{"id":279,"date":"2011-01-26T15:57:15","date_gmt":"2011-01-26T23:57:15","guid":{"rendered":"http:\/\/www.zenutech.com\/kb\/?p=279"},"modified":"2011-05-17T11:01:34","modified_gmt":"2011-05-17T19:01:34","slug":"how-to-enable-jailed-shell-access-with-authenticated-keys-authentication","status":"publish","type":"post","link":"https:\/\/www.zenutech.com\/kb\/article\/how-to-enable-jailed-shell-access-with-authenticated-keys-authentication\/","title":{"rendered":"How to enable jailed shell access with authenticated keys authentication"},"content":{"rendered":"<p><strong>How to enable jailed shell access with authenticated keys authentication instead (or in addition) to password authentication.<\/strong><\/p>\n<p><strong>REQUIREMENT<\/strong>:<\/p>\n<ol>\n<li>This article requires you to have access to another server with full SSH access (not jailed) and access to the command line program &#8220;ssh-keygen&#8221;. If you don&#8217;t have access to another server with this program, you will not be able to proceed.<\/li>\n<li>This article requires you to have jailed shell access enabled in your hosting account. Please see:\u00a0 <a title=\"How to access jailed shell\" href=\"\/kb\/article\/how-do-i-access-my-zenutech-account-by-ssh\/\" target=\"_blank\">how-do-i-access-my-zenutech-account-by-ssh<\/a><\/li>\n<\/ol>\n<p><strong>Step 1) <\/strong><\/p>\n<p>On the second server which has access to &#8220;ssh-keygen&#8221;, we create a passphraseless key<\/p>\n<p>#create the key, leaving the passphrase blank when requested (your choice if you want to use a passphrase in your key).<br \/>\n#The path to ssh-keygen will be different depending on your second server.<br \/>\n<strong>\/usr\/local\/bin\/ssh-keygen -t rsa -b 4096 -f ~\/zenutech-jailed.sshkey<\/strong><\/p>\n<p><strong>Step 2)<\/strong><br \/>\n# The above step will have created TWO files: zenutech-jailed.sshkey AND zenutech-jailed.sshkey.pub<br \/>\n# Copy the new zenutech-jailed.sshkey.pub file to the jailed shell at Zenutech either by FTP or by scp, and place it in the home folder (~).<br \/>\n# If your home folder is \/home\/user123 , then place the file at \/home\/user123\/zenutech-jailed.sshkey.pub<br \/>\n# NOTE, COPY ONLY THE .PUB FILE TO THE ZENUTECH SERVER<\/p>\n<p><strong>Step 3)<\/strong><br \/>\n# You can add additional security by limiting access to your jailed shell with this special key, to a particular IP or IP range.<br \/>\n# For example, you could allow 123.123.123.* to connect, or an individual IP such as 123.123.123.123<br \/>\n# In this example, we will allow 123.123.123.* to connect<\/p>\n<p>#While logged into your jailed shell at Zenutech<br \/>\n<strong>mkdir ~\/.ssh;<br \/>\nchmod 700 ~\/.ssh;<br \/>\ntouch ~\/.ssh\/authorized_keys;<br \/>\nchmod 600 ~\/.ssh\/authorized_keys;<br \/>\necho &#8220;from=123.123.123.* &#8221; &gt;&gt; ~\/.ssh\/authorized_keys<br \/>\ncat ~\/zenutech-jailed.sshkey.pub &gt;&gt; ~\/.ssh\/authorized_keys;<\/strong><\/p>\n<p># That&#8217;s it, you are done. Test! You should now be able to connect without a password from server #2 to your jailed shell account at Zenutech.<br \/>\n# For example: ssh useratzenutech@yourdomainname -p 3345 -i zenutech-jailed.sshkey<br \/>\n# this should log you in without asking for a password<\/p>\n<p># you can also remove the file zenutech-jailed.sshkey.pub from the jailed shell as it is no longer needed, although it shouldn&#8217;t do much harm if you leave it there. (rm \/home\/user123\/zenutech-jailed.sshkey.pub)<strong><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Example of a shell using keys authentication<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[161,10],"tags":[229,231,138,230,239,228],"class_list":["post-279","post","type-post","status-publish","format-standard","hentry","category-site-management","category-web-development","tag-shell","tag-shell-access","tag-ssh","tag-ssh-access","tag-ssh-keys-authentication","tag-ssh2"],"_links":{"self":[{"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/posts\/279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/comments?post=279"}],"version-history":[{"count":10,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/posts\/279\/revisions"}],"predecessor-version":[{"id":401,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/posts\/279\/revisions\/401"}],"wp:attachment":[{"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/media?parent=279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/categories?post=279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zenutech.com\/kb\/wp-json\/wp\/v2\/tags?post=279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}