flashweb

Well-Known Member
Mar 13, 2003
255
2
168
cPanel Access Level
Root Administrator
This is for added security. I bind ssh to private network. So even if my root password get key logged (less chance) i don't want want anyone reset ssh through WHM and bind it to public network.
 

ModServ

Well-Known Member
Oct 17, 2006
337
5
168
Egypt
cPanel Access Level
Root Administrator
Why just don't add your IP in /etc/hosts.allow for SSH and deny anything else in /etc/hosts.deny ?

After that you can chattr +ia /etc/hosts.deny and /etc/hosts.allow and as a result there's nobody can reset ssh except from SSH ONLY.

BTW, That's what I'm on now, The same way.
 

ModServ

Well-Known Member
Oct 17, 2006
337
5
168
Egypt
cPanel Access Level
Root Administrator
Sample of allow:
sshd : xx.xx.xx.xx : allow
Sample of deny:
sshd : ALL

Those settings will allow login to SSH only with this IP xx.xx.xx.xx and will deny anything else.

Of course resetting SSH will override these settings, In that case you should chattr those files

PHP:
chattr +ia /etc/hosts.allow
chattr +ia /etc/hosts.deny
Hope that helps.