Bỏ qua để đến nội dung
MZPanel MZPanel
SSH keys Audit every SSH key on a VPS with provenance (panel-managed vs. unknown), add and revoke keys, mark keys known, and generate ed25519 keys in your browser.
CtrlK

SSH keys

Nội dung này hiện chưa có sẵn bằng ngôn ngữ của bạn.

The SSH key audit gives you a single, box-wide view of every authorized key on a VPS — who it belongs to, whether MZPanel added it, and whether anything looks off. It lives in the SSH keys tab of Users & SFTP on each server, and it’s available on the Free plan.

Key audit & provenance

Section titled “Key audit & provenance”

authorized_keys tells you what’s active, but not who added it or when. MZPanel keeps a small sidecar provenance registry on the box and cross-references it with the live authorized keys, so every key is tagged:

SourceMeaning
PanelAdded through MZPanel — recorded with who added it and when.
External (“unknown”)Present in authorized_keys but not added by MZPanel — installed by hand, cloud-init, a script, or left over from before MZPanel was installed.

The audit lists every key across every user — user, type and bits, fingerprint, comment, source, and date — and surfaces anomalies as chips: keys from an unknown source, keys on root, weak keys (RSA under 3072 bits), duplicate fingerprints, and keys with no comment. Filters let you narrow to unknown, root, or weak keys. Key bodies are never shown — the audit is metadata only.

Add, revoke & mark known

Section titled “Add, revoke & mark known”

From the audit you can:

  • Add a key — pick a user (including root), paste a public key, and optionally grant sudo or add the user to the SSH allow-list in the same step.
  • Revoke a key — remove it by fingerprint; the entry is also pruned from the provenance registry.
  • Mark known — acknowledge a reviewed external key. It keeps a muted “known” chip and drops out of the anomaly count, so your audit reflects only what you haven’t reviewed.
  • Label a key — store a friendly name against a fingerprint without ever rewriting authorized_keys (works for external keys too).

You can also export the full audit as CSV.

In-browser ed25519 keygen

Section titled “In-browser ed25519 keygen”

When you don’t already have a key, Generate SSH key creates an ed25519 pair entirely in your browser. The private key never leaves the browser — MZPanel fills in the public key and reveals the private key once for you to copy or download. The encoding is verified to parse as a valid OpenSSH key.