SSH Keys

M

MustangV10

Guest
What's the deal with cPanel/WHM SSH keys? There is an option to turn off password authorization and use keys instead. Can anyone explain this? How would I use keys with PuTTY?
 


Turning off password authentication is a great way to lock down your Linux box. This means that no matter how many times someone tries login/password combinations, they'll never get in - even if the username/pass is correct!

You can use ssh-keygen to create keys on your machine - in linux, you use the ssh-keygen command.. not sure how you do it in windows. I do have a couple co-workers that have set up keys in windows and set up putty to use them.

Once you have your key, pop it on the server in the ~/.ssh/authorized_keys file so you can log in w/o giving a password (no matter what your current ip address is or what it'll change to).

Make sure you can log in with your key before you turn off password auth on the server :)
 
It was causing so many problems; in the end, I decided to lock down sshd to my IP address (since my IP is static). I'm the only one who needs ssh access anyway. Do you think that's good enough?
 
The only problem with that is you have to be at home, or wherever that IP Address is, in order to access your server.

Best move is to do the an SSH Key, store your key in DropBox so it is always accessible, and also have a password. That way each user needs 3 credentials to login: username, password, key.

That's what I do. There was even a point where I stored my SSH Keys on my cellphone and just used it via USB when I needed to hit one of my servers.
 
Also look into the following configurable options for sshd_config:

AllowUsers and AllowGroups

These will also help with locking things down and securing sshd.
 
Also look into the following configurable options for sshd_config:

AllowUsers and AllowGroups

These will also help with locking things down and securing sshd.


Hmm, well I've locked down SSH to my IP address, as well as cPanel/WM, so is this really needed?
 
The problem with locking down via IP is what happens if that IP changes, or something happens and you can't use that site to connect. Just one of those things to consider.
 


Top