The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Locked out of WHM and SSH password root login

Discussion in 'General Discussion' started by BianchiDude, May 2, 2012.

  1. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    This morning I had a few server today where I was locked out of WHM and SSH password root login. Luckily I had an SSH key, I tried resetting the password, no luck, non-root users could SSH in OK.

    I ran upcp and then was able to log in.

    Did anyone else have this problem?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I suggest checking the brute force history via:

    "WHM >> Security Center >> cPHulk Brute Force Protection"

    It's possible the "root" user was locked out by cPhulk, thus you were unable to login. You can also search for your IP address in:

    # /usr/local/cpanel/logs/cphulkd.log

    Thank you.
     
  3. texo

    texo Well-Known Member

    Joined:
    Mar 28, 2007
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    16
    No, this happened to me today as well. Not using cphulk.
    Luckily I too had SSH key access (from another server which backs up to the server I was locked out of).
    I changed root password via SSH from the second server, but that didn't make any difference.

    I then thought to check sshd config file and saw that allow root login was commented out (disallowing root access via SSH).

    Don't know how this happened, I am the only person with access to this server.
     
  4. tmyrdal

    tmyrdal Registered

    Joined:
    Feb 4, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Me also is experiance this Im totaly locked out now, I can log in to my server with SSH but when I write passwd and then write in my new password. Its seams to work as I dont get anny error message. But I cant still not log in to root WHM in webbrowser.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you let us know if you checked to see if cPHulkd was the culprit?

    Thank you.
     
  6. tomxml

    tomxml Registered

    Joined:
    Apr 6, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    I am having the same problem. I am unable to log in with root to WHM nor to SSH. I am able to log in with other users though from the same IP.
    On some servers I had a reseller account with all permissions, so I was able to white list my IP after loggin in.
    Then I was able to log in as root again.

    It does not seem like a normal brute force, because usually it blocks an IP, not a user.
    Can it be that a user (root) has been blocked?
    What can I do if the root user is blocked and I cannot access WHM nor SSH?
    Is there any way to solve this issue?

    Thanks
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, it's possible for cPHulk to prevent users from authenticating. There is setting for this in "WHM Home » Security Center » cPHulk Brute Force Protection":

    "Maximum Failures By Account"

    You can wait for the lockout time period to end, or consult with your data center/hosting provider to have them disable cPHulk with console access via the following commands:
    Code:
    for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done
    /usr/local/cpanel/bin/cphulk_pam_ctl --disable
    Thank you.
     
  8. mjdj1999

    mjdj1999 Member

    Joined:
    Jan 17, 2009
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Fannett, Texas, United States
    I am using the latest version of WHM and Centos 6.

    I am using a dedicated server with OVH and I am in recovery mode at the moment. I can see Centos files but nothing else. I cannot run any cpanel commands in SSH but can run other basic commands. Any help would be greatly appreciated.

    - - - Updated - - -

    I am on the phone with them again. The first go around with them wasn't very productive. They don't seem to want to do this.

    I have fixed the problem so now I am going to post what I did to help others. I worked on it for nearly 10 hours.

    I use OVH for my server and although they have good products, they provide zero (0) support for it.

    Here is some documentation that helped me (If you use OVH):
    (You must follow this word for word and dont skip a step)

    When you are done your command will look like this:
    When it does, run this (Taken from Michaels post above):
    Change your password:
    Put your "Netboot" back to "Hard Drive" then restart.

    This was all from me setting cpHulk to be too aggressive and clearing my browser cache. I hope that this will help someone else in the future.
     
    #8 mjdj1999, Nov 1, 2014
    Last edited: Nov 1, 2014
  9. manie20

    manie20 Registered

    Joined:
    Oct 8, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I wish to comment on this issue.
    I have the same with my DNSOnly cluster.

    Is there a way to know when the account lock will be released again?
    (I assume cPhulk blocked out my root account as well. )

    Sadly my hosting provider does not offer a rescure image for my VPS, so I need to figure out howto get back on.
    ( Currently I can only login as a normal user. but switching to root is impossible.)

    Thanks for any insights.

    Regards,
    Armand
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    672
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can ask your VPS provider to enter your VPS from the hardware node and run the following commands to disable cPHulk:

    Code:
    for i in `ps aux | grep -i "cphulkd - process" | awk {'print $2'}` ;do kill -9 $i ;done
    /usr/local/cpanel/bin/cphulk_pam_ctl --disable
    
    Thank you.
     
Loading...

Share This Page