Page 1 of 1
Add publickey on user creation
Posted: Wed Jun 03, 2015 12:34 pm
by Rubas
Hi all,
I started using VestaCP today, and I was missing a feature to add a public key on user-creation. So I made the following modification:
web/templates/add_user.html
https://gist.github.com/Rubatharisan/24 ... 08c8eeff82
Line: 75-84
web/add/user/index.php
https://gist.github.com/Rubatharisan/e7 ... c839475df8
Line: 26 (not a must)
Line: 58, 66, 104
bin/v-add-user
https://gist.github.com/Rubatharisan/8f ... 1fcc0083ce
Line: 19, 77-78
This is far from done, but I would like to know, if I can do this? (I tested it, and it works - but is there something I should take in mind, before continuing)
Re: Add publickey on user creation
Posted: Wed Jun 03, 2015 12:58 pm
by skurudo
But from code it's ssh keys, correct?
Re: Add publickey on user creation
Posted: Wed Jun 03, 2015 1:10 pm
by skurudo
but is there something I should take in mind, before continuing
How to change key for user, if they are compromised or there is a need to change?
Re: Add publickey on user creation
Posted: Wed Jun 03, 2015 1:22 pm
by Rubas
skurudo wrote:But from code it's ssh keys, correct?
Correct
skurudo wrote:but is there something I should take in mind, before continuing
How to change key for user, if they are compromised or there is a need to change?
This should be possible to do from user_edit page, but right now I am thinking that it should be possible to add multiple public keys, to one user. So I am trying to figure out the best way to do this. (People can have multiple computers, that needs to be able to connect to a server)
Somehow, this should be done by looking at ~/.ssh/authorized_keys for current keys. Maybe just a text area at edit user template, that simply loads the ~/.ssh/authorized_keys.
I am also thinking about making the ~/.ssh/authorized_keys only writeable by root user (or admin), incase a users private key is comprised, the compromiser won't able to add a new key.
This indeed needs more planning, but I wanted to test, if it was possible at all - but as far as I got, I feel it is. Wonderful way VestaCP is code-wisely organised.
Re: Add publickey on user creation
Posted: Wed Jun 03, 2015 2:44 pm
by skurudo
Rubas wrote:
This should be possible to do from user_edit page, but right now I am thinking that it should be possible to add multiple public keys, to one user. So I am trying to figure out the best way to do this. (People can have multiple computers, that needs to be able to connect to a server)
One more or two cases:
Keys must be changed, when we do Rebuild user and if it's old user without key. Right?
And question, tricky one:
- if user has nologin in bash, we make him key anyway?
Re: Add publickey on user creation
Posted: Wed Jun 03, 2015 3:30 pm
by Rubas
skurudo wrote:
One more or two cases:
Keys must be changed, when we do Rebuild user and if it's old user without key. Right?
What do you mean by changed? And what does happen when we do Rebuild user?
It should be optional to use public key, but if you use public key, password
could be disabled (so it is only possible to login via public key).
skurudo wrote:
And question, tricky one:
- if user has nologin in bash, we make him key anyway?
It should be optional to input a key, but we shouldn't input a key if user has nologin in bash. Right?