How to enable jailed shell access with authenticated keys authentication instead (or in addition) to password authentication.

REQUIREMENT:

  1. This article requires you to have access to another server with full SSH access (not jailed) and access to the command line program “ssh-keygen”. If you don’t have access to another server with this program, you will not be able to proceed.
  2. This article requires you to have jailed shell access enabled in your hosting account. Please see:  how-do-i-access-my-zenutech-account-by-ssh

Step 1)

On the second server which has access to “ssh-keygen”, we create a passphraseless key

#create the key, leaving the passphrase blank when requested (your choice if you want to use a passphrase in your key).
#The path to ssh-keygen will be different depending on your second server.
/usr/local/bin/ssh-keygen -t rsa -b 4096 -f ~/zenutech-jailed.sshkey

Step 2)
# The above step will have created TWO files: zenutech-jailed.sshkey AND zenutech-jailed.sshkey.pub
# Copy the new zenutech-jailed.sshkey.pub file to the jailed shell at Zenutech either by FTP or by scp, and place it in the home folder (~).
# If your home folder is /home/user123 , then place the file at /home/user123/zenutech-jailed.sshkey.pub
# NOTE, COPY ONLY THE .PUB FILE TO THE ZENUTECH SERVER

Step 3)
# You can add additional security by limiting access to your jailed shell with this special key, to a particular IP or IP range.
# For example, you could allow 123.123.123.* to connect, or an individual IP such as 123.123.123.123
# In this example, we will allow 123.123.123.* to connect

#While logged into your jailed shell at Zenutech
mkdir ~/.ssh;
chmod 700 ~/.ssh;
touch ~/.ssh/authorized_keys;
chmod 600 ~/.ssh/authorized_keys;
echo “from=123.123.123.* ” >> ~/.ssh/authorized_keys
cat ~/zenutech-jailed.sshkey.pub >> ~/.ssh/authorized_keys;

# That’s it, you are done. Test! You should now be able to connect without a password from server #2 to your jailed shell account at Zenutech.
# For example: ssh useratzenutech@yourdomainname -p 3345 -i zenutech-jailed.sshkey
# this should log you in without asking for a password

# you can also remove the file zenutech-jailed.sshkey.pub from the jailed shell as it is no longer needed, although it shouldn’t do much harm if you leave it there. (rm /home/user123/zenutech-jailed.sshkey.pub)

Posted 2011-01-26 in Site Management,Web Development