Web Hosting :: Disabling SSH Root Access But Enabling SSH Keys How To Do That

SSH Keys
I'm having a problem with SSH keys (they don't work out of the box correct with cPanel) I bilieve the error is in my sshd_conf, but if someone could assist me with what settings that should be uncommented that would be helpful.

Anyways, just some history of what I did so far:

Generated a passphraseless key within Server(A1). Took the public key (not the private, left the privat on the server itself) and transferred it to a file authorized_keys on Server(B2).

Chmod that file to 600. Then ran the following command:

ssh -v -i /root/.ssh/authorized_keys -p 1234 root@xxx.i.p.xxx

First I still get asked for a passphrase (which is wierd since it's suppose to be passphraseless), then when I just press enter (to signify that there is no passphrase), I get the following error:

Permission denied (publickey,gssapi-with-mic).

View Replies! View Related

Ssh Keys And Whm
I have a problem w whm/cpanel and my server.

Im starting to use private/pub keys for ssh access, so far i can access the server via ssh w the key (ive disabled pass access in sshd_conf) but when i want to copy accounts from this server (the one w ssh key) trough the whm interface to another who hasnt key it doesnt work... am i missing something?

View Replies! View Related

SSH/Putty Keys
I have setup a private/public key for myself so I can login to SSH with a different password now I need to setup for someone else.

Now do I put there public key in the same file as my public key on the server, or do I make a new file on the server?

View Replies! View Related

Manage SSH Keys-how To Use
How can use this feature in cpanel of my dedicated server Manage SSH Keys.

Any place where there is a small tutorial on this feature?

View Replies! View Related

SSH Server Keys
removing my ssh key from the server. I want to be able to login with just a password. I have to change one of my servers and I cannot do it with the keys enabled.

View Replies! View Related

Tutorial To Use SSH Keys Instead Of Password
A Short tutorial to use SSH keys instead of plain password to login.

1. Logon to WHM and goto Main >> Security >> Security Center

2. Under "SSH Password Auth Tweak" and disable the Password Authentication.

3. Under "Manage SSH Keys" click on Generate new key.

4. Give a Key name and Generate a good password (remember it). Choose KeyType as DSA since it's more secure than RSA.

5. Once done, you will see a pair of public private keys. Authorize the public key to connect.

6. View/Download the private key to your system. If you're using putty it can also generate in relevant format.

7. Save the key in a secure place in your local system and chmod to 600 so that no one can read it.

8. Next, connect to your server:

Code:
root@localhost ~]# ssh -i /path-to-file/file.key root@server.ip.address
It should ask for the password, if you have used in step 4.

View Replies! View Related

Struggling To Setup SCP Between To VPS's With SSH Keys
I had previously had this working. However, I changed the second VPS and now I can't remember how I set it up.

I will call it SourceVPS and BackupVPS.

I am trying to setup SSH keys to allow me to SCP backups from the sourceVPS to the backupVPS.

The SCP command I am trying to run on the SourceVPS is:

Code:
scp -i /root/.ssh/VPS_root_access_key -pr /root/movetest.txt root@server.BackupVPS.com:/backup/
Previously, I had the SSH keys between the SourceVPS and BackupVPS so the above command would move a file from one to the other (instead of movetest.txt, that is normally the name of the backup file being moved).

Can someone walk me through the steps for setting up the SSH keys? I am on Cpanel/WHM and Centos 4.6

View Replies! View Related

RSync W/ Windows- With SSH Keys & BQBackup
TLDR version:

when populating and attempting to write keys to authorized_keys I'm receiving the following error:

Quote:

Could not create directory '/home/Administrator/.ssh'

Long version:

I've been grinding my wheels with this for a long time now. Basically I'm attempting to get rsync set up to backup some data directories on my Windows 2k3 Server through a batch file with task scheduler to bqbackup. I've been back and forth with both Scott and Rsync.net's tech support about this issue - both of which have been great... but essentially keep hitting the same impasse with Scott appearing to have hung his hat stating he's not familiar enough with windows and rysnc.net telling me to wait for their GUI client that should be launching "soon." In the meantime I'm just running the backup manually until I can get this key issue figured out.

Here's what's going on:
I've been mainly using BQ's Guide and Rsync's Guide to try and accomplish this.

After executing ssh-keygen -t rsa -N ''

I receive the following message:

Quote:

Generating public/private rsa key pair.

Enter file in which to save the key (/home/Administrator/.ssh/id_rsa):

If I accept the default value it gives me I receive this error:

Quote:

Could not create directory '/home/Administrator/.ssh'.

Open /home/Administrator/.ssh/id_rsa failed: Not a directory.

Saving the key failed: /home/Administrator/.ssh/id_rsa.

Now my thoughts were this was occurring because my %homepath% is actually:

Quote:

c:documents and settingsadministrator.DOMAIN

(DOMAIN replacing actual text)

I'm able to change the default path location and create the RSA file elsewhere using the cygdrive format... so when prompted for the path to save I instead input:

Quote:

/cydrive/c/docume~1/administrator.DOMAIN/

and am able to create the RSA file... so mission accomplished... so far, I believe I'm past this, the snafu is now occurring on writing these keys to the authorized_keys file on BQBackup...

Quote:

C:Program FilescwRsyncin>rsync -av "/cydrive/c/documents and
settings/administrator.DOMAIN/.ssh/id_rsa.pub"
<login>@<host>:.ssh/authorized_keys
Could not create directory '/home/Administrator/.ssh'.
The authenticity of host '<host> (<ip>)' can't be established.
RSA key fingerprint is 18:02:d9:95:06:a9:70:74:86:b7:76:41:f6:71:a0:a4.

(<login>@<host> replacing actual login & host... it's definitely connecting)

That pesky '/home/Administrator/.ssh' pops up again. I'm not sure if that's what's causing the issue or not. I'm not even sure why the %homepath% for my administrator account on the server is set to administrator.DOMAIN, but AFAIK I can't log in to a local account on a Win2k3S box, correct?

Now, you'll notice that the command I issued to upload the keys I got from the RSync.net instructions. BQ's instructions for step 3 are pretty foreign to me.

I've gone further than this and attempted other things such as SSH'ing into my BQ server using putty and attempting to write the keys that way with no luck. I can't fully remember the errors I encountered doing so, though.

View Replies! View Related

PuTTY Ssh -f Root@....
How do I configure PuTTY to produce the equivalent of this command:

ssh -f root@xxx.xxx.xxx.xx -L 3333:yyy.yyy.yyy.yy:80 -N

So far the configuration I've come up with is:

Source Port: 3333
Destination: yyy.yyy.yyy.yy:80
"Local"
"Auto"

This doesn't seem to do anything at all. I don't use windows much, so go easy on me

View Replies! View Related

Can Not Login Root From SSH, LT- To Do KVM Over IP
can not login root from SSH, LT suggest me to do KVM over IP

View Replies! View Related

E-mail Alert On Root SSH Login
Want to be notified instantly when someone logs into my server as root With date time & local IP address

View Replies! View Related

Moving SSH Back To Port 22 But Will Root Be At Risk
At present I run SSH on a different port then normal to protect root. This has worked for two years, but with discovering that cPanel finally support SFTP without shell access needed, I want to finally turn off FTP and require SFTP. The problem is the port I am using. Since it's a random port I have been secured against root attacks (well nothing has shown up). I am with LiquidWeb which is fully managed. So I guess they take care of allot of prevention.

This is what I am thinking of doing. move SSH back to port 22 (I only host a few friends sites and want to be hosting 20 accounts by end of year to cover my costs). Then disabled root password and require SSH keys. Would this be strong as secure as running SSH on a high #port or am I fooling myself.

I could also add in for good measure restricting root SSH/SFTP (yes I prefer SFTP for file management as I am legally blind and using Transmit+BBEdit is allot easier for me for editing files). The problem with restricting to certain IP's, is that Shaw charges $30/month more for a static IP and I also am at my moms 25% of the time (and she is also with Shaw). I think the XXXX.vs.shawcable.net is static but I am not 100% sure.

I really do want to kill FTP so that only port 80 is the only non SSL port open.

View Replies! View Related

Not Able To Set Crontab To 4755 In SSH Logged In As Root
For some odd reason, when I run: chmod 4755 /usr/bin/crontab

in ssh, it still does not change it to 4755. It's like I don't have permission to change it, ans I'm logged in as root.

I've read some threads here on the forum and none really come to an issue where when they run that chmod 4755 /usr/bin/crontab it still doesn't chmod it.

So is there a way to check if it is chmodded to 4755 as I use CSF Exploerer to check if it is chmod'd to 4755, and it just stays at 755.

View Replies! View Related

Access To The SSH
how can i get access to the SSH

By checking if the computer name is identical to the name saved in my server

SSH by entering the name of the user after the login and password and the correct Port

View Replies! View Related

Can't Access To Ssh
i have installed apf firewall yesterday and every things is ok but to day when i want to access to server by ssh i get this error

View Replies! View Related

SSH Vs Telnet Access
I need help with understanding the difference between Telnet and SSH. I am in the process of signing up for a hosting plan and I have asked the sales rep if we will have telnet access. Their reply was that we have full root access via SSH.

Any help that anyone can offer on the differences and benefits/drawbacks would be much appreciated.

View Replies! View Related

SSH/Shell Access :: How To Use It?
I have never used SSH/Shell Access, but think I may want to. Can someone explain what it is, and maybe explain how to use it? My web hosting provider provides SSH, but I have no clue what to do.

View Replies! View Related

Can't Access Server Via SSH
I've changed the shh port on my server and now I can't log in.

I changed the port to 4247 in the /etc/ssh/sshd_conf file.

I've tried using port 22 incase I messed it up but that doesn't work either.

Obviously I can't get back in to check it or change it.

Using WHM/cPanel.

View Replies! View Related

Limiting SSH Access
I've recently hired a new server with the aim of offering FTP backups.

I have Plesk CP but I don't want to use that to create the accounts for these users - i want to use the Plesk license for webhosting customers.

My box is running CentOS with ProFTPd.

The problem i'm having, is locking down SSH access to the Backup customers - if i add an account using "useradd", it is enabled in ProFTPd as I want, and I have set ProFTPd to only allow access to their home dir. However, the users can still log in via SSH and have full access to the box. Ideally, I want to be able to remove these users from SSH access, or if that's not easily possible, not allow them to "cd" above their home dir.

I know it's possible to add their usernames to the SSHd config file under Deny, but is there a more elegant solution (bearing in mind i'm planning to have quite a few of these users)?

View Replies! View Related

Vmware Ssh Access
I have winXP pro as my OS and am running Fedora Core 7 as a guest operating system on vmware. I am trying to ssh from my winXP to FC7. Any thoughts on what I could check to see why I am getting connection refused? I have already turned off the firewall and selinux. Any other ideas?

Also, if possible i would like to see apache2 on my main machine. I would like to be able to turn on and off the viewing of what I am working on.

View Replies! View Related

Can't SSH Access Into Server
I have requested SSH access and they said they have enabled SSH on my account. The problem is, when I try to connect to my domain, I keep receiving Network error:

Connection timed out. There is no login window asking me for username and password. I'm using PuTTy and WinSCP, both with no success.

View Replies! View Related

Can't Access Ping Or Access SSH
I'm having trouble with a vps and the ips won't ping and can't connect via ssh.

I can via hypervm console when I run apt-get update but it doesn't download anything.

View Replies! View Related

No Remote Ssh Access To Webserver
I have an Ubuntu server and have installed AMP. The server is behind a router (2wire).

I have a static IP address which i use for the webserver. I have enabled the router firewall to allow all the typical webserver ports. When I am on the network (in the vicinity of the network) i am able to connect wirelessly to the server via ssh and also access the domains via my web browser.

But when i connect to the net via another router I am unable to gain ssh access or access the websites from a browser.

When i initiate a connection with putty all i get is a black screen and when i connect to the website i get

Quote:

The operation timed out when attempting to contact www.globalexpatservices.com.

View Replies! View Related

Secure And Restrict SSH Access
1.Who can I secure and restrict SSH access?

View Replies! View Related

Access Ssh Via Mobile Phone
i have read somewhere you can logon to your server via ssh on your mobile phone. Anyone know what software is needed and how to do this? I'm off on holiday at some point and i could do with an emergency backup plan! I use a Sony ericcson p900 (oldschool i know!)

My 2nd question is:

What enables/disdabled php to access files outside of root? On my current vps, i can't include files like using ../ or full paths to files/folders outside of the public web folder.

View Replies! View Related

Secure Employees SSH Access To Server
I'm thinking about creating a limited platform for my employees to access my hosting servers

I wish they can create certain types of directories for users, set permissions on some directories, list users accounts, etc.

but although I don't think they would want to abuse this kind of access, I not only like the Trust-No-One premisse, but I also find it not very unlikely that the computer they're using get compromised or something like that

so I'd like to get technical ideas on how to develop this system and to know if anyone is interested and would like to contribute to the code

what I've considered so far is that I should either create a special user for that which would be on all users group, or should give it "root" access... the latter seems more reasonable for me considering the implementation and compatibility between systems and control panels

but with "root" access I mean "running MY INTERFACE to the employee as root"... this interface would have limited options like "create directory for user X", "list content of user X", etc. (taking a lot of care on input validation)... and would enforce some limits to prevent abuse (for example, can't list the content of more than 10 users per hour, or something like that... and alert me)

my main doubt is how you think that should be implemented? as a special server or as a webservice? with webservice I have the advantage of being capable of using SSL in a simple way and I don't need a special client (since any browser is a client)
then that could be PHP or Perl... but running as UID 0 (I don't even know if apache allows that, or if there's a workaround like SUID)

View Replies! View Related

SSH Access To My Server Only From IP Address IPtables
my question

i Have a server with centos and WHM cpanel , the last days i have read in the ssh log files (security) many failure logins from many IP adress

i read some about IPtables and everytime when i read in the log for an ip i block this Ip from IPtables , but this seems bad and boring exepiriance everyday.

so does anyone know the exact command for the IPtables , how to have access to my ssh ONLY from my ip address ?

my IP adress it is static and i want only from that ip to have access to the server and noone else from diferent ip

View Replies! View Related

SSH Access Allow The Installation Of An IRC Server
Do most webhost that come with the SSH access allow the installation of an IRC server (unreal)?

can anyone link me to good cheap ones

dont want to go registering to one and find out later that i cant

View Replies! View Related

Can Client With Ssh Access Hurt My Server
my clients are asking for ssh access, if I gave them ssh access, can they hurt server / other clients in any possible way?

View Replies! View Related

Backup From 1 Ftp Account To Another Without Ssh Access
Actually I make backup in 1 ftp account, also I have another ftp account what I don't use it. Do you know how to copy files directly from 1 ftp account to another one?

1 ftp account it's with bqbackup.com
1 ftp account it's with another backup provider

any of them have ssh access, so I'm looking to something like copy-at-the-fly ftp? without downloading all first to another server?

View Replies! View Related

Reliable Web Host With SSH Access
Before we get any further I would ask that people not relentlessly spam this thread with this or that, telling me how great your web-host is. Im sure it is. I do want serious replies that address my concerns.

I am currently with a web host called bluehost.com -- with which I am becoming VERY dissatisfied with. They are now consistently having downtime which causes me a lot of frustration when I am in the middle of editing a file (or many files as I like to do). Frustration aside, what is this going to cost me when I am not just developing and rather depending on them to keep me alive and available? This is NOT why I pay $7 a month.

Further, I find it absolutely rude and unacceptable the way I am treated by their customer service representatives. In this regard I am uncertain what is worse, letting them know Ive troubleshooted the issue on my own and therefore know something, or acting as if I don't know anything at all about the problem. Either way I receive rude, snarky, condescending, and / or passive-aggressive irritation from aformentioned representative. They "guide" me through steps they probably read from a script and when they are done "diagnosing" the problem I feel as though I've been raped. Its quite an ugly scene. I do want to mention however that I have NEVER had even 'acceptable' customer service from any of the 4 or 5 web-hosts I have tried (by tried I mean more than 6 months of sticking it out).

I wish to find a web host company that is relatively large in size. This would imply a few things to me that:

A) They have the capacity to reduce or eliminate downtime to something approaching zero at worst and zero at best.

B) They have the capacity to staff knowledgeable customer service representatives that are not snivelling, sexually challenged uber-geeks with a grudge against the universe.

I do realize this request is like expecting politicians to be honest or more specifically if the said host is large and resource laden, they probably did not get there by hiring the best and brightest to sit by the phone.

C) They offer SSH access to their customers. And other small details would include a list of basic and expected necessities such as: MySQL, PHP, FastCGI, Zend Optimizer, sub-domains, pop3 accounts / mail, a control panel for account settings, and of course error logs and the like.

So, if anyone knows of a host with these features, please let me know and / or please let me know of your experiences with this host. If you have had problems with Bluehost please keep in mind that they have treated me *relatively* well, with the exception of customer service not worth the goo between my toes.

View Replies! View Related

How To Backup Host Account With Out SSH Access
I am moving hosts and my old host is unable to backup my current site and give me a single tar or zip
file of my websites (They do not use cpannel)

The only access I have to them is var ftp and there custom control pannel, I have been backuing up.

My new cpanel host has given me SHH access and I was trying to
run a ftpsync a perl based script to sync a site but it times out "421 No Transfer Timeout (900 seconds)"

At the moment I am backing up the site to my local pc but it has been running for the last 12 hours, All the sites only total about 350mb but they are made up of lots of small files and I think that this is the reason why it is taking so long.

I wanted to know if any one had any other ideas as I am a little bit worried that I might lose some data that is why I would like to some how backup my old host direct to my new host.

View Replies! View Related

Ssh After Entering The Password Of Ssh It Shows Me The Errors.
Tere was a folder in /home/virtfs and I delete this folder and now when I try tologin to ssh after entering the password of ssh it shows me the below errors.

-bash: id: command not found
-bash: [: =: unary operator expected
-bash: id: command not found
-bash: dircolors: command not found
-bash: tr: command not found
-bash: id: command not found
-bash: [: =: unary operator expected
-bash: whoami: command not found
grep: /var/cpanel/users/: Permission denied
-bash: mesg: command not found
-bash: dircolors: command not found
sshadmin@XXX [~]# su -
Password:

and in service status in whm the memory used is 100% but the sites are working.

and root@XXX [/]# top
-bash: top: command not found
root@XXX [/]#

View Replies! View Related

FTP, SSH, Httpd Status Is Running. But Why Can't Access The Site
I can access FTP, SSH and httpd is showed as running when i check with 'httpd status'. Memory ram has half of them left(except that swap is 0,0).

I can't access my site via browser

Why tried restarting
[root@web2 ~]# service httpd start
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
[root@web2 ~]#

View Replies! View Related

IPTables - Block Internet Access To SSH (22) Except Verified IP's
I recently looked at my secure and mesaages log and have been getting a lot of failed SSH root login attempts. So I thought I better do something about it.

Ideally I want to allow SSH login from just 3 remote public IP's, and block all others from even trying

How would you go about implementing this?

I have tried using IPTables, but I think im getting the rule wrong somewhere.

Here is what I have:

Code:
## Access to SSH from Pre-approved IP Addresses ONLY ##

iptables -I INPUT 1 -p tcp --dport 22 -s 123.123.123.123 -j ACCEPT
iptables -I INPUT 2 -p tcp --dport 22 -s 123.123.123.124 -j ACCEPT
iptables -I INPUT 3 -p tcp --dport 22 -s 123.123.123.125 -j ACCEPT
iptables -I INPUT 4 -p tcp --dport 22 -s 0.0.0.0 -j DROP

However this still lets me login from IPs not in the list above?

View Replies! View Related

How To Change Ssh Server Name On Ssh Software
when i ssh my server and it always shows ip of the server on the left,

it is as my attaching file shows,

i want to ask how can i change it to my server name?

View Replies! View Related

Disabling Direct Root Login
login as: hen
hen@xx.xx.xx.xx's password:
Last login:
hen@root [~]# su -
Password:
su: incorrect password

I verified that root password is correct, but no matter how many times I tried, I can't su in

Where's my su permission
-rwxr-xr-x 1 root wheel 24060 Mar 22 2007 /bin/su*

here's inside /etc/group
wheel:x:10:root,hen

View Replies! View Related

Disabling 'Allow Anonymous Access' For FTP In New CPanel Accounts
Everytime a new account is created in WHM/cPanel, the "Allow Annonymous Access for FTP" option is enabled by default. Since this is something I want turned off for all new accounts... does anyone know a way of switching this off globally in cPanel/WHM so that every new account will have this turned off by default?

View Replies! View Related

Users With Root Access
How can view all users have root access in system?

View Replies! View Related

Phantom Root Access
First, a bit of server data:

Linux version: Linux version 2.6.9-023stab033.9-entnosplit (root@rhel4-32) (gcc version 3.4.5 20051201 (Red Hat 3.4.5-2)) #1 SMP Tue Dec 5 14:54:16 MSK 2006

Running on top of Virtuozzo 3.x, SLM

Running the DirectAdmin control panel, v.1.30.2

For a couple years I've been maintaining a VPS, and I've had a command in root's .bash_profile to mail me the contents of `who` whenever root logs in (I'm certain this wouldn't catch everything, but I at least get mailed when I ssh in). However last night I got one of the dispatch emails, one that was definitely not caused by me logging in, and it was missing the `who` output in the body.

Taloncrossing: Root Shell Access on: Mon Sep 17 00:58:49 EDT 2007

I started doing some looking, starting with the logs. /var/log/messages contained these lines:

Sep 17 00:58:49 vps sshd(pam_unix)[16277]: session opened for user root by (uid=
0)
Sep 17 00:59:17 vps sshd(pam_unix)[16277]: session closed for user root

/var/log/security contained:

Sep 17 00:58:49 vps sshd[16277]: Accepted password for root from 65.98.70.202 port 45053 ssh2

To me this is pretty clear that someone had shell access to root. The session lasted just under 30 seconds. The security log showed no signs of previous failed login attempts. I referred to this topic [url]to try to find anything unusual

/var/log/wtmp has a reference somewhere to the accessing IP on grep, but 'who' will not reveal it, the same way that my email message was missing that info.

Everything else looks clean, I've run chkrootkit and rkhunter, all the warnings (issued by rkhunter) are benign, the .bash_history is clean (not flushed or any suspicious commands), logs are clean, nothing unusual is running, can't find anything out of place.

So basically I'm completely confused and have no idea what to make of all this. Was there a glitch? I can only assume that I am somehow compromised, but don't know what to make of all the data I've gathered. I'd really appreciate opinions from some of you that know this stuff way better than I do. The only action I've taken so far is changing the root password.

View Replies! View Related

Is Possible Access As Root To PhpMyAdmin, But How To PhpPgAdmin
is 100% possible access to ALL BD and admin ALL BD of MySQL from PhpMyAdmin.

How we can do it this actions in PhpPgAdmin ?

NOTE: into server with cPanel.

View Replies! View Related

How To Know When Some Body Access Root What He Touches..
I give access to some body to let's say install a software for me but is there any probram clean to show me what has he touched

View Replies! View Related

Managing Local Root Folder Without Being Able To Access It
I'm planning a website at the moment but I'm wondering about a slight issue, regarding the local root folder of a website.

Currently, I'm using Dreamweaver to create a website and I have had no problems of uploading my files to a site through Dreamweaver before. But I will not have access to my computer for about one month every year. However, I have a laptop available during that month. But since my local root folder is located on my stationary computer it seems impossible for me to, in any way, use that laptop to manage my site (upload new files to the server).

View Replies! View Related

Access Folders In Root / Bypass Wordpress
My blog is set up to display in the root of my domain, although the files on the server sit within their own folder:

i.e

Server files

Public_html/wordpressfiles/

Broswer displays

www . mydomain . com/

(disaplys pages from /wordpressfiles)

The problem I have is that I can't access individual directories within the root, unrelated to wordpress.

e.g

I have

Public_html/folder2/...
Setup on the server, but if I enter the path in my browser:

www . mydomain . com/folder2

wordpress thinks I want to access:

www . mydomain . com/wordpress/folder2

...which doesn't exist.

How can I re-gain access to folders in the root, without wordpress interfering?

View Replies! View Related