• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SSH keys for domain owners

A

avit

Guest
Hi,

Is there a way to allow the user to create their own .ssh directory in their home directory so they can upload a ssh public key for passwordless login?

Thanks,
Andrew
 
Are we talking about your customers being given shell access and you want them to be able to connect via SSH using keys instead of passwords?

If so, yes, you just create an .ssh directory in /home/[username] and put a file called authorized_keys in it. You ro they generate a key pair, copy the public part of the key to authorized_keys and you are done.

You may need to modify the permissions on authorized_keys and indeed .ssh to make them owned by the user and read only for everybody else, depending on the distribution you use.

In fact they can do all this themselves if they have shell access. There's no need for you to get involved.

However this will mean you'll need to open port 22 to everybody, which is not a great idea. Of course if you disable password-based logins and only enable key-based logins then brute forcing passwords won't be an issue.

Faris.
 
Thanks Faris, I get that.

It looks like the user home directories are owned by root, so there's no way to create a .ssh dir in there without me getting involved. Is there any reason why these can't just be owned by the users? Can that be set up in the skeleton file or otherwise?

All the users on my server will be known to me, so I don't have a problem with them having full access to their own ~/bin and so on...
 
I'm surprised that's the case. Maybe something to do with the chroot jail for users created via Plesk I suppose. I@ve never allowed third parties to login on any of our servers so I've never tried it I'm afraid. I always add users manually using adduser

Sorry to be useless!

Faris.
 
Yes, you'll have to create the .ssh directory as root. You can then copy the client's public key into .ssh/authorized_keys or maybe have them do it themselves if you set the directory up so they are allowed to write to it.
 
All of the users I have in /home are owned by the user and not by root, but I did a useradd to get them created, I dont use plesk for managing system users, only domain users.
 
Domain users happen to be system users as well. I think the topic starter is talking about domain users.
 
Then the topic starter will have to use one of the already mentioned ways of doing it.
 
You must log in or register to reply here.

Similar threads

G
Question Enable GIT from SSH (pub+private keys) to multiple users
Replies
0
Views
192
gianni.ravaioli
G
F
Question Problems with ssh / Migrator / Keys
Replies
1
Views
605
Peter Debik
P
K
Question SSH key auth for importing websites
Replies
3
Views
506
klowet
K
U
Question .ssh directory in domain folder?
Replies
11
Views
1K
AYamshanov
AYamshanov
Kulturmensch
Resolved How to work with SSH Keys Manager
Replies
12
Views
3K
Kulturmensch
Kulturmensch
Back
Top