!!!SFTP MORE SECURE WITH SSH KEYS!!!
Posted: Mon Dec 05, 2016 2:12 pm
Hi!
First buy license for SFTP
I think is much more secure add a pair off keys to all user for login on sftp.
So I decide to change v-add-user script located on /usr/local/vesta/bin
AFTER
ADD THIS
Disable Password autentication on /etc/ssh/sshd_config.conf
add or change line
NOTE: PASSWORD OF SSHKEY IS THE PASSWORD YOU CHOOSE FOR USER
First buy license for SFTP
I think is much more secure add a pair off keys to all user for login on sftp.
So I decide to change v-add-user script located on /usr/local/vesta/bin
AFTER
Code: Select all
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing package data
pkg_data=$(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE")
# Checking shell
shell_conf=$(echo "$pkg_data" | grep 'SHELL' | cut -f 2 -d \')
shell=$(grep -w "$shell_conf" /etc/shells |head -n1)
# Adding user
/usr/sbin/useradd "$user" -s "$shell" -c "$email" -m -d "$HOMEDIR/$user"
check_result $? "user creation failed" $E_INVALID
# Adding password
echo "$user:$password" | /usr/sbin/chpasswd
# Building directory tree
mkdir $HOMEDIR/$user/conf
Code: Select all
############## Start Add ssh key support############################
### build directory
mkdir $HOMEDIR/$user/.ssh
#create ssh key
ssh-keygen -t rsa -b 4096 -N $password -f $HOMEDIR/$user/.ssh/id_rsa
cp $HOMEDIR/$user/.ssh/id_rsa.pub $HOMEDIR/$user/.ssh/authorized_keys
chmod 600 $HOMEDIR/$user/.ssh/authorized_keys
chown -R $user:sftp-only $HOMEDIR/$user/.ssh
chown -R $user:sftp-only $HOMEDIR/$user/.ssh/*
######## end off ssh key creation #################################
Disable Password autentication on /etc/ssh/sshd_config.conf
add or change line
Code: Select all
PasswordAuthentication no