SSH questions.

Discussion in 'Linux VPS/Dedicated - General' started by computervitals, Oct 23, 2006.

  1. computervitals

    computervitals New Member

    I disabled SSH on my WHM account and on the 2nd account I made for my site.

    But I'm still able to log into SSH under root
    I entered my VPS and disabled sshd

    Now I'm not able to log into my account..
    My site has failed a few times and was able to do nothing till I was and running. Which only has been a few minutes.

    But is it safe to leave the sshd enabled and have my root ssh turned on?

    Any tips on how I can make this on and secure?
     
  2. knightwings

    knightwings New Member

    i don;t think you can disable the root ssh but you can disable ssh for the rest of the account you create...and i suggest you disable password auth and use ssh key (public and private keys pair)
     
  3. klurt

    klurt New Member

    You can disable root login via ssh by editing your sshd_config file.

    Open your /etc/ssh/sshd_config file and look for the line that has:

    PermitRootLogin

    You'll need to uncomment it (remove the # at the beginning of the line) and add "no" to the end of the line:

    PermitRootLogin no

    Once you have made and saved your changes, restart sshd:

    /etc/init.d/sshd restart

    As for user shell access, you should probably allow only jail shell access. You can find the shell settings in WHM under Account Functions >> Manage Shell Access.

    Hope this helps.

    k l u r t
     
  4. computervitals

    computervitals New Member

    Running in Jailshell wouldn't allow me to run server commands right?

    Next with the keys. I found a few tutorials around but they fail with the authkeys step.
    I either get connection refused, or if I enter the IP I get a Psaudeo terminal error.
    http://hacks.oreilly.com/pub/h/66

    Any ideas?
     
  5. klurt

    klurt New Member

    You'd be able to run some shell commands; jailshell would limit the commands that you could run.

    "Next with the keys."

    I'm guessing that you want to automate the connection to your VPS via ssh.

    To begin setting this up, you need to create an SSH key pair, which consists of public and private key files named id_rsa and id_rsa.pub, respectively.

    The public key is copied to the remote system and placed in the $HOME/.ssh/authorized_keys file. Some systems may use the filename authorized_keys2 in addition to or instead of authorized_keys.

    This allows any user in possession of the private key to authenticate without a password. Create the key pair using the command ssh-keygen. The files are placed in the proper locations automatically on the local system in the $HOME/.ssh directory.

    Below are all the steps required :


    $ cd $HOME
    $ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/computervitals/.ssh/id_rsa): <ENTER>
    Enter passphrase (empty for no passphrase): <ENTER>
    Enter same passphrase again: <ENTER>
    Your identification has been saved in /home/computervitals/.ssh/id_rsa.
    Your public key has been saved in /home/computervitals/.ssh/id_rsa.pub.
    The key fingerprint is:
    fa:e7:7c:e1:cb:7b:66:8b:67:07:05:99:7f:05:b9:4a [email protected]

    The public key is copied to your VPS and placed in the $HOME/.ssh/authorized_keys file:

    $ cat .ssh/id_rsa.pub >> your_VPS_home/.ssh/authorized_keys
    $ chmod 600 your_VPS_home/.ssh/authorized_keys

    In the above example, you create the key pair with an empty passphrase, then append the public key to the authorized_keys file in your VPS home directory and set the permissions. After this is done, you no longer need to type the password when connecting to your VPS remote account.
     

Share This Page