Stop/Start ssh and ftp service from whm or cpanel

[ASTRAPI]

Hello

How can i stop/start the ssh and ftp service using the whm or cpanel?

I want to stop the service and start it only when i need it.

If i just stop it and restart the server it will be enable again?

Thanks

[eth00]

You can disable it within the WHM "service manager". If you do not disable it there WHM will restart it when you stop it.


*edit* you could also block it via firewall and just add your IP

[ASTRAPI]

I want to stop/start these services only and if i have stop them when i restart to be up and working again.

[ASTRAPI]

I was wondering if i can request it as addon to whm so i can have a GUI solution to stop/start the ssh and ftp services ?

I will pay ofcource a few euro

Any info please?

Thanks

[Spiral]

Eth00 already told you what you need to keep those services offline!

Just a quick recap .....

1. Go to "Service Manager" under the "Service Configuration" section in WHM

2. Uncheck the check boxes under "sshd" and "ftpd" and click "save"

Now those services won't be automatically restarted.

Go into your SSH session and type the following:

Code:

# service ftpd stop
# service sshd stop

At this point, you'll probably be kicked out of the shell and your
SSH and FTP services will be down and won't be restarted again
by Cpanel because you told it not to monitor those services.

If you need to reactivate SSH or FTP then you simply go into your
WHM menu to the "Restart Services" section and click on the service
you want to bring back online and it will be restarted from the menu.

(Now out of pure curiosity, why are you disabling FTP and SSH? --
While you can do this, it doesn't really have any significant advantage
over just properly configuring and securing these services)

[ASTRAPI]

If the service is disabled is better than trying to secure it.

Anyway thanks all of you.

[mattdmin]

Obviously you don't utilize FTP or SSH on this server which is fine, but for people who do utilize it and want and easy way to secure it, here's what I suggest rather than turning the services off.

Run a firewall, I suggest CSF & IPTables, keep SSH and FTP running, merely change the port on which you connect to for SSH and FTP. Also, you take your IP addy's that YOU or YOUR CLIENTS connect from and allow them in the Firewall and Viola.

Also to make things even more secure, make sure to put the password security above 60% secure as a default.

[ASTRAPI]

Easy to scan and find the changed port and not easy to add a dynamic ip there so is better to stop the service.

[vincentg]

Really very Bad idea to stop these

No reason to do it at all and plenty of reasons why you should not.

If you want help on how to secure your server let the board know and there are people here that can help.

[ASTRAPI]

Tell me one reason please that is better to secure a running service than stop it?

It is obvious that is more secure a service that is not running at all, than a running service with any kind of security

Anyway you have your opinion as i have my opinion

No problem

I was use that in my previous panel aand it was great and i hope cpanel to add it...

[vincentg]

Well the number one reason will be the what if.

What if your server has problems.
Now you will have to wait for your server host to answer your help desk request to switch your shell ability back on.

This since only they will be able to access the server.
And they too will have to have a hard time getting in as how do you expect them to login to the server?

Do what I do - lock out all access to the server from all IP's except the local IP and your IP.

As this works best.

If not and you go down that road your host will wind up charging you each time an issue comes up. If you have money to waste then feel free to follow this bad idea of stopping SSH service.

[ASTRAPI]

If i just stop the service after the restart that i can do it without waitining the DC all will be working again

For the ip i can't do it as i have a dynamic ip

[Spiral]

If the service is disabled is better than trying to secure it.

Anyway thanks all of you.

On the contrary! Disabling critical services is not necessarily better ...

You must consider the practical side as well as the security.

Without FTP, hosting account management access is much more limited
and should something go wrong with your server or even just Apache,
you may find yourself in a very difficult position without SSH access.

FTP, you can choose to leave on or turn off if you really don't think
that you will likely need it.

SSH, I would NOT turn off because you are slicing your own
throat unless you have physical access to the machine for a console
root login (or just like big headaches). For this service, I would leave
on but do what is necessary to properly secure it such as disabling
direct root logins, using certificates instead of passwords, changing
the default port to some other unused port other than 22, and
limiting connections to protocol 2. Combined with a decent firewall
and port scanner detector, you should be perfectly fine and the chance
of any direct SSH compromises would be extremely slim to none yet
you could still manage your server openly as often as needed.

(If you are a little more paranoid like me, you could even drop all packets
to the port you use for your SSH except from your own home IP if it is
dedicated or from your ISP's CIDR range if your connection is dynamic
which will still further greatly reduce the odds of any viable attack)

[eth00]

One other consideration is that if you are at a datacenter like softlayer with a private network you could enable ssh on the private network only (which requires a vpn connection to access).

I agree with Spiral in that disabling ssh is not the best, occasionally WHM has problems and you need ssh to fix it.

If you do disable ssh I would at least make sure on your datacenters policy on KVMs. You may run into a decent fee to use one if you need to repair things.

[ASTRAPI]

If i stop and not disable the ssh and i have a problem i can restart it from the DC menu that i have annd it will auto load.

I was use that with my previous panel for 1 year and never had a problem.

Ok anyway thanks all of you