Following the basic instructions to secure the server, I took the following steps:
added a ssh-key
disabled password authentication
disabled rootlogin
created another user with sudo
As an another user I've no problem in accessing my server through terminal.
Now, I've also added my server on serverpilot [serverpilot.io], and my curiosity lies in the fact that without ssh key the server can't be accessed then how the user serverpilot is accessing the server with password and without sshkey which is not shared with serverpilot.
Related
I understand setting up SSH from the command line of your local computer.
But app users shouldn't be using the command line, obviously.
How can a private SSH key be generated for each user, enabling passwordless connection to the remote server without using the command line?
SSH is a popular, more secure alternative to typical login methods, right? How is it usually done from the users point of view?
When I login to bluemix, I supply credentials. So my understanding is that there is https connectivity underlying.
I am using cf ssh command to access a bluemix instance. When I added a -v flag, I saw a trace of very first API call.
I am confused about the ssh part because though I did not supply a ssh credential, the ssh is working. My understanding is that the ssh connectivity normally requires ssh credentials. I understand that multiple users can access the instance via ssh. However I am not sure where the ssh credentials come from for the ssh connectivity.
cf ssh basically does an ssh under the hood (using Golang's ssh APIs - it does not call out to an external ssh command) using a username and password as credentials.
The username passed in is the process guid of your app (which is the same as your app guid when using the CC V2 APIs). The password is a one time authorization code it retrieves from UAA (it calls cf ssh-code under the hood).
See also http://docs.cloudfoundry.org/devguide/deploy-apps/ssh-apps.html#other-ssh-access.
cf ssh -v logs the initial HTTP API communication with CC and UAA, but does not log the TCP level calls to the SSH endpoint.
I know how to login without password to remote host by SSH. But that way I can access to all folder to remote host. Is there any way to give access to only specific folders by SSH?
I used ssh-keygen to generate public-private key pairs and then added public key to ~/.ssh/authorized_keys in remote server.
You want sftponly. It is a little involved to set up, but I have it running for two dozen sftp only clients. It performs a chroot when the user connects and it prevents ssh access -- thus the name.
https://www.allthingsdigital.nl/2013/05/12/setting-up-an-sftp-only-account-with-openssh/
Note that you can't allow the user to have write access in the dir they log into, but you can bind mount any other directories and give them r/w access to them.
I purchased shared hosting from Vexxhost.I wanted to host my Rails application with them.I was given cpanel details.I generated SSH keys using the cPanel and converted it to .ppk format.Next, i downloaded the key.But when i try SSH login using Putty, i get the message Server Refused Our Key.Then i'm prompted for the password.When i enter password, message is displayed: Shell access is not available for your account.Contact support.I did contact support, but no reply.Am I doing any mistake in the procedure?
I haven't used cpanel to generate ssh keys, usually I do it at the ubuntu console. Is it possible that the ppk conversion has encoding issues? or it not done right?
Do you have access to a linux box? It would be simpler to test it there.
I have configured a server myself with ssh access, and if user does not have ssh access they are presented with user/pass. So it appears that your ssh credentials are denied, but your password is recognized as accurate. Authentication is happening.
About the issue of shell support. It could be that they enable shell support only if you connect with valid ssh credentials - in which case, you need to contact support.
Or, your account does not have ssh access, and you still need to contact support.
hope it helps
I am trying to do the following. I have an internal ssh server at work (e.g. internal#192.168.1.13). This server is behind a gateway (external#gateway.work.com).
I would like to ssh to internal#internal-ssh.work.com from my home machine. To do so, I have been first doing ssh to log into the external gateway, and then from there I will log into the internal machine. the account names on the two systems are different.
I was wondering if this can be done in one step through some type of SSH tunneling. I have tried a few approaches that adapt what I see in different places, but keep getting error messages.
You can use
ssh -t external#gateway.work.com ssh internal#192.168.1.13
and you will need to either have public key crypto set up, or enter your external password, then your internal password.