Mike Posted June 6, 2014 Report Posted June 6, 2014 This would be a beneficial feature for those of us who lock SSH to key-based authentication only. PauloV and Blesta Addons 2 Quote
Michael Posted June 6, 2014 Report Posted June 6, 2014 +1 anything related to security is good for me Quote
Paul Posted June 9, 2014 Report Posted June 9, 2014 How many of you have password auth disabled? Quote
Michael Posted June 9, 2014 Report Posted June 9, 2014 How many of you have password auth disabled? I do for my SSH, but I don't use a backup system so haha Quote
mrrsm Posted June 9, 2014 Report Posted June 9, 2014 I try and use keys as much as possible so this would be nice to have as I was using sftp as a secondary backup to the Amazon backups. Quote
Paul Posted June 9, 2014 Report Posted June 9, 2014 CORE-1272, thanks for the suggestion! Michael, PauloV and domaingood 3 Quote
Cody Posted June 9, 2014 Report Posted June 9, 2014 You do realize this can't work using your PGP key-ring, right? You would have to give Blesta the full server path to the SSH private key that exists on your Blesta server. That means the private key can't be encrypted... So... still want to +1 this? Michael 1 Quote
MemoryX2 Posted June 10, 2014 Report Posted June 10, 2014 You do realize this can't work using your PGP key-ring, right? You would have to give Blesta the full server path to the SSH private key that exists on your Blesta server. That means the private key can't be encrypted... So... still want to +1 this? Would it be possible to have an encrypted certificate and the path to the certificate encrypted with two different 4096 bit keys? Quote
mrrsm Posted June 10, 2014 Report Posted June 10, 2014 You do realize this can't work using your PGP key-ring, right? You would have to give Blesta the full server path to the SSH private key that exists on your Blesta server. That means the private key can't be encrypted... So... still want to +1 this? In theory you could store the private key in the database and that would be just as secure as storing the password there. (Assuming it is encrypted) My ssh is already locked down to known ip's via firewall and my backup user is very locked down as to what they can do anyways. Quote
Cody Posted June 10, 2014 Report Posted June 10, 2014 In theory you could store the private key in the database and that would be just as secure as storing the password there. (Assuming it is encrypted) My ssh is already locked down to known ip's via firewall and my backup user is very locked down as to what they can do anyways. Yeah, but I'm just trying to highlight that this doesn't really add any additional security to clarify for those that may be under the impression that Blesta will magically read their PGP key-ring or something. That said, using asymetric keys is preferable to passwords for requesting shell access so I guess CORE-1272 is a net positive. Michael 1 Quote
Paul Posted June 11, 2014 Report Posted June 11, 2014 Yeah, but I'm just trying to highlight that this doesn't really add any additional security to clarify for those that may be under the impression that Blesta will magically read their PGP key-ring or something. That said, using asymetric keys is preferable to passwords for requesting shell access so I guess CORE-1272 is a net positive. Yes, if nothing else for the fact that disabling password authentication is good for security. It eliminates the possibility of common, password based brute-force attacks. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.