Add to Favourites Add to Favourites    Print this Article Print this Article

Creating a Login Key to use with your API, script, or temporary login, to keep your password safe

Multiple Levels of security are mandatory these days.  A single password is only 1 level, and if lost or stolen, an attacker would be able to login if there are no other levels of security.  If you need to give out your DirectAdmin password for any reason, either for an API script, or even to a remote tech, or it's best not to hand out your true password.

DirectAdmin has a feature called Login Keys which allow you to have multiple other passwords for your DirectAdmin account, but these other password can be set with heavy restrictions.
These include:

To create your own Login Key, first Login to DirectAdmin as the account the key is for, eg: "admin".

1) Browse to the Login Keys page:

User Level -> Login Keys

If you don't yet have any domains created, then you can manually access the page via this URL:


2) Click "Create new Login Key" to get started with a new key.

3) Enter all fields as needed.4) When testing your Login Key, it's often useful to run DA in debug mode, level 2000, which will have DA tell you why a login is being rejected.


A) Power Reseller
Although this has not be tested, in theory, you can create a 2nd Admin account, and only allow them the Commands:


and Deny the command


Never expires, unlimited uses, clear key disabled, and allow html enabled.
This will give someone a Reseller Account, plus some Admin privileges.
Note that this is not fool-proof.  There are overlapping commands that would still allow them to delete an Admin account or change their true password (via non-obvious means), so you would still need a certain degree of trust of this account.  However, it would be useful to help prevent accidents/errors by that account.

B) User Level API to create/manage email accounts
As this is a script, it will never expire, will have unlimited uses, we don't need "clear key", and "allow htm" is not required.
The list of commands should only need to be:


and lastly, the IP field should contain just 1 IP, which is the IP that will connect to DA from the script. If the script is local, you'd specify  If your connecting form a remote server, you'd enter the main IP of the remote server.

C) DNS Clustering with the Multi Server Setup
DA only needs a small set of commands to control the dns on a remote box. The "allow" list would be as follows:


and you can set the IP of the remote box that needs to connect to this slave, as nobody else should be connecting with this key other than the master.

D) Key for Technical Support
If access to your server is requested, instead of providing the true admin password, you could provide a full-access Login Key instead.  For this use any key name, eg: "support", a random password (use the generator button), set an Expiry to say 5 days in the future (however long you thing it will need), Uses=0, Clear Key = yes, Allow HTM = yes, and enter the current admin password at the bottom. It can be restricted to an IP, but if different techs may be logging in, it's simplest to allow any.

Was this answer helpful?

Also Read