The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel / WHM Login is Invalid

Discussion in 'General Discussion' started by enahs, Sep 22, 2014.

  1. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    We have recently been having a big issue with trying to log into our VPS. This VPS is ours which we have running in Azure so there is nobody to truly call as the virtual server is ours. Recently it's almost impossible to login and right now I can't login at all. Most think this problem would be with brute force feature but the problem is we can't login to even turn it off or whitelist our IP address. The last time I got logged in I had to try for over a day and when I did I didn't a chance to look at the brute force feature before my login timed out (was running out of the office late.) Is there ANYTHING we can do to get logged into this thing? I can't even SSH into it. At first that was what I was trying to do and it was driving me insane making me think I forgot my password but also thought that was impossible since I was using KeePass.

    I have a feeling I know the answer to this but figured it was worth asking. I could reboot the server but I would rather not do that it would be a last resort.

    Thanks for any assistance.
     
  2. PascM

    PascM Member

    Joined:
    Jun 2, 2012
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    127.0.0.1
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    Have you tried longing in using a different IP ?


    Regards
     
  3. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yes, I should have said that in my original post but I had tried from numerous outside IPs. I have remote connections to clients of mine via RDP and LogMeIn.

    Since I first posted this I was now able to get back in. When I look at the brute force history it does not show my IP but what I am guessing is that because there is a setting to lock out when too many attempts are on an account I bet that it was locking out the root account no matter what IP I was trying to login from... I made that zero. I don't want the root account getting locked out because someone is trying to hack it. Doing it IP based is fine but not solely on the root account.
     
  4. PascM

    PascM Member

    Joined:
    Jun 2, 2012
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    127.0.0.1
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Well root should be disabled either way for security reasons.
     
  5. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm not sure I follow you, if you are using an IP-based brute force attack prevention why would you want an account to be locked out? The last thing I want is for me to not be able to access my own server which has happened several times. We're not going to be able to stop attacks completely and it's obvious that the most targeted account would be "root".
     
  6. PascM

    PascM Member

    Joined:
    Jun 2, 2012
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    127.0.0.1
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    That's why you want the "root" not to be able to connect but instead you can create an other user and then su root, that way most attacks to "root" would stop the minute they type "root" as user.
     
  7. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    After I sent that reply I realized what you meant. I am not a Linux guru by any means so I guess I am always "scared" to make any changes to the root account other than password changes. Do you have any easily accessible links or documents that would explain how to block the root user from accessing SSH, FTP or any other protocol necessary? I would like to do this to stop this from happening and based upon best practices.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  9. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  10. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    By the way, I disabled the ability for the root user to get in via SSH but it just simply tells you that access is denied when trying to login as "root". It doesn't really stop the moment they type "root" and hit enter. Does this seem right? Wouldn't cPHulk BF still try to lock out the root account in this situation if turned on?
     
  11. PascM

    PascM Member

    Joined:
    Jun 2, 2012
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    127.0.0.1
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi,

    So you have -> PremitRootLogin no ? and restarted ssh ?
     
  12. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Yes, it's not allowing the root user to log into SSH now as I know I am typing the password correctly and it is stating "Access Denied". I am just going by your description as to what should happen. Typing the "root" and hitting enter then prompts me to enter a password. After that I get denied although I am typing the password correctly. From your description I thought the moment I type "root" and hit enter it would not work...ie not even prompt me for a password.
     
  13. PascM

    PascM Member

    Joined:
    Jun 2, 2012
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    127.0.0.1
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    That's correct, what I said previously works with ssh password authorization = no
    Meaning you need to log on using ssh Keys


    Edit: http://prntscr.com/4pkdbh
     
  14. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ah, I didn't know or think you had mentioned turning off "ssh password authorization". If by doing this would it cause users to not be able to utilize SFTP? Lack of knowledge being said I thought SFTP is no different than pretty much SSH. I don't want my users to lose the SFTP ability or make it overly complicated. Since this VPS is in Azure, FTP can be an issue but SFTP works flawlessly. Worse case is the root account no longer has SSH abilities so turning off "Maximum Failures by Account" should not matter.
     
  15. PascM

    PascM Member

    Joined:
    Jun 2, 2012
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    127.0.0.1
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    There shouldn't be a problem between SSH and SFTP those are 2 different protocols you are talking about.
     
  16. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Great! Thanks for all the replies. I am going to lockdown SSH using non-password authentication but read up on it a bit first so I don't lock my self out due to lack of knowledge. :)
     
  17. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This is not accurate. SFTP is essentially FTP over SSH, and SFTP configuration changes are also made in the SSH configuration file (/etc/ssh/sshd_config). That being said, you can still use key authentication with SFTP if you prefer to disable password authentication.

    Thank you.
     
  18. enahs

    enahs Member

    Joined:
    Apr 1, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    See that is what I thought...my reasoning is I noticed that when using SFTP it is using port 22. I guess I need to better understand how one authenticates when using key authentication. I don't want to have to provide a "key" for every person who wants to use SFTP. That would be something I simply would not want to manage. Again that was being said w/o reading up on how it works.
     
Loading...

Share This Page