License Key hashes: New method for installs/setup.sh and getLicense.sh

[DirectAdmin Support]

DirectAdmin is now powered by a more efficient, more secure, and more feature-rich licensing system.

Instead of relying on the traditional Client ID / License ID / IP address combination, we now offer a secure license key that is used to install DirectAdmin freely wherever you go. There's no more need to login to your account and wait for IP change approvals. Need to install DA on a new server? No problem! Use your key for the new installation, and watch DirectAdmin automatically deactivate on the old server.

Datacenter partners can now create keys that are multi-server, subnet specific / datacenter specific, etc. -- whatever meets their individual requirements. If you are a datacenter, please see this guide instead: https://forum.directadmin.com/threa...key-based-licensing-new-install-method.65260/

IMPORTANT: We've worked hard to make this process automatic for you. However, this requires you to maintain a relatively recent DirectAdmin version. Please see this thread.

Where to Find Your Key

Login to your client account and view any license by clicking on it. You'll see a new "License Key" row. Do not share this with one, as it is your secure key for that license. If you think your key has been leaked or stolen, no problem: just click the plus (+) symbol and you will see a button to reset your key. This can also be done if you don't see any key associated to your license.

How to Protect Your Key

Your key is secure. Unless someone has access to your DirectAdmin client account, or root access to the server where the key is installed, they cannot see your license key hash. (The license key hash is the string of long characters that makes up your license key.)

We offer extra features to protect your key even further. In your client account, after you click on a license to view it, you will see these extra features:

• IP Restrictions. You can use this area to restrict your license to a certain IP range. For example, if you wanted to restrict the license to one IPv4 address (e.g. 1.1.1.1) you could enter 1.1.1.1/32 -- IPv6 ranges can also be added.
• Auto IP Lock. This will lock your key to your current DirectAdmin installation, intelligently. It doesn't matter if your server is maintaining licensing sessions on IPv4/IPv6 or a mix of both. Auto IP Lock will ensure only your live DA installation is allowed to use your key. You can disable this at any time (for example, when you want to install your key onto a different server).

Please understand, keys are secure! These additional security features are strictly optional. If you have staff or temporary server admins having root access to your server, these measures will prevent key theft.

Installation Procedures

Just follow our install guide, as usual. You will notice that your license key goes where the text "auto" used to be.

Most legacy setup methods still remain. Assuming the license meets the traditional requirements (valid license set to the proper IP), you do not need to know what your key is. You can simply run:

./setup.sh auto

Please note that the oldest "./setup.sh UID LID" method has been depreciated. Our installer will still accept it, but then ignore it, and trigger "auto" instead.

License Update Procedures

Normally, you will never need to use our getLicense.sh script, because the key is permanent. It is not something that needs to be refreshed or re-downloaded to keep the server active. However, you can put a new key on the server by using:

./getLicense.sh "LicenseKey"

Datacenter Considerations

Updated & moved to: https://forum.directadmin.com/threa...key-based-licensing-new-install-method.65260/



Let us know if you have any questions or concerns regarding these changes.

- The DA Team

 

[Richard G]

Looks nice but I do have some questions.

This helps do away with the need to match correct server IPs.

As for some this may make life easier, but how do you deal with abuse, like same license on multiple machines. I presume you have a solution for that (do not share if it needs to be secret).

The second one is more a suggestion then a question. I presume you followed this discussion (click). And if ofcourse others would like this, since it's easy to put it back, it would be nice if the user-input method could be put back in or added.

 

[Zhenyapan]

yep, please turn back old setup wizard - where we can select type of webserver/php/mysql and their versions.
you can try add it like
./setup.sh wizard
like it was with "auto"
thanks!

 

[Ohm J]

yes, put setup wizard it back, sometime we can forgot how to set $ENV and we develop multiple program/Language.

so We can't remember too much things like $ENV.

$ENV better for auto install, but not for manual.

 

[DirectAdmin Sales]

As for some this may make life easier, but how do you deal with abuse, like same license on multiple machines. I presume you have a solution for that (do not share if it needs to be secret).

Not really a secret -- just short session times. It used to be that a DA install would remain active up to a month without a license. Now, if you install DA on a new machine, DA will almost instantly stop working on the old machine. If anything, it reduces abuse.

 

[DirectAdmin Sales]

The second one is more a suggestion then a question. I presume you followed this discussion (click). And if ofcourse others would like this, since it's easy to put it back, it would be nice if the user-input method could be put back in or added.

yep, please turn back old setup wizard - where we can select type of webserver/php/mysql and their versions.

yes, put setup wizard it back, sometime we can forgot how to set $ENV and we develop multiple program/Language.

We hear you loud and clear. We'll have it back in the next stable release for sure, and very soon in the next alpha build.

 

[Richard G]

We'll have it back in the next stable release for sure, and very soon in the next alpha build.

Thank you very much.

DA will almost instantly stop working on the old machine.

Well hopefully not too quick so for people with less licenses it's still easy to transfer the license to a new server if they're doing a server move. But I trust that will not be an issue as it wasn't either in the past.

 

[DirectAdmin Sales]

Well hopefully not too quick so for people with less licenses it's still easy to transfer the license to a new server if they're doing a server move. But I trust that will not be an issue as it wasn't either in the past.

It likely will cause problem for this, but exploiting a weakness in the licensing system has never been an official migration method.

 

[Richard G]

has never been an official migration method.

Luckily for this, you guys were never difficult supplying a temp license or other solution if such issue occured or might occur.

 

[factor]

Sorry I missed out on all the fun... lately.

setup.sh no longer supports zero-option interactive mode: use ./setup.sh "LicenseKey"

So does this mean I have to supply the licenses on install?

Now if I have a License attached to an IP it just installs and works? Is this changing?

setup.sh recommended:

• ./setup.sh auto

So if I have a License attached to the server IP and use auto does it just work?

Should you accidently leak it, it's stolen, or perhaps it's blank in your license area, you can "Reset" the License Key hash to generate a new one, which voids all currently downloaded license.key files, requiring manual re-downloads with getLicense.sh.

Is it not linked to the Server IP? isn't it only allowed to be attached to 1 ip address?

If the Server doesnt have a Licence or isnt attached correctly. Are we going to get a pop up box in the admin area to input the correct key?
OR
Do we have to SSH into the box?

When you have trouble at cpanel you have to log a SR and have them fix their license with your ip. Since it can only be attached to one IP.

Are you all going to be able to fix License issues for us when they happen?

You can also restrict it to specific IPs/ranges to avoid unauthorized use,

Isn't this your job? You need to protect your license you sold to me. I am the customer to the software company.

 

[wila]

It likely will cause problem for this, but exploiting a weakness in the licensing system has never been an official migration method.

Sorry I must be misunderstanding something.
How is making it more difficult to migrate to a new server a good thing?

Personally I have sufficient licenses to migrate anyways, but what do you do when you have only one license?
Say you have 1 lifetime license.. how-to migrate?
You can't install a personal license as the accounts are limited, the trial perhaps isn't, unless you tried it in the past..
What's the "official" method then?

 

[DirectAdmin Sales]

Sorry I must be misunderstanding something.
How is making it more difficult to migrate to a new server a good thing?

Personally I have sufficient licenses to migrate anyways, but what do you do when you have only one license?
Say you have 1 lifetime license.. how-to migrate?
You can't install a personal license as the accounts are limited, the trial perhaps isn't, unless you tried it in the past..
What's the "official" method then?

Being able to run more than 1 server on a license has never been advertised as a feature, nor has it been allowed. Our licensing agreement (which has remained unchanged since 2003) clearly mentions circumventing license checks.

The weakness in our old licensing system allowed people to abuse back-and-forth IP changing and run more than 1 server on a license... sometimes for a very long time. Others figured out they could use this exploit to generate a temporary license of sorts, which they used for migration purposes.

The official method has always been to request a temp license, not to try and run two servers on one license. ?

 

[DirectAdmin Sales]

Sorry I missed out on all the fun... lately.

That's okay. @Richard G has been giving us an extra hard time in your absence. ?

So does this mean I have to supply the licenses on install?

Now if I have a License attached to an IP it just installs and works? Is this changing?

So if I have a License attached to the server IP and use auto does it just work?

Is it not linked to the Server IP? isn't it only allowed to be attached to 1 ip address?

If the Server doesnt have a Licence or isnt attached correctly. Are we going to get a pop up box in the admin area to input the correct key?
OR
Do we have to SSH into the box?

When you have trouble at cpanel you have to log a SR and have them fix their license with your ip. Since it can only be attached to one IP.

Lots of good questions but think retro for a moment. Remember buying software, punching in the license key, and voila -- your software is now activated? That's all this is. You don't need to take extra time logging into your account and requesting IP changes any more. As long as you have a valid key, it will work anywhere. It really is that simple.

Are you all going to be able to fix License issues for us when they happen?

Like what? If there was a problem/bug in the licensing system, of course we would fix it.

Isn't this your job? You need to protect your license you sold to me. I am the customer to the software company.

If you are using licenses for retail purposes, there would really be no reason for you to use the extra security of IP locking. It would be more useful for datacenter accounts, to ensure the licenses only function within their IP space, for example.

But.... It would be your responsibility to protect your license key, whether it's a DA key or Windows key or anything else. If you post it publicly, you can't blame the vendor for not protecting you.

 

[wila]

The official method has always been to request a temp license, not to try and run two servers on one license. ?

OK gotcha, no worries, I have no intention of circumventing the licensing rules.
Thanks for the explanation.

One alternative scenario I considered in the past was running a directadmin server disconnected from the internet (in a lab environment) for testing purposes. In other words, in a non-routable fashion, so no intention for it to be accessible by anyone but me. So that won't work.

Anyways.. not a problem for me, I was just curious.

 

[DirectAdmin Sales]

OK gotcha, no worries, I have no intention of circumventing the licensing rules.
Thanks for the explanation.

One alternative scenario I considered in the past was running a directadmin server disconnected from the internet (in a lab environment) for testing purposes. In other words, in a non-routable fashion, so no intention for it to be accessible by anyone but me. So that won't work.

Anyways.. not a problem for me, I was just curious.

No problem, I knew where you were coming from. When I said the new licensing is a "good thing" I meant from the anti-abuse perspective, especially those running 2+ servers on a license for a very long time. People taking advantage of the old system for a short-term migration license didn't even come to my mind.

 

[MaXi32]

Thanks for adding the option skip CSF installation on the latest setup.sh. I like the new setup.sh.

Solved the old issue here (as an alternative without changing the code from setup.sh): https://forum.directadmin.com/threa...f-etc-httpd-conf-httpd-conf.64921/post-338068

?

 

[factor]

That's okay.

Good deal.

but think retro for a moment.

Think back to when the system just knew your server and it just worked.

As long as you have a valid key, it will work anywhere. It really is that simple.

Ok seems dangerous for you. What if I put that one key on 50 servers. OR like I said it tied to the IP As well? OR it single use some how?

If you post it publicly, you can't blame the vendor for not protecting you.

LOL I mean like its you responsibly to protect your Intellectual Property Or prevent over use of your Licensed software.

 

[DirectAdmin Sales]

Ok seems dangerous for you. What if I put that one key on 50 servers. OR like I said it tied to the IP As well? OR it single use some how?

If you install DA on server A, and then install it on server B, then Server A would almost immediately show a License Expired error. You certainly could do 50 installs, but as you completed each install, the older ones would all deactivate.

 

[factor]

If you install DA on server A, and then install it on server B, then Server A would almost immediately show a License Expired error. You certainly could do 50 installs, but as you completed each install, the older ones would all deactivate.

Well that is good then...

 

[DirectAdmin Sales]

Well that is good then...

In many ways, better than the old system. In the old system you could theoretically do 50 license IP changes, and someone could run 50 servers from one license, for up to a month. Then, repeat this again next month.

That's why we used to have that strange 5 IP change limit, to throttle too many IP changes and avoid such abuse.

But let's say you are just a regular guy from Tennessee testing out a dozen FreeBSD VPS's and installing DA on them. By the 5th time, your license is now locked from use on any other IP. Now you have to contact us, explaining the situation. Someone on our end has to take a look at the IP change history and confirm no abuse, before we reset the count. You lose time, we lose time, and your license is useless for future installs until the matter is sorted.

Under the new system, all that is avoided. And you don't lose that "auto" functionality in any way. If you decide to register an IP in your license, the legacy auto option will work just fine. You won't even realize we have a different licensing system. The modern option is to replace "auto" with your key, and it will work anywhere, no matter what your license IP says.