How to fix the ISP-Config ssh-key home directory problem
If you create shell user in ISP-Config, you can’t generate a RSA key pair for your user, because you can’t write to the home directory of the corresponding “web user”. You will get this message:
Generating public/private rsa key pair.Enter file in which to save the key (/var/www/clients/client1/web11/.ssh/id_rsa):Could not create directory '/var/www/clients/client1/web11/.ssh': Permission deniedEnter passphrase (empty for no passphrase):Enter same passphrase again:open /var/www/clients/client1/web11/.ssh/id_rsa failed: No such file or directory.Saving the key failed: /var/www/clients/client1/web11/.ssh/id_rsa.
I have found a solution for this problem, it is a bit of a hack until ISP-Config officially changes this behaviour.
- Login as root on the server
- Make the web user homedir mutable:
chattr -i /var/www/clients/[Client ID]/[Web ID] - Create a symbolic link for the .ssh folder:
ln -s /var/www/clients/[Client ID]/[Web ID]/home/[Username]/.ssh /var/www/clients/[Client ID]/[Web ID]/.ssh - Make the web user homedir immutable again:
chattr +i /var/www/clients/[Client ID]/[Web ID] - Exit the root shell
The web user’s and your shell user’s .ssh folder are now linked. That means that everything is synced like authorized keys, known hosts and RSA key pairs. You can now create a RSA key pair for your shell user, so you can do things like a git clone/pull.
About the author
I’m a freelance web developer and online marketer from the Netherlands. I’m specialized in creating and optimizing websites where the focus is user experience. In may 2017, I was included in the list of the TOP 500 young innovators by the Next Web. If you want to reach out, please contact me on Twitter or check my website:
