Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Limited ROOT access with SSH Key?

Discussion in 'Security' started by 000, Nov 29, 2018.

  1. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    179
    Likes Received:
    0
    Trophy Points:
    66
    Hello.

    I have my server with CentOs 7 and cPanel.
    I need SYS ADMIN install PgSQL version 11.1
    I am desperated, forever I get errors.

    ... is possible give access ROOT with SSH KEY but:

    1. restrict this acces to 1 or 2 IPs?
    2. avoid change of password?
    3. save LOG of ANY command executeed by this anonymus admin?
    this SYS ADMIN require ROOT access becuse he need install/compile/fixed software as PgSQL 11.1:
    Code:
    https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm 
    , C++, etc...



    Finally:
    ... really can run PgSQL 11.1 over cPanel?

    I know the script
    Code:
    /usr/local/cpanel/scripts/installpostgres
    but I require PgSQL 11.1


    Thanks by your help
     
    #1 000, Nov 29, 2018
    Last edited by a moderator: Nov 29, 2018
  2. dalem

    dalem Well-Known Member PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,883
    Likes Received:
    117
    Trophy Points:
    368
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    assuming you are running ssh on port 22

    run

    iptables -A INPUT -s myip -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -s myotherip -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j DROP

    then save your iptables rules so it will survive a restart

    if you are running csf add rules to csfpost.sh csfpre.sh respectively


    for a non cpanel supported PgSQL you will have to install it manually
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    179
    Likes Received:
    0
    Trophy Points:
    66
    THANKS A LOT!!

    oh, yes!,
    just you can see I run:
    Code:
    yum install postgresql-jdbc.noarch postgresql-jdbc-javadoc.noarch postgresql-pgpool-II.x86_64 postgresql-pgpool-II-devel.x86_64 postgresql-pgpool-II-extensions.x86_64 postgresql-plruby.x86_64 postgresql-plruby-doc.x86_64 postgresql-unit11.x86_64 postgresql-unit11-debuginfo.x86_64 postgresql11.x86_64 postgresql11-contrib.x86_64 postgresql11-debuginfo.x86_64 postgresql11-devel.x86_64 postgresql11-docs.x86_64 postgresql11-libs.x86_64 postgresql11-llvmjit.x86_64 postgresql11-odbc.x86_64 postgresql11-plperl.x86_64 postgresql11-plpython.x86_64 postgresql11-pltcl.x86_64 postgresql11-server.x86_64 postgresql11-tcl.x86_64 postgresql11-test.x86_64 postgresql_anonymizer11.noarch
    but ever I get erros...

    (my last:
    Code:
    --> Processing Dependency: llvm5.0 >= 5.0 for package: postgresql11-llvmjit-11.1-1PGDG.rhel7.x86_64
    --> Finished Dependency Resolution
    Error: Package: postgresql11-llvmjit-11.1-1PGDG.rhel7.x86_64 (pgdg11)
               Requires: llvm5.0 >= 5.0
    )

    by this motive I need give access to unknowed SYS ADMIN...

    About your kind answer:
    is possible [avoid change of password]
    to this SYS ADMIN ??


    thanks newlly
     
  4. dalem

    dalem Well-Known Member PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,883
    Likes Received:
    117
    Trophy Points:
    368
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    you can get llvm5.0
    from the epel repo
    yum install epel-release

    you can grant a SYS ADMIN password less accesses
    by adding the their SSH public key to your /root/.ssh/authorized_keys file
    or by using the key access in WHM
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,707
    Likes Received:
    436
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice