There has been much talk over the past few months in the web hosting community about the security of control panel and other common hosting software. A lot of that has been due to the efforts of Rack911 to find holes and report them to the software makers, something which we’ve been very appreciative and supportive of. If you want a taste of what they’ve found so far in their audits, head here.
Given this discussion, it seemed like a good opportunity to talk a bit about a major security feature we’ve had for several years: Secure Remote Assistance.
Remote Assistance adds additional layers of security for our clients by providing a way for the NodeWorx administrator to permit root SSH access for InterWorx Support without a root password. In fact, root user login need not even be enabled. The feature greatly simplifies receiving technical support for the control panel and also goes a long way to protect our clients and their servers. Keep in mind that InterWorx support cannot gain access to a server without a master NodeWorx user or root Linux user explicitly activating Remote Assistance. This is not a backdoor.
To enable remote assistance:
- Log into NodeWorx and click on the “Remote Assistance” menu item. If you’re using the small menu style (pictured above on the left), it will be the second to last item in the left menu. If you’re using the big menu style (pictured above to the right), it will be near the bottom of the “NodeWorx Home” screen. (If you’re interested in learning how to switch menu styles, head here.)
- Enable the remote support account, as depicted below:
- Lastly, open up a support ticket and include the information provided on the Remote Assistance page. It is not necessary to provide a root password, but please mention that Remote Assistance is enabled.
Remote Assistance can be disabled at any time, even if a technician is currently logged in. They will be disconnected immediately. Also, our technicians are instructed to disable the feature when leaving after an issue is resolved.
We also designed this feature knowing that occasionally NodeWorx may be inaccessible. To enable remote assistance from the command line run the following as root:
Disable with the following command:
How it Works
- When activating Remote Assistance, InterWorx will first connect to license.interworx.com and retrieve the SSH public key support will use to connect. Keep in mind that the private key is only on one machine: a login proxy server that our technicians use to “bounce” to the server.
- The key is then cryptographically verified to ensure its authenticity.
- Next, a Linux user called “iworx_support_user” is created. The retrieved public key is added to its authorized_keys file.
- The InterWorx login proxy’s IP is added to sshd’s hosts_allow file.
- The sshd config is edited to allow the iworx_support_user to login if AllowUsers or AllowGroups is set.
- Then, sudo privileges for iworx_support_user are setup.
- The login proxy’s IP is whitelisted in the firewall.
- Lastly, Remote Assistance is set to disable itself within 24 hours.
Naturally, disabling Remote Assistance undoes the above actions.
Why This Improves Security
We feel this is vastly superior to providing a root password for the following reasons:
- If you use Remote Assistance, your root password never is sent across the internet and is never stored in any databases.
- If you use Remote Assistance, there is no need to have root login enabled or even a password set for the root user.
- All data entered in server information fields inside of a support ticket is now encrypted – even the IP address and SSH port.
- The public SSH key can be changed on the fly by us remotely at will. Since the key is downloaded every time the feature is activated, you are never in danger of activating remote assistance with an old key that may have been compromised.
- This key is cryptographically verified to ensure that it has not been tampered with.
- Remote Assistance will disable itself automatically after 24 hours so the feature can’t accidentally be left on indefinitely.
- Server Administrators have full control of the feature and can disable it at any time after it is activated if they feel the need, even without expertise in command-line or Linux.
- The system is very transparent, and the mechanisms which open access to your server can be seen by reading the code inside the following files:
The goal of this feature is to help ensure secure remote access for our clients whenever they need support, and it has been very successful in that since it was first developed two years ago. Have you used our remote assistance feature? What did you think?