Search


print PDF
Installation of OVH ssh key

Introduction
In order to be able to intervene on your dedicated server without your root password, the automatic installation of ssh key is done. Only authorized employees of OVH will use it. It is not a gap in security, contrary, thanks to this OVH has root rights to your server and may identify the problems with your server. When you request an intervention, we need to have access to ssh.

If you however decide to prevent OVH form having access to your server, you may deactivate the key.
This is not recommended.

Procedure
If OVH key hasn't been installed before, here is the description of installation:
  • Connect to your server via ssh as a root user, see the manual:
SshOnDedicated
or
wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh ; sh installer_la_cle.sh


If this operation is completed successfully, the authorized_keys2 file will be created. It contains:

root@julien root# cat /root/.ssh/authorized_keys2
from="XX.XX.XX.XX" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE.... root@cache.ovh.net
from="::ffff:XX.XX.XX.XX" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE.... root@cache.ovh.net


Solving problems
Even if the ssh key correctly installed, our technicians may have problems with connection to your server. Then you need to check:

1. if the /root/.ssh/authorized_keys2 file has been created;
2. if the ssh server is configured to accept root connections;

To verify the source of problem, you need to check the following parameters in /etc/ssh/sshd_config:

PermitRootLogin yes
'AuthorizedKeysFile' .ssh/authorized_keys2
UsePAM yes


Then restart SSH server(/etc/init.d/sshd restart).

3. if the root directory /root;
To verify it, you need to check root configuration:

root@julien /# grep root /etc/passwd
root:x:0:0:root:/root:/bin/bash

/root should be the 6th element in the line.

If access via ssh key is still impossible you may request a paid intervention on your server. Our technicians will configure the access with ssh key.

Key deactivation
If you don't want OVH to have access to your server, you may deactivate the ssh key.
To do it, it's sufficient to make changes in authorized_keys2 file - add a comment (with #) in those two lines:

root@julien root# cat /root/.ssh/authorized_keys2
  1. from="XX.XX.XX.XX" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE.... root@cache.ovh.net
  2. from="::ffff:XX.XX.XX.XX" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIE.... root@cache.ovh.net