1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

SSH keys for domain owners

Discussion in 'Plesk for Linux - 8.x and Older' started by avit, Aug 20, 2008.

  1. avit

    avit Guest

    0
     
    Hi,

    Is there a way to allow the user to create their own .ssh directory in their home directory so they can upload a ssh public key for passwordless login?

    Thanks,
    Andrew
     
  2. faris

    faris Guest

    0
     
    Are we talking about your customers being given shell access and you want them to be able to connect via SSH using keys instead of passwords?

    If so, yes, you just create an .ssh directory in /home/[username] and put a file called authorized_keys in it. You ro they generate a key pair, copy the public part of the key to authorized_keys and you are done.

    You may need to modify the permissions on authorized_keys and indeed .ssh to make them owned by the user and read only for everybody else, depending on the distribution you use.

    In fact they can do all this themselves if they have shell access. There's no need for you to get involved.

    However this will mean you'll need to open port 22 to everybody, which is not a great idea. Of course if you disable password-based logins and only enable key-based logins then brute forcing passwords won't be an issue.

    Faris.
     
  3. avit

    avit Guest

    0
     
    Thanks Faris, I get that.

    It looks like the user home directories are owned by root, so there's no way to create a .ssh dir in there without me getting involved. Is there any reason why these can't just be owned by the users? Can that be set up in the skeleton file or otherwise?

    All the users on my server will be known to me, so I don't have a problem with them having full access to their own ~/bin and so on...
     
  4. faris

    faris Guest

    0
     
    I'm surprised that's the case. Maybe something to do with the chroot jail for users created via Plesk I suppose. I@ve never allowed third parties to login on any of our servers so I've never tried it I'm afraid. I always add users manually using adduser

    Sorry to be useless!

    Faris.
     
  5. breun

    breun Golden Pleskian

    29
     
    Joined:
    Jun 28, 2005
    Messages:
    1,647
    Likes Received:
    0
    Yes, you'll have to create the .ssh directory as root. You can then copy the client's public key into .ssh/authorized_keys or maybe have them do it themselves if you set the directory up so they are allowed to write to it.
     
  6. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    All of the users I have in /home are owned by the user and not by root, but I did a useradd to get them created, I dont use plesk for managing system users, only domain users.
     
  7. breun

    breun Golden Pleskian

    29
     
    Joined:
    Jun 28, 2005
    Messages:
    1,647
    Likes Received:
    0
    Domain users happen to be system users as well. I think the topic starter is talking about domain users.
     
  8. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    Then the topic starter will have to use one of the already mentioned ways of doing it.
     
Loading...