SSH Keys

Discussion in 'Server Security' started by MustangV10, Nov 12, 2011.

  1. MustangV10

    MustangV10 New Member

    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    0
    What's the deal with cPanel/WHM SSH keys? There is an option to turn off password authorization and use keys instead. Can anyone explain this? How would I use keys with PuTTY?

  2. Rob

    Rob Administrator Staff Member

    Messages:
    575
    Likes Received:
    219
    Trophy Points:
    43
    Turning off password authentication is a great way to lock down your Linux box. This means that no matter how many times someone tries login/password combinations, they'll never get in - even if the username/pass is correct!

    You can use ssh-keygen to create keys on your machine - in linux, you use the ssh-keygen command.. not sure how you do it in windows. I do have a couple co-workers that have set up keys in windows and set up putty to use them.

    Once you have your key, pop it on the server in the ~/.ssh/authorized_keys file so you can log in w/o giving a password (no matter what your current ip address is or what it'll change to).

    Make sure you can log in with your key before you turn off password auth on the server :)
  3. steelmanronald06

    steelmanronald06 Administrator Staff Member Staff Writer

    Messages:
    32
    Likes Received:
    12
    Trophy Points:
    8
  4. MustangV10

    MustangV10 New Member

    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    0
    It was causing so many problems; in the end, I decided to lock down sshd to my IP address (since my IP is static). I'm the only one who needs ssh access anyway. Do you think that's good enough?
  5. steelmanronald06

    steelmanronald06 Administrator Staff Member Staff Writer

    Messages:
    32
    Likes Received:
    12
    Trophy Points:
    8
    The only problem with that is you have to be at home, or wherever that IP Address is, in order to access your server.

    Best move is to do the an SSH Key, store your key in DropBox so it is always accessible, and also have a password. That way each user needs 3 credentials to login: username, password, key.

    That's what I do. There was even a point where I stored my SSH Keys on my cellphone and just used it via USB when I needed to hit one of my servers.
  6. grim76

    grim76 Active Member Staff Writer

    Messages:
    177
    Likes Received:
    48
    Trophy Points:
    28
    Also look into the following configurable options for sshd_config:

    AllowUsers and AllowGroups

    These will also help with locking things down and securing sshd.
  7. MustangV10

    MustangV10 New Member

    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    0

    Hmm, well I've locked down SSH to my IP address, as well as cPanel/WM, so is this really needed?
  8. grim76

    grim76 Active Member Staff Writer

    Messages:
    177
    Likes Received:
    48
    Trophy Points:
    28
    The problem with locking down via IP is what happens if that IP changes, or something happens and you can't use that site to connect. Just one of those things to consider.
  9. steelmanronald06

    steelmanronald06 Administrator Staff Member Staff Writer

    Messages:
    32
    Likes Received:
    12
    Trophy Points:
    8
    Also, PuTTY makes a keygen for windows.

Share This Page