Setup Remote Access Key

**jols** · 05-02-2006 06:19 PM

Setup Remote Access Key

I need to remove this feature from the reseller WHM panels, just to stop a cascade of "How do I use this?" questions. But I don't see any way of doing that. Anyone?

NT · 05-02-2006 06:39 PM

Hi,

I believe you can disable this through Reseller Privileges in the Reseller area of WHM.

Hope that helps.

**jondolar** · 09-27-2006 11:14 PM

I have the same problem.
WHM 10.8.0 cPanel 10.8.2-S120
CentOS 4.4 i686 - WHM X v3.1.0

Reseller privs don't have cluster enabled but if I log in as the user I get the ability to view and change the WHM key.

This is a security issue for sure.

**hariskhan** · 09-28-2006 03:12 AM

To date, I haven't received any answer from cPanel for the same Q.

**jols** · 09-28-2006 04:02 AM

I am personally getting a little tired of the enduring vulnerabilities like this, and the little stuff like the typos in the vsite cPanels.

Did you make out a bugzilla report for this latest thing?

**hariskhan** · 09-28-2006 04:27 AM

I have posted it as a bug on bugzilla.cpanel.net. The bug report I put there;

http://bugzilla.cpanel.net/show_bug.cgi?id=4421

Am waiting for an answer or resolution, since.

**jols** · 09-28-2006 04:32 AM

Wow, since last July. THIS IS NUTS!!!!!!!!

Do they not care if cPanel vsite resellers are able to take down the entire server?

I just put in one too, before I found that you had as well:

http://bugzilla.cpanel.net/show_bug.cgi?id=4635

**jondolar** · 09-28-2006 10:05 AM

I opened a ticket last night and got a quick reply.

When the reseller logs in they can see their own Key. I did not know that there were multiple keys. Resellers have their own remote access key which they can change.

**cpanelkenneth** · 09-28-2006 02:41 PM

Please read the documentation on this feature: Setup Remote Access Key

The only way "disable" this is by editing your WHM theme and removing the reference. The following shows how to do this:

Edit /usr/local/cpanel/whostmgr/docroot/themes/<themename>/comand Move the
ENDWHMDEFINE statement on line 331 two lines down, just after the next <br />
tag. This will cause the "Setup Remote Access Key" functionality to only
display if someone has ROOT or CLUSTERING access.

Note: you should do this in a copy of your WHM theme, otherwise the next upcp
update will overwrite your changes.

As jondalar noted, each reseller, which includes root, has a Remote Accesss Key assigned, and can create a new one, thereby invalidating the old. When a reseller creates a new Remote Access Key, it is his key only that gets regenerated. Likewise when viewing the Remote Access key, the reseller only sees his own. Scripts and Applications that use this key for validation can only perform the same actions that the reseller could via the WHM interface.

LinkBack

Thread Tools

Setup Remote Access Key - Need to remove from reseller WHM panels, but how?

Cant remove Cluster/Remote Access for Reseller

No answer yet

I posted the bug on cpanel's bugzilla website

Everything is ok

Server Setup - Setup Remote Access Key?

Remote Access Key - Setup Reseller

I have log my WHM and there is only "Setup Remote Access Key

Setup Remote Access Key Error