Our Advanced Integration setup process requires our backend platform to be provided with access to your server via SSH. Our process also requires that it is given sudo access to your server.
During setup, you'll be asked to either provide the password of a system user with sufficient root priviledges or to add an SSH key to the server.
To put your mind at ease, our setup process uses the sudo access to log on to your server and create our own serverauth
user on your server. It is also then granted sudo access of it's own.
That is it. All Server Management actions performed via our platform will then be run through the serverauth
user which means there's no worry of losing access to your server should you add / update or delete another user on your server.
If you chose to provide a password, we'll use this to log in as the user you specify and will then use 'sudo' permissions to set up the ServerAuth user.
If the user you provided does not have sudo permissions we will not be able to configure your server for use on ServerAuth. You can check if your user has permission by running sudo su
when logged in. If after entering your password again (if prompted) you can log in as the root user then this will work.
A more secure way for us to access the server is by using an SSH Key. We'll provide you with the public key to add, and this goes in the users ~/ssh/authorized_keys
file.
Please note that the user you permit us to login as here must have passwordless sudo permissions. You can verify this by running sudo su
as the user. If you are prompted for a password then this will not work, and you'll need to update the user's sudoers file accordingly.
To do this, run sudo nano /etc/sudoers.d/<username>
and in that file place this, updating the username:
<username> ALL=(ALL) NOPASSWD: ALL
Once completed, save and exit using CTRL+X. Open a new terminal window and log back in again, you should now be able to run sudo su
without being prompted for a password.
If your server is behind a firewall and you've restricted the IPs that can access SSH you'll need to whitelist our systems outbound IP addresses. We only require access to your SSH port, and no other traffic comes from these IPs.
If you are using automated deployment tools such as Ansible we also provide an up to date text based list of IP's which can be used as a permanent reference: https://serverauth.com/ips
Occasionally a server setup won't go as planned. This is usually down to us not being able to access the server to perform the setup process, or the server being incorrectly configured or modified. Please check that the server user account you provided us with has the correct permissions to run commands as root, and is not IP restricted in any way that would prevent our system from accessing your server. Please also ensure no modifications have been made that may prevent us installing essential packages.
In addition, your server must be on our supported operating systems list and contain no modifications to the system's base user setup process.