Category Archives: Web Developers

Secure Sockets Layer (SSL) and You

Do you ever see that little lock symbol in the address bar of your browser and wonder exactly what it’s doing? How does this “SSL” protect your data? I’m going to tell you a little story that will help understanding Secure Sockets Layer encryption a little easier.

Let’s say you have something you want to send the server over the internet that you don’t want prying eyes to have – a credit card number for example. If you just send it in plain text, anyone sitting out there with a packet sniffer monitoring traffic can find it, read it, and buy that new 50” LED TV they’ve been wanting… compliments of you! That’s where SSL comes in to play.

SSL requires a few things to work. First – there’s the box. This box will serve as the vessesslkeysl to transport your secure data back and forth. But sending stuff in a box won’t make any difference if it’s not locked! To fix that, both the server and yourself generate two keys that can either unlock or lock the box: a private key and a public key. In order to get the ball rolling, you and the server trade public keys. The trick here? The public key is only used to lock the box, so we aren’t concerned with the bad guys getting it. The only way to unlock the box is with our private keys, which never touch the network.

Continue reading

Setting up SSH access using keys for cPanel and WHM

The internet has become an extremely unsafe place. Numerous methods of attack are public access and anyone can try them. At the same time, new common vulnerabilities are discovered almost daily. Software developers do their best to close all new vulnerabilities, but it is next to impossible to keep. Bots, bots and more bots are scanning servers for different security holes and once they find one on your server, believe me, they will use 100% of it. Your server will work for proxy, spam sending or even bitcoin mining…maybe even without your knowledge.

GlowHost does it’s best to prevent attacks. We have been providing hosting for many years and have skilled professionals in this area.

Also, GlowHost is working in partnership with security firms and runs daily scans of all servers in order to find suspicious software. We do this day in and day out, constantly, and we are not going to stop. We do our best to secure our customers, because we care.

The latest issue we have noticed floating around the Interwebs is that the SSH service can be easily hacked if password authentication is enabled. At the time of this writing, most hosting companies know about this problem, but are being very quiet about it as there is no known fix other than forced key access, and how the attackers are able to do this is not 100% clear. Because the service has vulnerabilities, we had to close that feature in order to protect our customers. In order to keep this security measure in place, but still allow a secure connection, you can use an SSH key. Below I will describe how to set up SSH access using keys and gain access to the server.

Requesting SSH Access

In order to use SSH on a shared account, you will need to contact our support team to grant you access. It’s simple and painless! Once that’s set up, you’re good to proceed.

Creating SSH keys

First of all, you need to login to WHM (login details are in your welcome letter from GlowHost). In the search field type “Key” (1 in the image example below) to filter the menu options and click on “Manage root’s SSH Keys” (2).

If you don’t have WHM access, you can do the same from cPanel -> SSH/Shell Access. Functions are the same as in WHM.

Now you will see keys set up on your server. Please do not remove keys belonging to the GlowHost technical team. If you do, we won’t be able to access your server and provide you with managed service.

Click on the “Generate a new key” link (3).

Creating keys

Now you will see fields to generate a new key pair. Enter the following information in the respective text box:

Name: Just the name of the key. Usually used to identify the owner.
Key Password: You can keep it blank, but we do advise strongly to create a password so nobody else can access the server using your key.
Key Type: RSA
Key length: No less than 2048 bits for RSA.

ssh_2

Click the Generate button. Keys will be created.

That’s it! You have now keys. Go back to “Manage root’s SSH Keys” section. There you will see that your key has been created.

You need to click on “Manage Authorization” and at the new page click “Authorize” in order to make the public key work.

Authorize key

Now you need to get the private key to your PC and keep it in a safe place. The public key will remain on the server. You can use one public key on different servers, like the lock you have on your home or your car, while your private key is the only one you can use to access the server (or open your locks).

In the same “Manage root’s SSH Keys” area, you will see the newly generated private key. Click on “View/Download key” button near the key that you have created before.

You will see two options. In case you are a Mac/Ubuntu/Other Linux user – just copy the text from the window to a file on your PC. You can name it key.ppk.

Download the key

If you are a Windows user, you will need to enter the passphrase you used while creating the key and convert the key to a format that Windows software (generally PuTTY) understands. Now copy the key in key.ppk file to your machine.

Using the key to access your server in MacOS.

1. Find the “Terminal” application in launchpad and start it.

2. Copy the key from your browser as described above.

3. Run the following command in your machine. Replace “USERNAME” with your username on your local computer:

vim /Users/USERNAME/.ssh/mykey.ppk

You will see the text editor appear. Press “shift” and “A” simultaneously.

Press “Command” and “V” simultaneously to paste the key.

Press “ESC”, then type :wq (including the colon) and press enter. This will save the key.

4. Once done here, type the following command:

chmod 700 /Users/USERNAME/.ssh/mykey.ppk

Now you are ready to connect to the server via SSH! Just run this command from the terminal window (replace USERNAME with your actual username on your local computer):

ssh -i /Users/USERNAME/.ssh/mykey.ppk root@<server’s IP address> -p<port number>

The <server’s IP address> and <port number> should be in your welcome letter (This may come as an IP address or a hostname). The system will also ask you for the passphrase.

Using the key to access your server in Windows.

1. While MacOS has an integrated terminal, you will need special software on Windows. Please download “Putty.exe.”

2. Run PuTTy. Expand the “SSH” node in the left bottom and click “Auth”. Now you need to show PuTTy the way to the downloaded private key by using the Browse button. It can have *.ppk extention or even *.txt – both will work.

ssh_6

3. Click on “Session” in the top left. Enter the “IP”, “Port” (both are in your welcome letter – this may come as an IP address or a hostname) and “Saved Sessions” (Which is a custom name for you to save this information) fields. Click on the “Save” button. You now have the session saved and don’t need to add the key again.

Connect

4. That’s it. Click “Open”, and the server will ask you for the passphrase you have used. Enter that and you will connect to the server.

We love to hear feedback and comments. Please post below to tell us what you think!