Basic sshd_config options in WHM

[cPanelDavidG]

Greetings again!

In discussions with one of our cPanel Partner NOCs, the idea of adding some very basic /etc/ssh/sshd_config options to the WHM interface arose. Basically, the idea was to add the option to change the SSH port as well as enable/disable remote root login.

I do this manually on any cPanel/WHM server I provision into production use and these two items in particular seem to have become recommended system administration practice.

However, there are many possibilities for how to implement this feature. Hence, I am starting a discussion thread to gain insight on how you, as an administrator of a cPanel/WHM server, feel this would best be implemented.

I know I would want a check to ensure there is a wheel user on the system before I disabled root access via SSH, so I don't inadvertently lock myself out of a server.

Also, there should be some big warning noting that firewalls can conflict with such a configuration and to update your firewall settings to permit connections over that port, before you change the SSH port to a port the firewall blocks.

Also, should this screen only be viewable to user root in WHM, or any user in WHM that has root-level access to WHM?

Obviously, we would want to be very careful with file I/O so we don't inadvertently lock someone out of a server due to an I/O snafu.

I am interested in any suggestions you have for this functionality and to see how many others would feel this functionality would be utilized if implemented.

[Infopro]

I like your idea, but I'm not sure about this part:

Also, should this screen only be viewable to user root in WHM, or any user in WHM that has root-level access to WHM?

I myself mostly use a root-level access user login in WHM, instead of root. But that's for day to day things. When configuring a new server there is no one else but root involved.

If this was an option it should be able to be switched off/on. Not sure I would want a reseller with root access changing a port for/on me without warning.

I know I would want a check to ensure there is a wheel user on the system before I disabled root access via SSH, so I don't inadvertently lock myself out of a server.

It might be nice to also force a check of some sort to make sure the new port is open and works as expected before allowing you to disable the original setting.

1) Port in use now: 22
2) Enter New port to use: 2222
3) "Click here to check/refresh/make perm this change in config file"

response(s)
a) New Port not available please open port in your firewall first and then refresh this page by clicking here.
b) New Port available click to refresh and confirm change.
c) Make changes permanent removing old port number from config and restart SSH click here.

4) Config File updated. Be sure to remove old port number from firewall.

[rlshosting]

I wish that root had an option to add a ssh username to root so that i do not have to login with the root username and password. I still do not know how to do this after a long time messing with cpanel servers.

For example, I log in SSH with port 22 and the username is root and the password is blahblah. A good option is to use the username yourname and the password then type in the command then enter the password to enter root. I will probably ask on some forums about this in the near future but this would be a good option.

I have to edit the config every time I change the port.

Another option could be a port configuration editor to edit the ports of each service.