We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
!!!SFTP MORE SECURE WITH SSH KEYS!!!
!!!SFTP MORE SECURE WITH SSH KEYS!!!
Hi!
First buy license for SFTP
I think is much more secure add a pair off keys to all user for login on sftp.
So I decide to change v-add-user script located on /usr/local/vesta/bin
AFTER
ADD THIS
Disable Password autentication on /etc/ssh/sshd_config.conf
add or change line
NOTE: PASSWORD OF SSHKEY IS THE PASSWORD YOU CHOOSE FOR USER
First buy license for SFTP
I think is much more secure add a pair off keys to all user for login on sftp.
So I decide to change v-add-user script located on /usr/local/vesta/bin
AFTER
Code: Select all
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing package data
pkg_data=$(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
# Checking shell
shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
# Adding user
/usr/sbin/useradd "$user" -s "$shell" -c "$email" -m -d "$HOMEDIR/$user"
check_result $? "user creation failed" $E_INVALID
# Adding password
echo "$user:$password" | /usr/sbin/chpasswd
# Building directory tree
mkdir $HOMEDIR/$user/conf
Code: Select all
############## Start Add ssh key support############################
### build directory
mkdir $HOMEDIR/$user/.ssh
#create ssh key
ssh-keygen -t rsa -b 4096 -N $password -f $HOMEDIR/$user/.ssh/id_rsa
cp $HOMEDIR/$user/.ssh/id_rsa.pub $HOMEDIR/$user/.ssh/authorized_keys
chmod 600 $HOMEDIR/$user/.ssh/authorized_keys
chown -R $user:sftp-only $HOMEDIR/$user/.ssh
chown -R $user:sftp-only $HOMEDIR/$user/.ssh/*
######## end off ssh key creation #################################
Disable Password autentication on /etc/ssh/sshd_config.conf
add or change line
Code: Select all
PasswordAuthentication no
Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!
ADD MOD FOR CHANGE PASSWORD.
when you change password for one user.
Now create one new sshkey with new password for user.
this change is made on file
check file
change code if you want.
when you change password for one user.
Now create one new sshkey with new password for user.
this change is made on file
Code: Select all
/usr/local/vesta/bin/v-change-user-password
change code if you want.
Code: Select all
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Changing user password
echo "$user:$password" | /usr/sbin/chpasswd
md5=$(awk -v user=$user -F : 'user == $1 {print $2}' /etc/shadow)
###################add by me #############
##
#delete old ssh key
rm -Rf $HOMEDIR/$user/.ssh
### build directory
mkdir $HOMEDIR/$user/.ssh
#create new ssh key with new password
ssh-keygen -t rsa -b 4096 -N $password -f $HOMEDIR/$user/.ssh/id_rsa
cp $HOMEDIR/$user/.ssh/id_rsa.pub $HOMEDIR/$user/.ssh/authorized_keys
chmod 600 $HOMEDIR/$user/.ssh/authorized_keys
chown -R $user:sftp-only $HOMEDIR/$user/.ssh
chown -R $user:sftp-only $HOMEDIR/$user/.ssh/*
############## end of my add ###################
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!
Nice!
PS: sticky topic for 120 days ;-)
PS: sticky topic for 120 days ;-)
Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!
Thank you Sukuru!
I´m Glad You like it!
I´m Glad You like it!
Re: !!!SFTP MORE SECURE WITH SSH KEYS!!!
Of course you need say people than they need add ssh key to the root account if the will disable password autentication