to your server via SSH.

    Functions related to uploading files can be done without jailed or normal shell access. However, to do anything else, a minimum of jailed shell access is needed.

    It is generally considered prudent to only issue jailed shell access to clients that demonstrate a significant need for such access as even jailed shell access can be a security risk.
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks David,

    But here's the possible issue we may have with this. We do not offer password SSH access, only via public/private keys (if at all).

    What we need is a way to grant SSH-like access to only one of the accounts we host. This person does not want to use keys. Can this be done in our situation, and again, is this secure? I just don't want someone to get a hold of their computer and be able to do any more damage than they could with typical jailed SSH access.

    Thanks for your response.
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    There is nothing special about the Java-based client. If you cannot login to SSH with a typical SSH client, you will not be able to login to SSH with the Java-based client.

    If you want to allow non-keyed access to your server, that would be something you need to set up on your server.

    Is there any particular reason the user does not want to use keys? Keyed authentication (especially if prompted for a password as well) is a more secure method for logging into SSH.
     
  5. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Thanks again for your response.

    This particular user is traveling and wants ssh access from various different computers in the offices that he visits. He did not want to install keys everywhere, but we are unwilling to drop the keyed SSH access server-wide.
     
  6. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    One thing I did for a while was copy my private key to a USB thumb drive, set the file to read-only and then SSH from a client that let me select where a key was located (rather than installing it to the local machine).

    If your client will be using predominantly Windows-based systems, they can use PuTTY placed on a USB thumb drive as their SSH client.
     
Loading...

Share This Page