Remote access to a server

Introduction

XTRF security policy requires that plaintext credentials are not exchanged between XTRF and the Customer, because storing user passwords in our databases and emails may pose a security risk.


Linux servers

The recommended remote access is via the SSH (secure shell) protocol because it provides us with the remote console.

There are two basic ways to authorize remote users:

  • Via a login/password. You are required to use XTRF Secure Credentials Storage instead of sending passwords directly in emails/tickets.

  • Via a private/public keypair, a recommended method. Please make sure the sudo rights are granted in case system modifications are required.

Instead of sending us passwords, we recommend that you use our public key, which is: 

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuG6GYlm1NPmU586xFAVDs/aul3CLK/3PnCQFCqGnjU ssh@xtrf

When using the public key:

  1. Put it to the .ssh directory and the authorized_keys file, which may not exist yet.

  2. Change your password, and do not send it to us or anyone else.

By using our public key, you will not need to exchange passwords with us because we can now securely log in to your server.

If you need to restrict SSH address from one IP address, please use 148.251.5.0


Windows servers

The recommended remote access is via the Remote Desktop Protocol (RDP). You are required to use XTRF Secure Credential Storage instead of sending passwords directly in emails/tickets.

Alternatively, we can connect with TeamViewer software, but make sure the desktop session does not require a password to unlock.