Per the setup email RimuHosting will add their public key to the /root/.ssh/authorized_keys file.
This permits us to log into your server. We would do this in order to help out with a support ticket that you submit, or to investigate in the event of a problem e.g. high load on your server, your server being out of memory, or after a report of an exploit coming from your server.
You can check to see if our key is present by running the following command. A result of '0' means you do not.
grep ' rimuhosting$' /root/.ssh/authorized_keys | wc -l
grep -qai ' rimuhosting$' /root/.ssh/authorized_keys || (mkdir -p /root/.ssh; echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBufK3VvFDfjRAswyZibINSWLILZ4sTGuW8ffF5tmMRouGbA55SbUqjOeDQgBfUs0HRp5K34Qnw608DEhZwz6or5nSWXS3GKGBJFR+yPgkvoU4dwymKn54Y/kH0LkTtgCv2bSfnUJcWvXfxpgEnnMr3iUmVY2WvsWt4TWADsfQ6Kw== rimuhosting" >> /root/.ssh/authorized_keys)
The first line checks to see if the key exists. The second line adds it.
If you do not want us to have root ssh access to your server you can remove our public key from /root/.ssh/authorized_keys. This may hinder our ability to help you.
Some customers modify their /etc/ssh/sshd_config file to set PermitRootLogin no. This disables root logins via ssh. Instead those customers log in as other users then 'su' or 'sudo' if they need root privileges.
Rather than setting PermitRootLogin no we advise using PermitRootLogin without-password. That option permits logins if the public/private key authentication is used. Which means we can log in to your server. Regular interactive/password logins are disabled for root.
Check on how its set by running
grep PermitRootLogin /etc/ssh/sshd_config
Change it to use 'without-password' by running
sed -e 's/^PermitRootLogin.*$/PermitRootLogin without-password/g' /etc/ssh/sshd_config > sedtest2.txt
mv sedtest2.txt /etc/ssh/sshd_config
Run /etc/init.d/sshd restart after making the sshd_config file change.
Have you set a custom SSHPort in /etc/ssh/sshd_config? Then remember to mention that when you submit a support ticket with us.
A custom SSH Port is actually a pretty reasonable idea. Since most brute force ssh attacks only try the default (22) port.
Do a quick check to see what port you are using with
grep Port /etc/ssh/sshd_config
Reminder: brute force ssh attacks are very common. Please ensure _all_ user accounts you create (including, and especially) root have good, strong, non-dictionary passwords.
Run /etc/init.d/sshd restart after making the sshd_config file change.
Have you set an AllowUsers line so that only certain users can log in? Then make sure that includes root. Check for this line and how it reads with
grep AllowUsers /etc/ssh/sshd_config
If so add the following to /root/.ssh/authorized_keys:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBufK3VvFDfjRAswyZibINSWLILZ4sTGuW8ffF5tmMRouGbA55SbUqjOeDQgBfUs0HRp5K34Qnw608DEhZwz6or5nSWXS3GKGBJFR+yPgkvoU4dwymKn54Y/kH0LkTtgCv2bSfnUJcWvXfxpgEnnMr3iUmVY2WvsWt4TWADsfQ6Kw== rimuhosting
This is the 'master' Rimuhosting public key. If individual staff members need to log in to your server (e.g. as a result of a request for help in a support ticket) then they will use this key to add their own public keys. These keys will have the staff member's Rimuhosting email address as the key comment. Rimuhosting staff will only add their keys on an 'as needed' basis. We keep an audit log of all staff who add their keys to your server.
Check that the permissions on /root/.ssh folder and subfiles are set to 700. SSH requires that only the user have access permission to the associated files, otherwise it will reject access. To make sure this is correct make sure you are the root user and run chmod -R 700 /root/.ssh If you continue to have problems, let us know what steps you have taken and we will try to help.
RimuHosting is a RimuHosting Ltd business. RimuHosting services include:
© RimuHosting Ltd 2002-2012. Rimuhosting, Launchtime and the Rimuhosting logo are RedRata™ trademarks.
