Vesta Control Panel - Forum

Community Forum
http://forum.vestacp.com/

!!!SFTP MORE SECURE WITH SSH KEYS!!!

http://forum.vestacp.com/viewtopic.php?f=44&t=13312

Page 1 of 1

!!!SFTP MORE SECURE WITH SSH KEYS!!!

Posted: Mon Dec 05, 2016 2:12 pm
by Rhandy
Hi!
First buy license for SFTP


I think is much more secure add a pair off keys to all user for login on sftp.
So I decide to change v-add-user script located on /usr/local/vesta/bin

AFTER

Code: Select all

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Parsing package data
pkg_data=$(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")

# Checking shell
shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
shell=$(grep -w "$shell_conf" /etc/shells |head -n1)

# Adding user
/usr/sbin/useradd "$user" -s "$shell" -c "$email" -m -d "$HOMEDIR/$user"
check_result $? "user creation failed" $E_INVALID

# Adding password
echo "$user:$password" | /usr/sbin/chpasswd

# Building directory tree
mkdir $HOMEDIR/$user/conf
ADD THIS

Code: Select all

############## Start Add ssh key support############################
### build directory
mkdir $HOMEDIR/$user/.ssh
#create ssh key
ssh-keygen -t rsa -b 4096 -N $password -f $HOMEDIR/$user/.ssh/id_rsa

cp $HOMEDIR/$user/.ssh/id_rsa.pub $HOMEDIR/$user/.ssh/authorized_keys
chmod 600 $HOMEDIR/$user/.ssh/authorized_keys
chown -R $user:sftp-only $HOMEDIR/$user/.ssh
chown -R $user:sftp-only $HOMEDIR/$user/.ssh/*
######## end off ssh key creation #################################

Disable Password autentication on /etc/ssh/sshd_config.conf
add or change line

Code: Select all

PasswordAuthentication no
NOTE: PASSWORD OF SSHKEY IS THE PASSWORD YOU CHOOSE FOR USER

Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!

Posted: Mon Dec 05, 2016 9:59 pm
by Rhandy
ADD MOD FOR CHANGE PASSWORD.

when you change password for one user.

Now create one new sshkey with new password for user.

this change is made on file

Code: Select all

/usr/local/vesta/bin/v-change-user-password
check file

change code if you want.

Code: Select all

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Changing user password
echo "$user:$password" | /usr/sbin/chpasswd
md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)

###################add by me #############
##
#delete old ssh key
rm -Rf $HOMEDIR/$user/.ssh
### build directory
mkdir $HOMEDIR/$user/.ssh
#create new ssh key with new password
ssh-keygen -t rsa -b 4096 -N $password -f $HOMEDIR/$user/.ssh/id_rsa

cp $HOMEDIR/$user/.ssh/id_rsa.pub $HOMEDIR/$user/.ssh/authorized_keys
chmod 600 $HOMEDIR/$user/.ssh/authorized_keys
chown -R $user:sftp-only $HOMEDIR/$user/.ssh
chown -R $user:sftp-only $HOMEDIR/$user/.ssh/*
############## end of my add ###################

#----------------------------------------------------------#
#                       Vesta                              #
#----------------------------------------------------------#

Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!

Posted: Wed Dec 07, 2016 2:23 pm
by skurudo
Nice!
PS: sticky topic for 120 days ;-)

Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!

Posted: Fri Dec 09, 2016 9:34 am
by Rhandy
Thank you Sukuru!

I´m Glad You like it!

Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!

Posted: Sat Feb 18, 2017 8:34 am
by skamasle
Of course you need say people than they need add ssh key to the root account if the will disable password autentication
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/