The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable safesshrestart

Discussion in 'Security' started by flashweb, Oct 15, 2011.

  1. flashweb

    flashweb Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    243
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  2. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    What exactly the issue you're having ?
     
  3. flashweb

    flashweb Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    243
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    This is for added security. I bind ssh to private network. So even if my root password get key logged (less chance) i don't want want anyone reset ssh through WHM and bind it to public network.
     
  4. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Why just don't add your IP in /etc/hosts.allow for SSH and deny anything else in /etc/hosts.deny ?

    After that you can chattr +ia /etc/hosts.deny and /etc/hosts.allow and as a result there's nobody can reset ssh except from SSH ONLY.

    BTW, That's what I'm on now, The same way.
     
  5. flashweb

    flashweb Well-Known Member

    Joined:
    Mar 13, 2003
    Messages:
    243
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Can you provide example of /etc/hosts.allow, never used this before :)
     
  6. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Sample of allow:
    Sample of deny:

    Those settings will allow login to SSH only with this IP xx.xx.xx.xx and will deny anything else.

    Of course resetting SSH will override these settings, In that case you should chattr those files

    PHP:
    chattr +ia /etc/hosts.allow
    chattr 
    +ia /etc/hosts.deny
    Hope that helps.
     
Loading...

Share This Page