Mike Posted June 6, 2014 Report Posted June 6, 2014 This would be a beneficial feature for those of us who lock SSH to key-based authentication only. PauloV and Blesta Addons 2
Michael Posted June 6, 2014 Report Posted June 6, 2014 +1 anything related to security is good for me
Michael Posted June 9, 2014 Report Posted June 9, 2014 How many of you have password auth disabled? I do for my SSH, but I don't use a backup system so haha
mrrsm Posted June 9, 2014 Report Posted June 9, 2014 I try and use keys as much as possible so this would be nice to have as I was using sftp as a secondary backup to the Amazon backups.
Paul Posted June 9, 2014 Report Posted June 9, 2014 CORE-1272, thanks for the suggestion! Michael, domaingood and PauloV 3
Cody Posted June 9, 2014 Report Posted June 9, 2014 You do realize this can't work using your PGP key-ring, right? You would have to give Blesta the full server path to the SSH private key that exists on your Blesta server. That means the private key can't be encrypted... So... still want to +1 this? Michael 1
MemoryX2 Posted June 10, 2014 Report Posted June 10, 2014 You do realize this can't work using your PGP key-ring, right? You would have to give Blesta the full server path to the SSH private key that exists on your Blesta server. That means the private key can't be encrypted... So... still want to +1 this? Would it be possible to have an encrypted certificate and the path to the certificate encrypted with two different 4096 bit keys?
mrrsm Posted June 10, 2014 Report Posted June 10, 2014 You do realize this can't work using your PGP key-ring, right? You would have to give Blesta the full server path to the SSH private key that exists on your Blesta server. That means the private key can't be encrypted... So... still want to +1 this? In theory you could store the private key in the database and that would be just as secure as storing the password there. (Assuming it is encrypted) My ssh is already locked down to known ip's via firewall and my backup user is very locked down as to what they can do anyways.
Cody Posted June 10, 2014 Report Posted June 10, 2014 In theory you could store the private key in the database and that would be just as secure as storing the password there. (Assuming it is encrypted) My ssh is already locked down to known ip's via firewall and my backup user is very locked down as to what they can do anyways. Yeah, but I'm just trying to highlight that this doesn't really add any additional security to clarify for those that may be under the impression that Blesta will magically read their PGP key-ring or something. That said, using asymetric keys is preferable to passwords for requesting shell access so I guess CORE-1272 is a net positive. Michael 1
Paul Posted June 11, 2014 Report Posted June 11, 2014 Yeah, but I'm just trying to highlight that this doesn't really add any additional security to clarify for those that may be under the impression that Blesta will magically read their PGP key-ring or something. That said, using asymetric keys is preferable to passwords for requesting shell access so I guess CORE-1272 is a net positive. Yes, if nothing else for the fact that disabling password authentication is good for security. It eliminates the possibility of common, password based brute-force attacks.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now