SSH Server Keys
Jan 18, 2007removing my ssh key from the server. I want to be able to login with just a password. I have to change one of my servers and I cannot do it with the keys enabled.
View 1 Repliesremoving my ssh key from the server. I want to be able to login with just a password. I have to change one of my servers and I cannot do it with the keys enabled.
View 1 RepliesI need to transfer plesk from current existing server to a new server. I don't need to migrate existing data. I've already installed plesk in a new server. How to retrieve the license key files. I cannot access the existing plesk panel over SSH or HTTP due to an IP blocking issue.
View 1 Replies View RelatedI am trying to create an ssh key pair to allow rsync without passwrods between two debian boxes.
I have Main server which I want to push data to Backup server
I have followed the tutorial at [url]but this does not work when I ssh or rsync eaither from main server to backup server or ther other way it still requires password.
I have a problem w whm/cpanel and my server.
Im starting to use private/pub keys for ssh access, so far i can access the server via ssh w the key (ive disabled pass access in sshd_conf) but when i want to copy accounts from this server (the one w ssh key) trough the whm interface to another who hasnt key it doesnt work... am i missing something?
i have my own centos server . i want to let some of my friends to login to my box using ssh keys , so i set an authorized_keys file to have their pubic_keys.
Now , my question is how can i limit the commands they can execute?
i mean let them just only "rsync" their files from their boxes to mine , without any ability to execute any other commands or even loging to my box!
I'm having a problem with SSH keys (they don't work out of the box correct with cPanel) I bilieve the error is in my sshd_conf, but if someone could assist me with what settings that should be uncommented that would be helpful.
Anyways, just some history of what I did so far:
Generated a passphraseless key within Server(A1). Took the public key (not the private, left the privat on the server itself) and transferred it to a file authorized_keys on Server(B2).
Chmod that file to 600. Then ran the following command:
ssh -v -i /root/.ssh/authorized_keys -p 1234 root@xxx.i.p.xxx
First I still get asked for a passphrase (which is wierd since it's suppose to be passphraseless), then when I just press enter (to signify that there is no passphrase), I get the following error:
Permission denied (publickey,gssapi-with-mic).
I am currently running Cent OS 5...where do I find the directory or file to add my public key to?
View 9 Replies View RelatedI have setup a private/public key for myself so I can login to SSH with a different password now I need to setup for someone else.
Now do I put there public key in the same file as my public key on the server, or do I make a new file on the server?
How can use this feature in cpanel of my dedicated server Manage SSH Keys.
Any place where there is a small tutorial on this feature?
I had previously had this working. However, I changed the second VPS and now I can't remember how I set it up.
I will call it SourceVPS and BackupVPS.
I am trying to setup SSH keys to allow me to SCP backups from the sourceVPS to the backupVPS.
The SCP command I am trying to run on the SourceVPS is:
Code:
scp -i /root/.ssh/VPS_root_access_key -pr /root/movetest.txt root@server.BackupVPS.com:/backup/
Previously, I had the SSH keys between the SourceVPS and BackupVPS so the above command would move a file from one to the other (instead of movetest.txt, that is normally the name of the backup file being moved).
Can someone walk me through the steps for setting up the SSH keys? I am on Cpanel/WHM and Centos 4.6
A Short tutorial to use SSH keys instead of plain password to login.
1. Logon to WHM and goto Main >> Security >> Security Center
2. Under "SSH Password Auth Tweak" and disable the Password Authentication.
3. Under "Manage SSH Keys" click on Generate new key.
4. Give a Key name and Generate a good password (remember it). Choose KeyType as DSA since it's more secure than RSA.
5. Once done, you will see a pair of public private keys. Authorize the public key to connect.
6. View/Download the private key to your system. If you're using putty it can also generate in relevant format.
7. Save the key in a secure place in your local system and chmod to 600 so that no one can read it.
8. Next, connect to your server:
Code:
root@localhost ~]# ssh -i /path-to-file/file.key root@server.ip.address
It should ask for the password, if you have used in step 4.
TLDR version:
when populating and attempting to write keys to authorized_keys I'm receiving the following error:
Quote:
Could not create directory '/home/Administrator/.ssh'
Long version:
I've been grinding my wheels with this for a long time now. Basically I'm attempting to get rsync set up to backup some data directories on my Windows 2k3 Server through a batch file with task scheduler to bqbackup. I've been back and forth with both Scott and Rsync.net's tech support about this issue - both of which have been great... but essentially keep hitting the same impasse with Scott appearing to have hung his hat stating he's not familiar enough with windows and rysnc.net telling me to wait for their GUI client that should be launching "soon." In the meantime I'm just running the backup manually until I can get this key issue figured out.
Here's what's going on:
I've been mainly using BQ's Guide and Rsync's Guide to try and accomplish this.
After executing ssh-keygen -t rsa -N ''
I receive the following message:
Quote:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/Administrator/.ssh/id_rsa):
If I accept the default value it gives me I receive this error:
Quote:
Could not create directory '/home/Administrator/.ssh'.
Open /home/Administrator/.ssh/id_rsa failed: Not a directory.
Saving the key failed: /home/Administrator/.ssh/id_rsa.
Now my thoughts were this was occurring because my %homepath% is actually:
Quote:
c:documents and settingsadministrator.DOMAIN
(DOMAIN replacing actual text)
I'm able to change the default path location and create the RSA file elsewhere using the cygdrive format... so when prompted for the path to save I instead input:
Quote:
/cydrive/c/docume~1/administrator.DOMAIN/
and am able to create the RSA file... so mission accomplished... so far, I believe I'm past this, the snafu is now occurring on writing these keys to the authorized_keys file on BQBackup...
Quote:
C:Program FilescwRsyncin>rsync -av "/cydrive/c/documents and
settings/administrator.DOMAIN/.ssh/id_rsa.pub"
<login>@<host>:.ssh/authorized_keys
Could not create directory '/home/Administrator/.ssh'.
The authenticity of host '<host> (<ip>)' can't be established.
RSA key fingerprint is 18:02:d9:95:06:a9:70:74:86:b7:76:41:f6:71:a0:a4.
(<login>@<host> replacing actual login & host... it's definitely connecting)
That pesky '/home/Administrator/.ssh' pops up again. I'm not sure if that's what's causing the issue or not. I'm not even sure why the %homepath% for my administrator account on the server is set to administrator.DOMAIN, but AFAIK I can't log in to a local account on a Win2k3S box, correct?
Now, you'll notice that the command I issued to upload the keys I got from the RSync.net instructions. BQ's instructions for step 3 are pretty foreign to me.
I've gone further than this and attempted other things such as SSH'ing into my BQ server using putty and attempting to write the keys that way with no luck. I can't fully remember the errors I encountered doing so, though.
in order to secure my server against instrusion, i disabled ssh root login and created a user for myself. however in order to access the user i need to enable SSH Password authentication
I dont enable password authentication all the time and i keep it disabled unless i need to do something via ssh.
Now my question will be, is there a way to keep the user i created and keep the root login disabled and password authentication disabled but use ssh keys for the user i created?
I was informed that if i opt to login to ssh via the user i created, the only way to do that is to enable password authentication as it cannot work with ssh keys. is this true?
I really hope someone can help me how to use the user i created together with ssh keys so i dont have to enable password authentication when loggin to ssh
how to set DKIM and Domain Keys on centos 5.2 with cPanel?
1. as my friend is using it for an IPB forum, some of his mails r rejected to especially
2 famous email providers, on research found, they are checking with DKIM or domain keys to verify the mails..
I came to know from some where tht domain keys aren't updated any more, so is it safe to use the last available release and is it bug free?
2. Can we add both DKIM and Domain Keys for the mails been sent on the server?
3. how to add them,
Currently I have a server that has direct root SSH access disabled (have to login as regular user then su to root), but I am currently working on setting up authentication via SSH keys, but I can't seem to get it working with direct root SSH access disabled? Is this normal, and if so is there anyway to work around it?
Basically I'd like to be able to authenticate both ways; both with SSH keys or by logging in as a regular user and su to root.
After enabling DomainKeys via 'Server-Wide Mail Settings' and 'Mail Settings for domain.com'.The DomainKeys are not generated and placed in the TXT resource records created in the domains' DNS zones.
Specs: OS: Up-to-date CentOS 7, Control Panel: Plesk 12.0.18 Update #15.
I recently migrated 50+ domains from a plesk 11.5 server to a plesk 12 server and many of the customers are not signing with domain keys anymore after the move.
Is there any way to regenerate domain keys for ALL domains?
This Version enables DH-Keys with more than 1024 Bits and pushes the ssllabs rating for key exchange to 100%.
View 19 Replies View RelatedRecently I migrated my server from CentOs 5 to CentOS 6.4, while using the migration manager from plesk 11.0.9 (the migration was between the same plesk version).
I used rsync first, which caused some trouble, but without it, the migration process worked fine.
Unfortunately, if I create new domains now, they won't get any domainkey DNS entries anymore and under /etc/domainkeys no keys are created for the new domains.
Nothing I tried did work so far, which was resetting the DNS template, turning on and off the domainkeys setting, nor did calling "/usr/local/psa/admin/sbin/mchk --with-spam" resolve the problem.
For the existing domains, domainkeys work fine, but I can't find any errors how I can fix my plesk installation to generate domainkeys for new domains.
I have enabled DomainKeys and ticked the box "Use DomainKeys spam protection system to sign outgoing email messages" however messages sent do not have the DomainKeys signature present.
I presume they should be present for email sent with PHP, that is what i'm trying to do anyway so email's from our website do not get marked as SPAM.
The _domainkey and default._domainkey DNS entries are present.
I'm trying to migrate old server into a new server.
Both uses plesk 11.5.30 version.
I'm using the "Migration & Transfer Manager" for importing everything but it does not work. The error is
Error: launchpad error (Error code = 2):
== STDERR ====================
Unable to start SSH session: Unable to exchange encryption keys
==============================
Seems like an ssh problem but ssh from shell works fine in both directions.
I tried also to create public key and put into authorized_keys with no luck..
Recently I've tested the usage of domain keys on my plesk 12 server. The feature works without problems. I'm wondering however if it's possible to activate the domain keys by a service plan or subscription model. If not, for all my domains (65) I've to activate them manually and for each domain iIll create in the future I have to activate it too.
View 6 Replies View RelatedMy server has plesk 12 with Ubuntu.The problem I have is that the messages go with a valid domain keys signature, but without the DKIM signature.I'm not using opendkim.
View 1 Replies View RelatedI've got a VPS which is serving as the main server for a number of sites. Web Server, SSH Server, and Mail Server.
What I've got running:
Apache2, PHP5, MySQL5, Dovecot, Postfix
One of the sites is a growing forum with a MASSIVE photo album. This is the site where I notice the most slowness.
Changing the server software is not an option - Only optimization.
Quote:
Originally Posted by httpd.conf
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule prefork.c>
StartServers 8
MinSpareServers 8
MaxSpareServers 13
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 50
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
Listen 80
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
Include conf.d/*.conf
User apache
Group apache
Quote:
Originally Posted by my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
old_passwords=1
[mysql.server]
user=mysql
basedir=/var/lib
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
I looked a lot - can not find solution ....
I want to transfer a file from [url]to [url]or [url]Without it will pass my localcomputer (slow upload)
It can be also a script i will install like this one - this is only for images
[url](remote)
I have Plesk 11.5 (service provider mode) on a Windows 2008 server IIS7.Most of my sites are developed in .asp and therefore i use a custom 500-100.asp error page that check s the IP of the visitor then displays either a friendly error, or if its my IP a full error of what has happened (it also emails me the error). This allows me to debug pages easily whilst developing and to keep an eye on anyone trying SQL Injection hacks on my sites (as the error and email also have session variables and IP address).I dont have root access to the server as it is a Webfusion dedicated server.I have following the Plesk documentation -
1) Switch on custom errors for the subscription
2) Look in virtual directories and navigate to error documents
3) Find the error in question (500:100) and change it to point at either a file or URL
FILE - I had the data centre add in the 500-100.asp error page in to the virtual template so that my page is available in the list of virtual files - this didn't work but that maybe because its not a static page??
URL - when i add the path it says its incorrect, if i add a fully qualified address, it accepts it but it doesn't work.give me a specific example of the URL that can be entered relative to the root as the format in the documentation isn't accepted. The last step is to restart IIS which is also an issue as i cant seem to do this from the Plesk panel..It is as if it isn't catching the 500:100 error, and only catching the general 500 error??
I am currently running Google Analytics/Urchin 5 (v5.7.02), on a server, the server has started to act up, (on its last legs etc) and now I am trying to transfer the Urchin Software to a new server, where it would work effectively.
However upon installing the urchin software on the new server and running it (localhost:9999), I am presented with An Action Items Page, and these following choices
Obtain Demo License
Buy License
Activate Pre-Purchased License
I choose ‘Activate Pre-Purchased License’ pop in the Serial number and complete the registration then…
---------------------------------------------------------
Urchin Licensing Center -- Error!
An error has occured during your transaction, please use the back button and correct the problem. The specific error message is:
• Unable to generate a license. Some possible reasons:
Your serial code is currently active <<< How do I disable it and use it on another server?
---------------------------------------------------------
So all I want to do is deactivate the serial and reactivate it on another server.
Does anyone have experience with this or a similar problem or have a solution to this problem. Any help be most appriciated.
Or even a Contact Number so that i can get some one over the phone!
This is the scenario, domain.com are setup on server1, however server2 also has the same profile of domain.com as we use ns3 and ns4 using domain.com. This works fine with the nameserver setup on server2.
However I encounter problems as the emails from server2 won't reach server1 as there are duplicate profile on server2.
My question is how do I setup the DNS in cpanel/whm from server2 so the emails from server2 will reach server1?
Server1 (www.domain.com)
ns1.domain.com
ns2.domain.com
Server2
ns3.domain.com
ns4.domain.com
I just want to use a server for file sharing, it will have nginx and that's it. I'm looking at centos, or freebsd, but I been using centos forever now and I'm not sure how to use freebsd, should I just stay with centos?
Do I tell my hosting provider to just install the OS and give me ssh action and that's it? Don't install any control panels or any other stuff? I want one domain and one subdomain on it though and ftp action.