Jump to content

Key-Based Authentication For Sftp Backups

Mike

By Mike
in Feature Requests

 Share

Recommended Posts

MemoryX2 Newbie

MemoryX2

Posted
Posted

You do realize this can't work using your PGP key-ring, right? You would have to give Blesta the full server path to the SSH private key that exists on your Blesta server. That means the private key can't be encrypted...

 

So... still want to +1 this? :ph34r:

 

 

Would it be possible to have an encrypted certificate and the path to the certificate encrypted with two different 4096 bit keys?  :blink:

Link to comment
Share on other sites
mrrsm Newbie

mrrsm

Posted
Posted

You do realize this can't work using your PGP key-ring, right? You would have to give Blesta the full server path to the SSH private key that exists on your Blesta server. That means the private key can't be encrypted...

 

So... still want to +1 this? :ph34r:

In theory you could store the private key in the database and that would be just as secure as storing the password there. (Assuming it is encrypted) 

My ssh is already locked down to known ip's via firewall and my backup user is very locked down as to what they can do anyways.

Link to comment
Share on other sites
Cody Newbie

Cody

Posted
Posted

In theory you could store the private key in the database and that would be just as secure as storing the password there. (Assuming it is encrypted) 

My ssh is already locked down to known ip's via firewall and my backup user is very locked down as to what they can do anyways.

 

Yeah, but I'm just trying to highlight that this doesn't really add any additional security to clarify for those that may be under the impression that Blesta will magically read their PGP key-ring or something. That said, using asymetric keys is preferable to passwords for requesting shell access so I guess CORE-1272 is a net positive.

Link to comment
Share on other sites
Paul Community Regular

Paul

Posted
Posted

Yeah, but I'm just trying to highlight that this doesn't really add any additional security to clarify for those that may be under the impression that Blesta will magically read their PGP key-ring or something. That said, using asymetric keys is preferable to passwords for requesting shell access so I guess CORE-1272 is a net positive.

 

Yes, if nothing else for the fact that disabling password authentication is good for security. It eliminates the possibility of common, password based brute-force attacks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...