!!!SFTP MORE SECURE WITH SSH KEYS!!! Topic is solved

Questions regarding the FTP Server
vsFTPd, ProFTPd
Rhandy
Posts: 28
Joined: Sat Nov 26, 2016 1:50 pm

!!!SFTP MORE SECURE WITH SSH KEYS!!!  Topic is solved

Postby Rhandy » Mon Dec 05, 2016 2:12 pm

Hi!
First buy license for SFTP


I think is much more secure add a pair off keys to all user for login on sftp.
So I decide to change v-add-user script located on /usr/local/vesta/bin

AFTER

Code: Select all

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Parsing package data
pkg_data=$(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")

# Checking shell
shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
shell=$(grep -w "$shell_conf" /etc/shells |head -n1)

# Adding user
/usr/sbin/useradd "$user" -s "$shell" -c "$email" -m -d "$HOMEDIR/$user"
check_result $? "user creation failed" $E_INVALID

# Adding password
echo "$user:$password" | /usr/sbin/chpasswd

# Building directory tree
mkdir $HOMEDIR/$user/conf



ADD THIS

Code: Select all

############## Start Add ssh key support############################
### build directory
mkdir $HOMEDIR/$user/.ssh
#create ssh key
ssh-keygen -t rsa -b 4096 -N $password -f $HOMEDIR/$user/.ssh/id_rsa

cp $HOMEDIR/$user/.ssh/id_rsa.pub $HOMEDIR/$user/.ssh/authorized_keys
chmod 600 $HOMEDIR/$user/.ssh/authorized_keys
chown -R $user:sftp-only $HOMEDIR/$user/.ssh
chown -R $user:sftp-only $HOMEDIR/$user/.ssh/*
######## end off ssh key creation #################################



Disable Password autentication on /etc/ssh/sshd_config.conf
add or change line

Code: Select all

PasswordAuthentication no


NOTE: PASSWORD OF SSHKEY IS THE PASSWORD YOU CHOOSE FOR USER

Rhandy
Posts: 28
Joined: Sat Nov 26, 2016 1:50 pm

Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!

Postby Rhandy » Mon Dec 05, 2016 9:59 pm

ADD MOD FOR CHANGE PASSWORD.

when you change password for one user.

Now create one new sshkey with new password for user.

this change is made on file

Code: Select all

/usr/local/vesta/bin/v-change-user-password


check file

change code if you want.

Code: Select all

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Changing user password
echo "$user:$password" | /usr/sbin/chpasswd
md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)

###################add by me #############
##
#delete old ssh key
rm -Rf $HOMEDIR/$user/.ssh
### build directory
mkdir $HOMEDIR/$user/.ssh
#create new ssh key with new password
ssh-keygen -t rsa -b 4096 -N $password -f $HOMEDIR/$user/.ssh/id_rsa

cp $HOMEDIR/$user/.ssh/id_rsa.pub $HOMEDIR/$user/.ssh/authorized_keys
chmod 600 $HOMEDIR/$user/.ssh/authorized_keys
chown -R $user:sftp-only $HOMEDIR/$user/.ssh
chown -R $user:sftp-only $HOMEDIR/$user/.ssh/*
############## end of my add ###################

#----------------------------------------------------------#
#                       Vesta                              #
#----------------------------------------------------------#

skurudo
VestaCP Team
Posts: 7802
Joined: Fri Dec 26, 2014 2:23 pm
Location: Moscow
Contact:

Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!

Postby skurudo » Wed Dec 07, 2016 2:23 pm

Nice!
PS: sticky topic for 120 days ;-)
-> DigitalOcean competition - please, support us
-> fix for phpmyadmin - nice and sweet now

Rhandy
Posts: 28
Joined: Sat Nov 26, 2016 1:50 pm

Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!

Postby Rhandy » Fri Dec 09, 2016 9:34 am

Thank you Sukuru!

I´m Glad You like it!

skamasle
Collaborator
Posts: 384
Joined: Mon Feb 29, 2016 6:36 pm

Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!

Postby skamasle » Sat Feb 18, 2017 8:34 am

Of course you need say people than they need add ssh key to the root account if the will disable password autentication


Return to “FTP Server”



Who is online

Users browsing this forum: No registered users and 1 guest