Disclaimer - I'm a non-coder, willing to learn, but have a question about SFTP.
So my developer whom I hired, provided me with a PPK file to login into my server. Is this a preferable way for FTP authentication?
I'm wondering because - What if I want to hire another developer to work on my site - now two developers will have the PPK file, right? So, how开发者_StackOverflow社区 do I protect myself from previous developers having access to my site after they are finished? What is the proper process for these types of things?Thank you!
You've been given a private key, needed to login to the server using key-based authentication. The key is not sent to the server, but it is used during SSH handshake. You are right that the key should remain private and you should not give it here and there. In general it would be a good idea to create your own keypair and place new public key to the server (and keep the private key with you). You will find more information about SSH authentication in this article. If you post your question to Superuser.com or Serverfault.com, you will get (find existing or ask for) more detailed instructions for non-programmer.
Every developer you hire should be given access to the site through a personal (individual) SFTP profile. Therefore each one of them will have his own PPK file. And when you want to revoke one of their accesses, just remove that developer's personal key from the server side configuration and he/she won't be able to log in again.
精彩评论