SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,531
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Questions about Managing Server

    I have a Virtual Private Server with GoDaddy and need LOTS of help learning how to administer it remotely...

    To be more correct, I have a VPS now with Plesk, but hope to get a new VPS with cPanel in the next few weeks with GoDaddy. (I've heard that cPanel is more widely supported, more robust, and yet easier to use in some ways.)

    They say it will have CentOS 6.

    So my first series of questions revolve around how I interact with my soon-to-be new VPS...

    It sounds like if I want to do much of anything, then I have to use the command-line and something like SSH. (Not sure about cPanel, but I know in Plesk, I could do virtually *nothing* with that GUI!!)


    Questions:

    1.) How hard is it to safely/securely use something like SSH to manage a VPS?

    2.) What is the difference between "SFTP" and "SSH" and "FTP with SSL" (or whatever)?

    3.) Is there a way to remotely (i.e. via the Internet) set up a Client App and Configure my VPS so I have an *encrypted tunnel* and so I am 110% certain that nobody jumped onto my server while I was setting things up?!

    4.) What kinds of things *can* I use cPanel to do, and what kinds things would I be forced to do command-line like with SSH?

    Sincerely,


    Debbie

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,613
    Mentioned
    413 Post(s)
    Tagged
    7 Thread(s)
    You can do a lot with cPanel, and a lot more with WHM on top of it for managing the VPS. It might be worth looking at the cPanel site to see what features you get. They have a lot of videos somewhere.

  3. #3
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Hi,

    Answers:

    1. On a server it is common practice to Jail root ssh so if someone successfully brute force attacks your ssh account they can't get anywhere other than what is allowed in the jailed environment. You also want to make sure that you change the NAT port from 22 to something that is harder for pre-build hacking tools to locate say port 127822. In addition you should ensure that the password for the account is 10 or more characters with a mixture of numbers, letters and symbols; ensure that you don't group alpha or numeric characters in succession, so don't do 123badTOhack instead do !2Bb@dT04aCk
    2. SSH is Secure Shell is a network protocol that allows data to be exchanged over a secure channel, you can copy files over ssh; although it is not common. Usually one uses ssh to connect to the command line of a remote server. It is also used in remote desktop client tools. SFTP uses the SSH protocol to perform similar function to FTP but over a secure channel. FTP does not use a secure channel so hackers can eaves drop on the data that you pass between point A and B, now-a-days it is not recommended to use FTP unless it is done so through a VPN. SSL is Secure Socket Layer a cryptographic networking protocol that secures Internet communication. You are using SSL when you connect to a site that is using https:// although many sites don't fully run SSL for all there content, but if you do online banking then most likely the full connection to your account details will be using all SSL connections.
    3. I would recommend that you look into setting up openvpn between you and your server; this requires changes in the firewalls (with NAT ports ) at both ends so it may not be viable as it will depend on what godaddy will do and your own firewall expertise and configuration. Establishing a VPN is one of the few ways you can secure your communication from end to end. Even if you don't get to have a VPN, you will be safe moving files using sftp though. You may also be able to get Godaddy ( or maybe you will be granted the control ) to bind your IP address to the ssh channel then you can use a SSH capable remote desktop tool to connect to your server. This would only help if they install an X window ( the graphical user interface ) on your Centos, if they don't then cPanel and command line will be the only alternatives.
    4. CPanel can handle almost anything you need to do. Typically the choice not to use it is when you are experienced enough with the command line that CPanel just slows you down and does not allow for as robust of multifile management, search, pipping and so forth, but for most hosting activities cPanel will work just fine. CPanel will allow one to review server status, create server accounts, manage your webserver, manage email, ssl, DNS, editing of web and configuration files, and file transfer. You can see live demos here https://cpanel.net/demo/


    Regards,
    Steve

    Quote Originally Posted by DoubleDee View Post
    ....Questions:

    1.) How hard is it to safely/securely use something like SSH to manage a VPS?

    2.) What is the difference between "SFTP" and "SSH" and "FTP with SSL" (or whatever)?

    3.) Is there a way to remotely (i.e. via the Internet) set up a Client App and Configure my VPS so I have an *encrypted tunnel* and so I am 110% certain that nobody jumped onto my server while I was setting things up?!

    4.) What kinds of things *can* I use cPanel to do, and what kinds things would I be forced to do command-line like with SSH?

    ...
    ictus==""

  4. #4
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,531
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    Hi,

    Answers:[*]On a server it is common practice to Jail root ssh so if someone successfully brute force attacks your ssh account they can't get anywhere other than what is allowed in the jailed environment. You also want to make sure that you change the NAT port from 22 to something that is harder for pre-build hacking tools to locate say port 127822. In addition you should ensure that the password for the account is 10 or more characters with a mixture of numbers, letters and symbols; ensure that you don't group alpha or numeric characters in succession, so don't do 123badTOhack instead do !2Bb@dT04aCk
    Would I be able to do that on a GoDaddy VPS account?

    That sounds complicated...

    And my fear with getting too fancy is that I create larger security holes/risks than sticking with basics.

    How/Where would I change the port??


    Quote Originally Posted by ServerStorm View Post
    [*]SSH is Secure Shell is a network protocol that allows data to be exchanged over a secure channel, you can copy files over ssh; although it is not common. Usually one uses ssh to connect to the command line of a remote server. It is also used in remote desktop client tools.

    SFTP uses the SSH protocol to perform similar function to FTP but over a secure channel. FTP does not use a secure channel so hackers can eaves drop on the data that you pass between point A and B, now-a-days it is not recommended to use FTP unless it is done so through a VPN.

    SSL is Secure Socket Layer a cryptographic networking protocol that secures Internet communication. You are using SSL when you connect to a site that is using https:// although many sites don't fully run SSL for all there content, but if you do online banking then most likely the full connection to your account details will be using all SSL connections.
    What is the difference between SSH and SSL?

    They seem similar, if not identical?!

    When I need to upload files to my new server, I guess I would need SFTP, right?

    BTW, in another thread of mine I am planning on making every page on my website HTTPS.


    Quote Originally Posted by ServerStorm View Post
    [*]I would recommend that you look into setting up openvpn between you and your server; this requires changes in the firewalls (with NAT ports ) at both ends so it may not be viable as it will depend on what godaddy will do and your own firewall expertise and configuration. Establishing a VPN is one of the few ways you can secure your communication from end to end. Even if you don't get to have a VPN, you will be safe moving files using sftp though.
    This is one of my biggest questions...

    If I get a new GoDaddy VPS account, then how do I *initially* communicate with the VPS and do whatever so I can use things like SSH or OpenVPN?

    It's one of those "chicken-and-egg" ordeals.

    I need encryption to protect all communication between my MacBook and my VPS, but when things start off, I assume that all I have is Unprotected Open Communications, right?

    How could you set up SSH or an OpenVPN securely if I don't yet have an "encrypted tunnel"?


    Quote Originally Posted by ServerStorm View Post
    You may also be able to get Godaddy ( or maybe you will be granted the control ) to bind your IP address to the ssh channel then you can use a SSH capable remote desktop tool to connect to your server. This would only help if they install an X window ( the graphical user interface ) on your Centos, if they don't then cPanel and command line will be the only alternatives.
    Not following you here...

    I should be able to buy a GoDaddy VPS account with CentOS 6 and cPanel already installed.

    But I'm not sure how secure that is?

    And I don't know if I would need something beyond cPanel.

    For now, he main things I want are...

    1.) A way to create Directories inside and outside of the Web Root *securely*

    2.) A way to Upload Files/Content *securely* to my account

    3.) Ability to do all things necessary to make my Server and Website SECURE. (Or at least as much as one can on a VPS...)


    Quote Originally Posted by ServerStorm View Post
    [*]CPanel can handle almost anything you need to do. Typically the choice not to use it is when you are experienced enough with the command line that CPanel just slows you down and does not allow for as robust of multifile management, search, pipping and so forth, but for most hosting activities cPanel will work just fine. CPanel will allow one to review server status, create server accounts, manage your webserver, manage email, ssl, DNS, editing of web and configuration files, and file transfer. You can see live demos here https://cpanel.net/demo/[/LIST]

    Regards,
    Steve
    I'm not sure what all I need, but I just know that for Version 2.0 of my website, SECURITY IS VERY IMPORTANT!!!

    Managing a VPS/Webserver is a whole new world for me...

    Sincerely,


    Debbie

  5. #5
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    2 Thread(s)
    Hi,
    SSH is a tunneling secure protocol, SSL is a networking secure protocol. SSH is good for secure transfer as it creates the tunnel that your files go through.

    You will start off insecure unless godaddy uses https or when you are using sftp for files.

    VPN are tricky to get setup and understand; there is however great documentation for openvpn. Your best contacting godaddy support and asking if they allow openvp. At the same time you ask them if they will nat a different ssh port in their firewall rules for your vps.

    You can setup openvpn and ssh securely even when things are insecure because you create certificates on your Linux vps these are encrypted when you generate them you download the keys and create a VPN connection to your vps. Once this is done you can set up your jairooted ssh inside the tunnel so none of your actions/ data will be stolen.

    Cpanel fullfil your listed requirements. It will not be secure unless it is protected under https or you have a VPN or bonded IP to ssh.

    The concept of bonded IPS is that if godaddy will take your fixed home IP then they can bind it so only your IP and MAC address will be able to connect to your server.

    The easiest thing is if they use https and you use sftp for your file uploads. If security is very important then go daddy is not the place to be. To really secure a system you need a dedicated server that is security hardened and a firewall that a firewall expert manages.

    It is late so I'm going to bed.

    Regards
    Steve
    ictus==""

  6. #6
    SitePoint Wizard gate2vn's Avatar
    Join Date
    Jan 2004
    Location
    Oslo, Norway
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    SECURITY IS VERY IMPORTANT!!!
    In that case, I highly suggest a fully managed VPS from a good vendor. Don't test your skills with unmanaged VPS. Also, pay attention that many "managed vendors" only do what you tell them, and at cheap price. It's not a fully managed service. Make sure to ask them all your concerns before ordering.
    Clustered CloudLinux Hosting | WordPress Hosting |
    Advanced Antispam | Managed Xen VPS
    in US West coast and Asia-Pacific datacenters
    Contact us now on Twitter @vietnap

  7. #7
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,531
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    VPN are tricky to get setup and understand; there is however great documentation for openvpn. Your best contacting godaddy support and asking if they allow openvp.
    Unfortunately they are telling me I need a Dedicated Server to do that.


    Quote Originally Posted by ServerStorm View Post
    At the same time you ask them if they will nat a different ssh port in their firewall rules for your vps.
    They said, "No, we will not do any translations within our Network for your virtual environment. You may want to set that up in your software firewall.

    You are running CentOS, CentOS has it's own firewall software, we do not assist with setting it up at all, but it is available via SSH. You can read more here: http://wiki.centos.org/HowTos/Network/IPTables"

    So what should I do??


    Quote Originally Posted by ServerStorm View Post
    You can setup openvpn and ssh securely even when things are insecure because you create certificates on your Linux vps these are encrypted when you generate them you download the keys and create a VPN connection to your vps. Once this is done you can set up your jailrooted ssh inside the tunnel so none of your actions/ data will be stolen.
    Do you need to create a "Jail Root" to effectively use SSH?


    Quote Originally Posted by ServerStorm View Post
    Cpanel fullfil your listed requirements. It will not be secure unless it is protected under https or you have a VPN or bonded IP to ssh.
    This is what they said, "cPanel is installed using a Self Signed SSL certificate and encrypts all data communications back and forth. You can see in the address bar when you connect."

    So that sounds secure, right?

    And if it is, then what benefit would SSH provide over cPanel from a security standpoint?


    Quote Originally Posted by ServerStorm View Post
    The concept of bonded IPS is that if godaddy will take your fixed home IP then they can bind it so only your IP and MAC address will be able to connect to your server.
    I don't think they knew what you meant here.

    They reasurred me that anytime I'd connect to my VPS, it would be over HTTPS.

    If I understood what you were proposing, I don't see how that could work.

    When I manage my VPS, I connect first to my AT&T Hotspot, and then via WiTopia, so my IP address would be changing.

    So I don't see how I could "White-List" my MacBook?!


    Quote Originally Posted by ServerStorm View Post
    The easiest thing is if they use https and you use sftp for your file uploads. If security is very important then go daddy is not the place to be. To really secure a system you need a dedicated server that is security hardened and a firewall that a firewall expert manages.
    Yeah, except that would cost me tens of thousands of dollars a year...

    There must be a happy-medium to get my new website and business going - keeping my customer secure - while not breaking the bank??

    Sincerely,


    Debbie

  8. #8
    SitePoint Wizard gate2vn's Avatar
    Join Date
    Jan 2004
    Location
    Oslo, Norway
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    Unfortunately they are telling me I need a Dedicated Server to do that.
    I am not sure why? VPS can run OpenVPN just fine. And Godaddy VPS is unmanaged, you have root access and you can install whatever you want. Will they block your VPS if you install OpenVPN?

    Quote Originally Posted by DoubleDee View Post
    You are running CentOS, CentOS has it's own firewall software, we do not assist with setting it up at all, but it is available via SSH. You can read more here: http://wiki.centos.org/HowTos/Network/IPTables"
    If you are not familiar with iptables, CSF on cPanel would be a good option with GUI.

    Quote Originally Posted by DoubleDee View Post
    Do you need to create a "Jail Root" to effectively use SSH?
    Not sure how effective you mention, but it will help "more secured".

    Quote Originally Posted by DoubleDee View Post
    This is what they said, "cPanel is installed using a Self Signed SSL certificate and encrypts all data communications back and forth. You can see in the address bar when you connect."
    You can even create your own SSL, but it's not authenticated by other CA and browsers will still warn when your visitors access that URL. It's long time since I used cPanel, so I am not sure if their SSL is accepted by other CA.

    Quote Originally Posted by DoubleDee View Post
    And if it is, then what benefit would SSH provide over cPanel from a security standpoint?
    Not really sure what you mean with "SSH provide over cPanel". You can access ssh to root without cPanel installed.
    Clustered CloudLinux Hosting | WordPress Hosting |
    Advanced Antispam | Managed Xen VPS
    in US West coast and Asia-Pacific datacenters
    Contact us now on Twitter @vietnap

  9. #9
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,531
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by gate2vn View Post
    I am not sure why? VPS can run OpenVPN just fine. And Godaddy VPS is unmanaged, you have root access and you can install whatever you want. Will they block your VPS if you install OpenVPN?
    They said, "TUN/TAP is not available on our virtual environment at this time, this is what needs to be installed and enabled for this to work."



    If you are not familiar with iptables, CSF on cPanel would be a good option with GUI.
    So I could set up a "Software Firewall" via cPanel on my VPS??


    Not really sure what you mean with "SSH provide over cPanel". You can access ssh to root without cPanel installed.
    I asked why a person would want to use SSH instead of cPanel.

    I think ServerStorm mentioned about it gives you more control as a pro.

    But from what I am starting to pick up, it seems like cPanel would allow me to do most things I would need to set up and manage a secure "virtual private server" environment for my website, right?

    Sincerely,


    Debbie

  10. #10
    SitePoint Wizard gate2vn's Avatar
    Join Date
    Jan 2004
    Location
    Oslo, Norway
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    So I could set up a "Software Firewall" via cPanel on my VPS??
    I haven't used cPanel for a long time, so I cannot say exactly, but you can see more details about CSF here.

    Quote Originally Posted by DoubleDee View Post
    I asked why a person would want to use SSH instead of cPanel.

    I think ServerStorm mentioned about it gives you more control as a pro.

    But from what I am starting to pick up, it seems like cPanel would allow me to do most things I would need to set up and manage a secure "virtual private server" environment for my website, right?
    cPanel is just a GUI. If you know how to control server by CLI, you can do all in ssh. Yes, cPanel would allow you to do many things, but I doubt it's secured enough, if you want "high security environment". Again, I haven't used cPanel for a while, so I don't know exactly what cPanel offers now in their software. It was a mess when I used it 10 years ago.
    Clustered CloudLinux Hosting | WordPress Hosting |
    Advanced Antispam | Managed Xen VPS
    in US West coast and Asia-Pacific datacenters
    Contact us now on Twitter @vietnap


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •