!!! Cpanel Demo/staging/test Area !!!

[Vin DSL]

Excuse me for quoting myself, but this post was buried inside a rather obscure thread. I thought it was important enough to deserve its own instance...

Originally posted by Vin DSL
...check this out:

• http://cpaneldemo.cpanel.net:2082/
  
  [user:cpdemo] [pass:cpdemo]

Is this cool or what? Instead of 'playing' around on your Cpanel, you can play around on their's...

Ever want to see what something does in your Cpanel, but you're afraid it will explode in your face? Ever delete a database by mistake, for instance? Why goof around on your production server? Use the Cpanel Demo...

[Vin DSL]

Notice, if you will, that XMB Forum has been replaced with [ahem] phpBB...

[Vin DSL]

Has anybody used the GnuPG Key feature? I'm unclear if the generated key pair is specific to Cpanel, or does it apply to SSH as well? That is, let's say I want to make a private key for use with PuTTY. Can I use Cpanel to manage this?

[jason]

I've used GnuPG to create keys for encrypting email messages. GnuPG is the open source equivalent of PGP. I don't know if the keys are compatible with SSH, but I don't think they are.

Here's a tutorial on creating ssh keys:
http://www.hklc.com/infocenter/1115.html

--Jason

[Vin DSL]

Yeah, but we cannot get into the .ssh directory, right? I was wondering if you have to use Cpanel to import, export, add and delete keys, et cetera...

[jason]

The .ssh directory is in your home directory (/home/username/.ssh). It won't exist until you either create it or a tool creates it for you. You should still be able to create keys in this manner, even with jailshell (although I haven't tried lately). However, I agree that it would make sense to have this functionality in the CP...

--Jason

[Vin DSL]

I'm getting confused. When I login using PuTTY, a public key is present, right? Where does that key reside, if not in .ssh?

Also, I noticed Cpanel makes a directory named .gnupg for your secret keyring. I see that directory, but no .ssh directory.

Hrm...

[jason]

Both the public and private keys will be put into .ssh, which I believe is created when you run ssh-keygen.

I believe you can also use puty's puttygen to create the keys on your client. You'd then upload the public key to the server (to .ssh). I haven't tried this method, though. Here's teh docs: http://the.earth.li/~sgtatham/putty/...pter8.html#8.2

--Jason

[MattBehrens]

Originally posted by Vin DSL
I'm getting confused. When I login using PuTTY, a public key is present, right? Where does that key reside, if not in .ssh?

You need to generate your own public/private keypair, on your own system. I haven't used PuTTY extensively, so I don't know how this is done (I'm a Linux guy, mostly, myself), but you would then copy the public key of that pair to authorized_keys in the .ssh directory on the system you want to log in to. Most .ssh directories are created 0600 (mkdir -m 0600 .ssh). authorized_keys files, since they contain your public key, don't need to be mode 0600 but it also doesn't hurt to make them so.

Also, I noticed Cpanel makes a directory named .gnupg for your secret keyring. I see that directory, but no .ssh directory.

Cpanel is only dealing with GnuPG, which is the free software equivalent of PGP, which is for signing messages and files and encrypting the same; GnuPG doesn't deal at all with interactive stuff like SSH.

I use both GnuPG and SSH extensively on a daily basis, although (again) not on Windows, but if you have any questions let me know.

[Vin DSL]

Originally posted by MattBehrens
You need to generate your own public/private keypair, on your own system. I haven't used PuTTY extensively, so I don't know how this is done ...

Yeah, you just use a proggie called PuTTY Gen. It's kinda cool! You add the info into a form and hit 'the gas.' The reason I like it is, instead of having to dance on your keyboard to generate random numbers, PuTTY Gen uses mouse movement to generate them. You insert some info, click a button, and move your pointer around in circles. Simple pimple!

Secondly, you DO NOT want to generate keys remotely anyway. That is, unless you trust server security and the admin[s] on the remote system. I'll do it on MY system, thank you...

It is clearly stated on the GnuPG site that you should NOT generate keys remotely, However, Cpanel is a crutch that some ppl require, so...

SOURCE: http://www.gnupg.org/documentation/faqs.html

4.2) Why does it sometimes take so long to create keys?

The problem here is that we need a lot of random bytes and for that we (on Linux the /dev/random device) must collect some random data. It is really not easy to fill the Linux internal entropy buffer; I talked to Ted Ts'o and he commented that the best way to fill the buffer is to play with your keyboard. Good security has its price. What I do is to hit several times on the shift, control, alternate, and caps lock keys, because these keys do not produce output to the screen. This way you get your keys really fast (it's the same thing PGP2 does).

Another problem might be another program which eats up your random bytes (a program (look at your daemons) that reads from /dev/random).


4.3) And it really takes long when I work on a remote system. Why?

Don't do this at all! You should never create keys or even use GnuPG on a remote system because you normally have no physical control over your secret key ring (which is in most cases vulnerable to advanced dictionary attacks) - I strongly encourage everyone to only create keys on a local computer (a disconnected laptop is probably the best choice) and if you need it on your connected box (I know, we all do this) be sure to have a strong password for both your account and for your secret key, and that you can trust your system administrator.

When I check GnuPG on a remote system via ssh (I have no Alpha here) ;-) I have the same problem. It takes a *very* long time to create the keys, so I use a special option, --quick-random, to generate insecure keys which are only good for some tests.

Anyway, thanks for your comments, bro! I was just wondering where the root .ssh directory, if you will, resides on the server, and if WE can get to it. I thought maybe that's what Cpanel was doing. Evidently it is somewhere outside our 'cells.'