Issue
How to authenticate your server for the Support Team and use the SSH access form?
Environment
- All CloudLinux products
Solution
1. Description
This article describes the necessary steps to allow the CloudLinux and TuxCare Support teams to access your server and investigate the issue. Please read and follow all the steps provided or contact your system administrator if you need help with the steps below.
2. CloudLinux authorized IP addresses
Our support team may connect to your server only from the following IP addresses:
IPv4:
23.111.175.214
157.90.174.91
IPv6:
2604:4500:6:203f::6
2a01:4f8:1c1e:7cd0::1
You need to add these addresses to your antivirus or firewall whitelist (Imunify360, CPHulk, Fail2Ban, CSF/iptables, etc.). Also, allow these addresses to access the web interface of your control panel if you have one. This is necessary for cases where the support team needs to verify the GUI components of our products.
3. SSH key authentication
For security reasons, you need to enable key-based authentication to provide us access to the server.
We have two options for setting up the key: automatic (using our script) and manual.
Use this command for automatic installation:
bash <(wget -qO- https://repo.cloudlinux.com/cloudlinux/cldoctor/support-ssh-access-key.sh)
If "wget" utility is not installed/available, you can use "curl" like this:
bash <(curl -s https://repo.cloudlinux.com/cloudlinux/cldoctor/support-ssh-access-key.sh)
When using the automatic method, the script will perform the following operations:
- Request the username for which you want to set up the SSH key (default is root);
- Check the sshd configuration file for any connection limiting settings;
- Verify that the user and authorized_keys exist in the home directory and install the key;
- Check that basic firewall settings do not restrict connections to SSH.
Once the ticket issue is resolved, please remove the key (clsupport@sshbox.cloudlinux.com) from the file.
If you have any additional external firewalls or customization enabled, make sure you allow access to our IP addresses. Now, you can provide the server IP and SSH port in the ticket, and we will be able to connect and assist you (step 4).
If you want to install it manually, please follow these instructions:
For that, you'll need to place our public key in the following file on your server: /root/.ssh/authorized_keys.
Below you can find the public keys (between the cut lines):
---------- PUBLIC KEY BEGINNING ---------- PLEASE DO NOT COPY THIS LINE ----------
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA0kzTrtnpG3awsKlQRzo8tLzG0Rb93XO6plRtFsVmAtqyuk1nfwC36ISL+AT2+r4+xuZiK8taVgbPVDU/+dHD3ObMQPIvIZOvQWGZH0zZApeXfbKD3DaLfh5aQeI9kbeo3cGQufFIxTkSLVXHTmjISf3gggP7m17hI4jxiu5Gaw/lNwlrQtsBgyEsF4+Y5jSOn1fMkx+R//8ul6L97EBEIGA9Pzcy4tHtTCNxfAGOmUmx8ijnieqNb95wxU5hrhirmWbICeMkgECEsIOPkweWoBNmrVxAigSQuM0uJZeFl5x2I5KaocmXbpeswDCWjGCtEDjcY9WqBSGehuUxArZvGEcaeJ+AM+xIlr0yPTx+3y4JsN/hluzRX9vbuzBZxhctP0BALu8uXKjYvJr9STU0umNZrRHBBQKCIF16FPwcJ7d+H4KYFvxOiVTDKtIZJ5gCtp/nUtVeQFUPEwgirgypP4hv3gkE73A+2vl3lwZ1p2YBmzzbAOpeXDtDFNSpK6Kfa7ujK70ouM0EDptPe/aGJMuDet7RGlnn/zQdpXrCLpUZSVrsTFjN+NZ6uTah5r5QsOhTpL1IoD+FrW9ovgr6KwtM6rl/XKzrzmbnQGaGQY5h5Kan2a0Y24eIXm5MnncOgwZZUCpT7SV2b7cjASf5xMfU87Ihe3c/Vmi33pblD8E= clsupport@sshbox.cloudlinux.com
---------- PUBLIC KEY END ---------- PLEASE DO NOT COPY THIS LINE ----------
4. Provide access to the Support Team
During the investigation of your issue support team may request access to your server using a special secure access utility. The SSH access interface looks like the following:
Please read the form carefully and fill out the access details. The form will automatically check if our team has access to your server. If you see an error after filling out the details, it means that we were unable to access your server. You will see the message 'Failed to check connection'. Possible reasons:
- You entered incorrect access details in the form.
- Your firewall is blocking access from our IP addresses.
- You incorrectly configured the server to grant access.
Please don't ask the support team to check if access is available. You do it yourself by filling out the form, and it does the automatic check.
If you are absolutely sure that the provided details are correct, but the form still returns an error, use "SSH custom" button to submit the access details manually. Please inform the support staff member that you encountered problems filling out the form.
Note that for security reasons the support team will only be able to connect to the server if access is granted through this form.
Comments
0 comments
Article is closed for comments.