The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Disable SSH/Shell Access for all users

Discussion in 'Security' started by MH-Andy, Dec 18, 2009.

  1. MH-Andy

    MH-Andy Member

    Joined:
    Apr 3, 2009
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Does anyone know of a quick way to disable SSH/Shell access for all users on the server?

    As currently there's only a disable button that I'd have to click for every account that would take up my whole day.
     
  2. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Look at the AllowUsers option in sshd_config.
     
  3. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Hello,

    In WHM 11.25 under "Manage Shell Access" you now have the option to apply normal, jailed or no shell to all users with one click :)
     
    cPanelDon likes this.
  4. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Ef Caristo!
     
  5. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    What gvard described is correct; in cPanel 11.25 the Account Function "Manage Shell Access" is enhanced to include an option "apply to all" (accounts) when setting normal shell, jailed shell, or disabled shell access. For additional clarification here is the full menu path to access the feature and the applicable documentation:

    WHM: Main >> Account Functions >> Manage Shell Access
    Documentation: Manage Shell Access
     
  6. Fakher

    Fakher Member

    Joined:
    Sep 29, 2010
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Pakistan
    Hello all,
    i did this and disable shell access for all but again i am getting email alerts for different clients like
    Code:
    Time:Tue Oct 12 15:04:57 2010 +0400
    IP:      122.108.xxx.xxx (AU/Australia/c122-108-100-179.sunsh1.vic.optusnet.com.au)
    Account: emomom
    Method:  password authentication
    can some one advise me on this?
     
  7. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Maybe this login information you receive is not for SSH but for secure FTP (which connects the user via SSH first)?
     
  8. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    The e-mail appears to be similar to what may be sent from CSF/LFD (using an e-mail template stored at "/etc/csf/sshalert.txt").

    To help determine if the user was accessing SFTP (via SSH), look in the system log file at "/var/log/secure" for an entry that mentions "subsystem request for sftp" that would have been logged at the same time as the entries indicating the account username.
     
Loading...

Share This Page