Hello, i would like to ask if i can anyhow completelly disable shell access to
user. As im receiving emails from config server firewall with subject "SSH login
alert for user USERNAMEHERE from IPHERE" and in the content is "Method:
keyboard-interactive/pam authentication"
while i have disabled SSH access for that cpanel user account in WHM? (i go to
account modiffy page and i see "Shell Access" unticked..
I did commands:
# cat /etc/passwd | grep bfzagjtm
bfzagjtm:x:849:858::/home/bfzagjtm:/usr/local/cpanel/bin/noshell
then i did:
# usermod -s /sbin/nologin bfzagjtm
then again:
# cat /etc/passwd | grep bfzagjtm
bfzagjtm:x:849:858::/home/bfzagjtm:/sbin/nologin
but im still receiving that SSH login emails
here is SSH log:
should i block that IP or can i do anything else?
user. As im receiving emails from config server firewall with subject "SSH login
alert for user USERNAMEHERE from IPHERE" and in the content is "Method:
keyboard-interactive/pam authentication"
while i have disabled SSH access for that cpanel user account in WHM? (i go to
account modiffy page and i see "Shell Access" unticked..
I did commands:
# cat /etc/passwd | grep bfzagjtm
bfzagjtm:x:849:858::/home/bfzagjtm:/usr/local/cpanel/bin/noshell
then i did:
# usermod -s /sbin/nologin bfzagjtm
then again:
# cat /etc/passwd | grep bfzagjtm
bfzagjtm:x:849:858::/home/bfzagjtm:/sbin/nologin
but im still receiving that SSH login emails
here is SSH log:
Code:
# tail /var/log/secure
Mar 10 10:43:28 hostname sshd[1633]: pam_unix(sshd:session): session closed for user bfzagjtm
Mar 10 10:43:53 hostname sshd[6789]: Accepted keyboard-interactive/pam for bfzagjtm from IPHERE port 50383 ssh2
Mar 10 10:43:53 hostname sshd[6789]: pam_unix(sshd:session): session opened for user bfzagjtm by (uid=0)
Mar 10 10:43:53 hostname sshd[6822]: subsystem request for sftp
Mar 10 10:44:55 hostname sshd[6789]: pam_unix(sshd:session): session closed for user bfzagjtm
Mar 10 10:46:00 hostname sshd[8189]: Accepted keyboard-interactive/pam for bfzagjtm from IPHERE port 46570 ssh2
Mar 10 10:46:00 hostname sshd[8189]: pam_unix(sshd:session): session opened for user bfzagjtm by (uid=0)
Mar 10 10:46:01 hostname sshd[8210]: subsystem request for sftp
Mar 10 10:47:03 hostname sshd[8189]: pam_unix(sshd:session): session closed for user bfzagjtm
Mar 10 10:58:29 hostname usermod[16040]: change user 'bfzagjtm' shell from '/usr/local/cpanel/bin/noshell' to '/sbin/nologin'
