Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

SSH Keys

Discussion in 'Server Security' started by MustangV10, Nov 12, 2011.

  1. MustangV10

    MustangV10 Guest

    What's the deal with cPanel/WHM SSH keys? There is an option to turn off password authorization and use keys instead. Can anyone explain this? How would I use keys with PuTTY?


     
  2. Rob

    Rob Guest

    Turning off password authentication is a great way to lock down your Linux box. This means that no matter how many times someone tries login/password combinations, they'll never get in - even if the username/pass is correct!

    You can use ssh-keygen to create keys on your machine - in linux, you use the ssh-keygen command.. not sure how you do it in windows. I do have a couple co-workers that have set up keys in windows and set up putty to use them.

    Once you have your key, pop it on the server in the ~/.ssh/authorized_keys file so you can log in w/o giving a password (no matter what your current ip address is or what it'll change to).

    Make sure you can log in with your key before you turn off password auth on the server :)
     
  3. MustangV10

    MustangV10 Guest

    It was causing so many problems; in the end, I decided to lock down sshd to my IP address (since my IP is static). I'm the only one who needs ssh access anyway. Do you think that's good enough?
     
  4. The only problem with that is you have to be at home, or wherever that IP Address is, in order to access your server.

    Best move is to do the an SSH Key, store your key in DropBox so it is always accessible, and also have a password. That way each user needs 3 credentials to login: username, password, key.

    That's what I do. There was even a point where I stored my SSH Keys on my cellphone and just used it via USB when I needed to hit one of my servers.
     
  5. grim76

    grim76 Guest

    Also look into the following configurable options for sshd_config:

    AllowUsers and AllowGroups

    These will also help with locking things down and securing sshd.
     
  6. MustangV10

    MustangV10 Guest


    Hmm, well I've locked down SSH to my IP address, as well as cPanel/WM, so is this really needed?
     
  7. grim76

    grim76 Guest

    The problem with locking down via IP is what happens if that IP changes, or something happens and you can't use that site to connect. Just one of those things to consider.
     
  8. Also, PuTTY makes a keygen for windows.
     

Share This Page