Providing us with login details securely (Magento 2)

From time to time we may ask you to provide us with login details if we believe this is the most efficient way to resolve an issue for you or if you tasked us with providing installation or customisation services.

tl;dr

  1. take a backup
  2. Use encryption

  3. Our public key

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC48Qf+j6rtNJJH9GHSgqyq+qSPuup6CafP1KMxlpcKZGl94BricbiCehnUZrqusc7o6YPVf1HRVwuW9D8kjG633INdjjn9kEXpyLKuk+4x8SzwVfH0t6QHEMSOCrkcG0BhiVM2OX6bFV2XklZyxu3CaQA43eybUP8XuGFq4o0rwI11488V/pbaLC079wGbj+he4goAIQttwAcM1Toty2pw+Oiky0VRj19qQay4E8Tvsx2sRE3RlZB0dA5nwaCfJ858mDZaP87FawHuoWSzj6xA6NyDpnR3L3V91C8FHW6MPpIOGbtC1pZ3BLstkuRkevDfawTr84J6dwzdWzzEIbX/0sPa7NamCu208TnsdT3rPifMBnLl0QGH7bdVIqkrncbFfUAa2iShKev9MV3NVOs3iUtZ7ZUEuuIzVTyDECQ4qcSfpBqJvkdtpxftJL7yBzuX+bZT6oo4jr9zFKp/lUu6vHnhGp3K6qOdQWUt8hhVHAi1QsM4e3H5dK0V5nupHuEzZ1cwpfvb/7GbsdHQDYZ8AuzFuwp6YBckrSIVRe3zJfy8WnQW32N98deIPtm+a+YQfNCtWt8oeO9LqHUXluZNmW4vXqk8YVI534ByiyNtoTkWLPjnKganaC4trHTjo7sjiOcDFS3POo9/Z73EMcY21o3pAwApclyXcZPg43r3Tw==

  4. Our IP: 188.166.134.216 (based in Amsterdam, Netherlands)
  5. revoke once we are done

We may ask for the following:

  1. Magento admin url and login

    The admin url should be secret and is not guessable by us - so please provide us with a link to the admin login page.


    We also recommend creating a separate administrator account for us. Please note it is common for attackers to attempt to brute-force admin user account login details (1000s of guesses over a short time period). In other words do not create an admin account like fooman / password123.


    Starting with Magento 2.4 2FA (two factor authentication) has been made mandatory. As a result having a separate administrator account is needed as we would not be able to reuse an existing admin account to which we do not have access to the corresponding second factor.

  2. File access 

    In most cases, we would need access to the command line (SSH) with a user account that has write access to all Magento files. 

In an ideal scenario we would only require access to a development or test site but we understand that often this is not available or up-to-date.

Important

Please do not email us these sensitive credentials directly. We recommend using a secure encrypted channel like our Yopass instance here and only sending us the link. Once the credentials are viewed by us the message will self destruct. For the duration of the support request we will keep the credentials in our password manager.

If you are using SSH public keys for authorising logins please add the below:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC48Qf+j6rtNJJH9GHSgqyq+qSPuup6CafP1KMxlpcKZGl94BricbiCehnUZrqusc7o6YPVf1HRVwuW9D8kjG633INdjjn9kEXpyLKuk+4x8SzwVfH0t6QHEMSOCrkcG0BhiVM2OX6bFV2XklZyxu3CaQA43eybUP8XuGFq4o0rwI11488V/pbaLC079wGbj+he4goAIQttwAcM1Toty2pw+Oiky0VRj19qQay4E8Tvsx2sRE3RlZB0dA5nwaCfJ858mDZaP87FawHuoWSzj6xA6NyDpnR3L3V91C8FHW6MPpIOGbtC1pZ3BLstkuRkevDfawTr84J6dwzdWzzEIbX/0sPa7NamCu208TnsdT3rPifMBnLl0QGH7bdVIqkrncbFfUAa2iShKev9MV3NVOs3iUtZ7ZUEuuIzVTyDECQ4qcSfpBqJvkdtpxftJL7yBzuX+bZT6oo4jr9zFKp/lUu6vHnhGp3K6qOdQWUt8hhVHAi1QsM4e3H5dK0V5nupHuEzZ1cwpfvb/7GbsdHQDYZ8AuzFuwp6YBckrSIVRe3zJfy8WnQW32N98deIPtm+a+YQfNCtWt8oeO9LqHUXluZNmW4vXqk8YVI534ByiyNtoTkWLPjnKganaC4trHTjo7sjiOcDFS3POo9/Z73EMcY21o3pAwApclyXcZPg43r3Tw==

and forward us the details to login via SSH. Make sure to include the host or IP address, login user and any custom port if not using the default port 22 (for example ssh user@example.com -p 22 )

If you are able to lock down access via firewall rules we highly recommend you do this. Our IP address is: 

188.166.134.216

Once we are finished with the support request please ensure access is revoked again.


Please confirm that you have taken a current backup and are able to restore from this if we do run into unlikely but possible issues during troubleshooting.

Still need help? Contact Us Contact Us