SSH Password Authentication Tweak Disables SFTP
Hi,
We want to offer SFTP to our users. And we want to use the SSH password authentication tweak for security (only allowing key-based access).
But, of course, when we activate the SSH password tweak, it also disables SFTP access.
Is there a workaround?
Of course we could allow password access with no root access (wheel user escalate to root), but we'd rather not.
Any ideas?
Thanks!
Mark
-
Filezilla supports use of private keys. Import your private key in the filezilla settings, and when you use SFTP just leave the password blank. If you don't want to do that, you could enable pw auth, but set the ssh permitrootlogin setting to "without-password" which allows only key based logins for root. 0 -
Thank you! 0 -
I am happy to see you received a helpful answer. I am marking this thread as [Resolved]. Thank you. 0 -
This might be a silly question for some, but if I have SSH Password authentication disabled, can I still access WinSCP to SFTP/SCP into server to retrieve backups? I have created private and public SSH keys in WHM but cannot figure out of its possible to use for WinSCP as FileZilla is being marked as malware and I don't want to use it. I am just looking for the easy and secure way to sftp into my server to download backups to be stored on my local backup drive. Any help would be greatly appreciated. I can connect no issues with password authentication enabled, but do not wish to keep this enabled for security purposes. 0 -
You'd need to use a key if the password option is disabled. They have a guide on setting up a key here: Set up SSH public key authentication :: WinSCP 0 -
yeah not an easy one to follow been there several times. MY goodness this is getting too much just to figure out backups 0 -
Trying to figure out how to configure c panel to accept key' 0 -
To access the /backup area of the server, you'd need to access the server as the root user and not an individual cPanel user. 0 -
I know that, but I would like to connect to the server via SFTP using WinSCP with keys. I can do it all with using root and root password. Just dont think its secure enough leaving password authentication open while I download or upload backups with WinSCP using password. 0 -
How do you take your backups? YOu ahve set things up and its working, what do you do if you dont mind me asking. 0 -
I actually don't use the remote backup tool. For my specific server I do local backups to a secondary disk, and then my host offers an image backup of the whole machine, so I rely on that as my "off site" solution. 0 -
I was able to figure it out. I created a SSK private key on server, converted it to PPK file, added it to WinScp, then connected to server with password authenictaion disabled and using a passphrase. 0 -
The only think is that root password is still active and I tried with keys using user, but like you said no access to that folder without root user. 0 -
Oh you would definitely have to be root in order to use it for backups. The main cPanel user has SSH access, but you'd have to be root to get to the backup directories. 0
Please sign in to leave a comment.
Comments
14 comments