The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to disable ssh

Discussion in 'General Discussion' started by matt621, Jun 30, 2003.

  1. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Again, coming over from another control panel, we had a start and stop on all the functions. I left ssh off until i needed it, then turned it on via the control panel, and when I was done turned it off. Having a prevous box infected has made me cautious. But I can't find anyway to turn off ssh, and I can't even find telenet.

    cPanel.net Support Ticket Number:
     
  2. Admin356

    Admin356 Active Member

    Joined:
    Feb 19, 2003
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    hmm what do you do if cpanel stops and needs to be restarted?
    Turning ssh off is a bad idea imho - Just restrict access if needed.

    cPanel.net Support Ticket Number:
     
  3. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    Yeah I agree. Just use restrictions based on IP address access..

    Brenden

    cPanel.net Support Ticket Number:
     
  4. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    How do you restrict access then?

    And can't people spoof IPs?

    cPanel.net Support Ticket Number:
     
  5. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Huntington Beach, Ca
    You can edit the sshd_config. If you are really paranoid (sounds like you are) restrict it to IP and do not permit root login.
     
  6. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    so your answer is to belittle someone who takes security serious

    thanks so much. would you mind posting your server's ips. I know of a few newsgroups that love a challenge.

    cPanel.net Support Ticket Number:
     
  7. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I don't think he was belittling you. Being paranoid is considered a good thing in this business. What he suggested was a serious option.

    cPanel.net Support Ticket Number:
     
  8. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    maybe you missed the part:

    paranoid: "irrational fear or distrust of others"

    there is nothing irrational about wanting to keep my servers secure and in my and my customers hands only.

    cPanel.net Support Ticket Number:
     
    #8 matt621, Jul 1, 2003
    Last edited: Jul 1, 2003
  9. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    Maybe you missed the point?

    To use your own example:

    paranoid: "irrational fear or distrust of others"

    Don't give an example of one definition and leave out the other. You do have a 'distrust of others' and rightly so. Anyone operating a Serve and not having a distrust of others -- trying to gain un-authorized access -- should not be running a Server. So the comments above are on track and valid for any ServerAdmin.

    paranoid can also mean: a person afflicted with paranoia

    Noun: paranoia
    - a psychological disorder characterized by delusions of persecution or grandeur

    As most ServerAdmins are not under any delusions -- any Server connected to the Internet will be; scanned, probed, attacked, with varing amounts of persistence -- being at least 'a little bit paranoid' is considered a good thing. There are some though, who do feel a sense of grandeur in operating a Sever and that can be a problem. ;)

    I would suggest you thicken your skin a bit as not all replys to your Forum posts (regardless of what Forum) will be to your liking or nature. That's all part of interacting with others. Text based communication is very blunt and without most of the other physical cues we are used to. Mistakes (in word or thought) are usually not corrected either.


    To get back on track with original question:

    Do you have physical access to your Server? If not, it makes no sense to disable 'sshd' as turning it off (plus Telnet) leaves you with no way to (SHELL) access the Server without a reboot disk. These two daemons cannot be touched with WHM, BTW.

    If you want to disable Telnet:

    chkconfig --level 1235 telnet off

    Disabling SSH is not good and disabling it is a red herring. Doing things like:

    using tcpwrappers
    disable mount permissions for partitions
    removing unnecessary user accounts
    disabling shell access to system accounts which do not need it
    disabling unnecessary services and removing their application if possible
    (this definitely applies to most scripts in cgi-sys -- certainly for all 'formmail' script in there)
    etc.

    Lots of good information within this Forum is available, if you willing to take the time to Search and check them out. And your favourite Search Engine can be your best friend when it comes to finding places to learn more about... whatever. Most of us try to make this a good Forum, and hopefully you'll be one of those instead of one who doesn't.
     
  10. xsenses

    xsenses Well-Known Member

    Joined:
    Aug 29, 2002
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Huntington Beach, Ca
    There was no intent to belittle, maybe I should of used a ;) or :)?
     
  11. trakwebster

    trakwebster Well-Known Member

    Joined:
    Jan 29, 2003
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    I'd chime in to agree. Although you are correct about the dictionary definition, the comment was helpful and doesn't to my ear read like a slur.

    At least, if I were in your shoes, I'd not take it as a slur. Many years ago, I rode a motorcycle. I learned a valuable lesson. I learned how invisible a motorcycle is to folks in cars. I learned a new and paranoid way of looking at driving. That is, to be suspicious at all times when driving because those guys can kill you.

    Sure, the dictionary says 'irrational', but that's just where the word came from. And in fact, there are many real-world cases where constant, ongoing, never-forgotten "paranoia" is the height of wisdom!

    I say be "paranoid" about driving, server security, and letting other guys near your woman!
     
  12. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    The improper use of language does nothing to facilitate communications, ideas or solutions. The use of the word "paranoid" as used above is either factually wrong or a "dig" (insult.) Paranoia is the IRRATIONAL fear and/or distrust. There is nothing irrational about wanting server security.

    Look up irrational. It means unfounded. Without merit.

    Driving a motorcycle with extreme caution is not irrational because the death rate and dangers are higher than driving a car. Therefore using extreme care is not irrational, and therefore not paranoia.

    Just like doing everything possible to secure a server is not irrational. It's not because I think there might be someone out there trying to break it. It's because there ARE many out there trying to break in. The threat is real and fills the log files. It happens every day. One of my best friends is a sysadmin for a major university and he related to me they get 20,000 attacks AN HOUR on some days. I know we get about 5-50 per day. Those are the facts.

    cPanel.net Support Ticket Number:
     
  13. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Oh, I forgot, here's a few more facts for you.

    We had a server successfully hacked 2 years ago. It cost us 12 clients. (they left due to the breach) Our own sites were offline for 24 hours, resulting in a loss of about $300 in profits that day. Additionally we were charged an additional $97 in excess bandwidth that month due to the hack, which sent out millions of spams. All in all, we lost almost $2000 due to just one successful hack. And we are a tiny little company.

    Compare that to simply turning off ssh and telnet. If we need it on, I pick up that old fashioned thing, the phone, and ask them to restart the control panel from the command line. In 4 years (using a competitors product) that has happened 1 time.

    You secure your servers however you like. I'll do the same with mine.

    cPanel.net Support Ticket Number:

    cPanel.net Support Ticket Number:
     
  14. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    I don't want to be a pain in the butt, but there is the dictionary use of "paranoid", and then there's the computer guy use of the word. In the computer guy sense, it just means someone who is extremely cautious. It is used as an exaggeration. A quick search of the forums will reveal this. The following threads all have people referring to themselves as being "paranoid".

    http://forums.cpanel.net/showthread.php?s=&threadid=9075&highlight=paranoid

    http://forums.cpanel.net/showthread.php?s=&threadid=3588&highlight=paranoid

    http://forums.cpanel.net/showthread.php?s=&threadid=6356&highlight=paranoid

    Anyway, good luck with securing your server. I, too, am very concerned (read paranoid) about people hacking into my server.

    cPanel.net Support Ticket Number:
     
    #14 casey, Jul 1, 2003
    Last edited: Jul 1, 2003
  15. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for the links. I see what you are saying.

    And I agree, there really needs to be "licensee only" forums. Security is one area that the general public does not need to be reading about in public forum. (among others)

    At the risk of beating a dead thread, I'll go back to my original point. I think what bothered me in the beginning is that I made a suggestion/asked a question and then instead of getting an answer to the question, I got "Why'd you want to do that?" and "You certainly don't want to do that."

    I've got news for you. There are something like 20,000 users of this competitive product that have their SSH and Telnet turned off every day. We only turn it on when we need it. It's just a phone call. Maybe cpanel has some flaws/bugs in it that make the web interface less reliable and you really do need to log in and restart it on a regular basis. (I sure as heck hope this is not the case.)

    But to me, to leave telnet and ssh on, is like nailing down the furniture but leaving the front door of your house wide open. Sure, they can still get in thru the windows, but you get rid of a lot of trouble just by locking the doors and taking the keys.

    cPanel.net Support Ticket Number:
     
  16. goodmove

    goodmove Well-Known Member

    Joined:
    May 12, 2003
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    I wish SSH was the only gateway that you needed to close down to secure your server... :)

    Your initial 2 posts suggest that your are slightly "paranoic" (is that a real word? I've just made it up from "bionic" ;))... Go over your questions and you will find out why...
     
  17. Admin356

    Admin356 Active Member

    Joined:
    Feb 19, 2003
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    You are in far more danger from php scripts than you are having ssh turned on - If you don't allow ssh access to users, have access restricted to certain IP's, have root login disabled, strong passwords, current versions - That,s good enough for me.

    An application such as gallery, shoutbox etc on your server can be used to remotely download backdoors, phpshell etc, etc, via visiting one of your clients webpages, and entering a URL - That poses far more of a threat - While I do not take your suggestion lightly, turning ssh off in my opinion isn't a great idea. Have you disabled services, ports not needed? Someone could always upload their own telnet daemon using the methods mentioned.

    Do you run php with open_basedir restrictions and register_globals Off?

    cPanel.net Support Ticket Number:
     
    #17 Admin356, Jul 2, 2003
    Last edited: Jul 2, 2003
Loading...

Share This Page