SSH Key Management & Firewall IP

With managing a few dozen Interworx servers, I find myself constantly having to thwart attacks on the server. SSH is the worst offender. Even if I change the port to something non-standard such as 2222 or 2221 or 2020, it’s not long before bots find the ports and start attacking ssh. The best way is to just disable access to SSH by the firewall, then add IPs for users, but that’s a constant support headache.

In Nodeworx under SSH server, please add:

[ X ] Allow Password Authentication
[ X ] Allow User Managed Public/Private Keys
[ X ] Require Firewall IP for SSH Access (this will block public SSH access)

In Siteworx, I’d like for users to be able to upload their public ssh key and/or white list their IP for SSH (if those options are checked in Nodeworx SSH)

Add / Edit Firewall IPs allowed to access firewall (allow up to /24, filter private IP and 127.0.0.1, etc)

192.168.0.1 [ Delete ]
Add another IP: [ ] [ add ]

Add Public SSH Keys. (Click here to learn how to use SSH Keys)
This would add to /home/username/.ssh/authorized_keys

Keyname:
John Smith [ View / Edit Key ] [ Delete ]
Add a new key:
[ paste in here ] Add

I will note that cPanel does a lot of this already, so it would be nice to have for my beloved Interworx.

Thanks!

MARC POPE : FALCON INTERNET [ www.falconinternet.net ]
Full Service Web Hosting | SSAE 16 SOC 2 Type II-certified | Interworx Partner 12+ Years

Hi Marco114

CSF would stop your first point and is fully automated, so would block at your designated limits

User public keys sounds like a good idea and I know IW reads the forums but there is interworx.com/ideas page for new ideas. IW stopped the feature requests sections on the forums in favour of ideas page from IW website

Many thanks

John

Hello!

Thanks for the suggestions! I’ll create a feature request for these options, but I cannot make any guarantees of implementation, nor provide any ETA.

For the future, if you have any suggestions for changes or new features, please submit a support ticket to support.interworx.com. That way it is guaranteed to be seen and logged by either the support or dev team.

Thanks!
Jenna
InterWorx Support Manager

1 Like