Securing SSH While Allowing Steadfast Support Access
Posted by Kevin Stange, Last modified by John Kata on 04 January 2017 01:56 PM
There are a few common ways to restrict SSH access to your server but still allow our technicians to access your server.
Changed SSH Port or Requirement to Use sudo or su
In this case, please do the following:
Firewalled or Restricted SSH connections to certain IP ranges
In this case, please be sure to allow the IP ranges:
SSH Public Key Authentication Only
For CentOS Systems: We now have an RPM that can be installed to handle this automatically. See the following knowledge base article: Adding Support Staff SSH Keys using RPM. If you use this method, the keys will update automatically when we publish a new version.
If you are not using CentOS or wish to maintain the list of keys manually, you can find the current key file here.
To use it, download and place the file at /root/.ssh/authorized_keys2 on your server.
Note: As our staff changes, we will update this list of keys. We recommend that you check the file at the link above periodically for a new version. The modification date is always listed in the comment at the top of the file.