Limited ROOT access with SSH Key?

000

Well-Known Member
Jun 3, 2008
446
20
68
Hello.

I have my server with CentOs 7 and cPanel.
I need SYS ADMIN install PgSQL version 11.1
I am desperated, forever I get errors.

... is possible give access ROOT with SSH KEY but:

  1. restrict this acces to 1 or 2 IPs?
  2. avoid change of password?
  3. save LOG of ANY command executeed by this anonymus admin?
this SYS ADMIN require ROOT access becuse he need install/compile/fixed software as PgSQL 11.1:
Code:
https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm
, C++, etc...



Finally:
... really can run PgSQL 11.1 over cPanel?

I know the script
Code:
/usr/local/cpanel/scripts/installpostgres
but I require PgSQL 11.1


Thanks by your help
 
Last edited by a moderator:

dalem

Well-Known Member
PartnerNOC
Oct 24, 2003
2,983
157
368
SLC
cPanel Access Level
DataCenter Provider
assuming you are running ssh on port 22

run

iptables -A INPUT -s myip -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s myotherip -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

then save your iptables rules so it will survive a restart

if you are running csf add rules to csfpost.sh csfpre.sh respectively


for a non cpanel supported PgSQL you will have to install it manually
 

000

Well-Known Member
Jun 3, 2008
446
20
68
cpanel supported PgSQL you will have to install it manually
THANKS A LOT!!

oh, yes!,
just you can see I run:
Code:
yum install postgresql-jdbc.noarch postgresql-jdbc-javadoc.noarch postgresql-pgpool-II.x86_64 postgresql-pgpool-II-devel.x86_64 postgresql-pgpool-II-extensions.x86_64 postgresql-plruby.x86_64 postgresql-plruby-doc.x86_64 postgresql-unit11.x86_64 postgresql-unit11-debuginfo.x86_64 postgresql11.x86_64 postgresql11-contrib.x86_64 postgresql11-debuginfo.x86_64 postgresql11-devel.x86_64 postgresql11-docs.x86_64 postgresql11-libs.x86_64 postgresql11-llvmjit.x86_64 postgresql11-odbc.x86_64 postgresql11-plperl.x86_64 postgresql11-plpython.x86_64 postgresql11-pltcl.x86_64 postgresql11-server.x86_64 postgresql11-tcl.x86_64 postgresql11-test.x86_64 postgresql_anonymizer11.noarch
but ever I get erros...

(my last:
Code:
--> Processing Dependency: llvm5.0 >= 5.0 for package: postgresql11-llvmjit-11.1-1PGDG.rhel7.x86_64
--> Finished Dependency Resolution
Error: Package: postgresql11-llvmjit-11.1-1PGDG.rhel7.x86_64 (pgdg11)
           Requires: llvm5.0 >= 5.0
)

by this motive I need give access to unknowed SYS ADMIN...

About your kind answer:
is possible [avoid change of password]
to this SYS ADMIN ??


thanks newlly
 

dalem

Well-Known Member
PartnerNOC
Oct 24, 2003
2,983
157
368
SLC
cPanel Access Level
DataCenter Provider
you can get llvm5.0
from the epel repo
yum install epel-release

you can grant a SYS ADMIN password less accesses
by adding the their SSH public key to your /root/.ssh/authorized_keys file
or by using the key access in WHM
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston