I was looking through the initial audit install script used by a server management company and one of the files is used to install a public ssh authorized keys on my server 
Why are they doing this? Is it cause they are able to access my server _without_ a password? I'm a bit paranoid because I'm afraid they can access my server even when I change my password in the future and/or no longer with them. I don't want them to leave "backdoors" which allow them to access it without my knowledge. What company is this?I was looking through the initial audit install script used by a server management company and one of the files is used to install a public ssh authorized keys on my server Why are they doing this? Is it cause they are able to access my server _without_ a password? I'm a bit paranoid because I'm afraid they can access my server even when I change my password in the future and/or no longer with them. I don't want them to leave "backdoors" which allow them to access it without my knowledge.
Yes they can access it without a password, if they are using a script to just fetch a default public key, chances are they are using the same key for many many servers.
I do use keys for long term customers however they are all different and root login is set to key only(since it's only us who will be logging in anyway), for just one time initial setups it's kinda silly.
-ScottThey addd cronjob to do weekly checkups, could that be another reason? Could I just simply remove the folder containing the key files?btw, Scott..you have 1234 postsYou can just remove the authorized key file(s) in the .ssh directory which will remove the key and you may aswell kill the cron.
That is quite odd actually, who was it who set it up?
-ScottGreetings:
You can comment out keys which are not needed, or otherwise wanted to be prevented from access, by editing the appropriate authorized_keys / authorized_keys2 file and just putting a "#" comment symbol in front of the key.
I cannot speak for the provider in question, but we started moving to SSH2, high encryption, keys ourselves this past June 2006 as a means of secure, and yet quick access to servers we manage.
We are often involved in hack clean up of H-Sphere providers; while a portion of that work is one time, there has been enough times where they contact us to go back in we just keep our keys loaded on their server so we can react quickly to their request based on what else is going on.
That stated, we do communicate that we use SSH2, high encryption keys.
Thank you.Why wouldn't you ask the management company this?
If it is anyone reputable, they will explain why they do what they do.
And if it was initial setup with continuing management/monitoring, are you sure you want to remove their point of access?I'm a bit paranoid because I'm afraid they can access my server even when I change my password in the future and/or no longer with them.
They can not access your server if you leave them, unless you image the entire drive and take it with you, or copy the ssh config and key files.
SSH Keys are used by many managed hosts in order to provide quick support and assist in security. If someone is dossing using your compromised box, hosting phishing scams, etc., would you prefer they login and fix it, or unplug it until they can get ahold of you for the root password.
Keys also allow root password resets without rebooting and reseting single mode. You would be surprised how many people forget their root password
Why are they doing this? Is it cause they are able to access my server _without_ a password? I'm a bit paranoid because I'm afraid they can access my server even when I change my password in the future and/or no longer with them. I don't want them to leave "backdoors" which allow them to access it without my knowledge. What company is this?I was looking through the initial audit install script used by a server management company and one of the files is used to install a public ssh authorized keys on my server Why are they doing this? Is it cause they are able to access my server _without_ a password? I'm a bit paranoid because I'm afraid they can access my server even when I change my password in the future and/or no longer with them. I don't want them to leave "backdoors" which allow them to access it without my knowledge. Yes they can access it without a password, if they are using a script to just fetch a default public key, chances are they are using the same key for many many servers.
I do use keys for long term customers however they are all different and root login is set to key only(since it's only us who will be logging in anyway), for just one time initial setups it's kinda silly.
-ScottThey addd cronjob to do weekly checkups, could that be another reason? Could I just simply remove the folder containing the key files?btw, Scott..you have 1234 posts
You can just remove the authorized key file(s) in the .ssh directory which will remove the key and you may aswell kill the cron.That is quite odd actually, who was it who set it up?
-ScottGreetings:
You can comment out keys which are not needed, or otherwise wanted to be prevented from access, by editing the appropriate authorized_keys / authorized_keys2 file and just putting a "#" comment symbol in front of the key.
I cannot speak for the provider in question, but we started moving to SSH2, high encryption, keys ourselves this past June 2006 as a means of secure, and yet quick access to servers we manage.
We are often involved in hack clean up of H-Sphere providers; while a portion of that work is one time, there has been enough times where they contact us to go back in we just keep our keys loaded on their server so we can react quickly to their request based on what else is going on.
That stated, we do communicate that we use SSH2, high encryption keys.
Thank you.Why wouldn't you ask the management company this?
If it is anyone reputable, they will explain why they do what they do.
And if it was initial setup with continuing management/monitoring, are you sure you want to remove their point of access?I'm a bit paranoid because I'm afraid they can access my server even when I change my password in the future and/or no longer with them.
They can not access your server if you leave them, unless you image the entire drive and take it with you, or copy the ssh config and key files.
SSH Keys are used by many managed hosts in order to provide quick support and assist in security. If someone is dossing using your compromised box, hosting phishing scams, etc., would you prefer they login and fix it, or unplug it until they can get ahold of you for the root password.
Keys also allow root password resets without rebooting and reseting single mode. You would be surprised how many people forget their root password