The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Root Access

Discussion in 'General Discussion' started by ephlox, Feb 27, 2006.

  1. ephlox

    ephlox Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Hi,
    I dont want to use "root" username when i connect by SSH. i want to use another username like "secure" instead of root.

    How i can add user with root previlages for SSH ? i dont want to use "root" as username. Please reply me. Your help will be appreciated.

    Best Regards from,
    Farrukh Hussain
     
  2. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Create a new user ( fred??? )
    ssh fred@your_domain.com
    pass for fred
    xxxxx
    when logged in as fred type:
    su
    hit enter and enter root password.
     
  3. aby

    aby Well-Known Member

    Joined:
    May 31, 2005
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Please don't forget to add that user under the wheel group user
     
  4. ephlox

    ephlox Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    Adding user

    Hi,
    I want to add a super user who will have all root access/previlages, like in windows we can have many user with the previlages of administrator.

    Best Regards from,
    Farurkh Hussain
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well, Linux isn't windows and doesn't use its security model (thankfully). You have a choice, either add a normal user to the wheel group (which you can do in WHM as mentioned above) and disable direct root logins in /etc/ssh/sshd_cronfig and use su - to login to root from the user account. Or, look into sudo and how that works. This allows you to add garnulation to what a user can access at the root level:
    http://www.chinalinuxpub.com/doc/www.siliconvalleyccie.com/linux-hn/sudo.htm
     
  6. Guntion

    Guntion Member

    Joined:
    Dec 16, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Melbourne, Australia
    how do you use SSH?
     
  7. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    ssh root@10.0.0.2


    ssh = program
    root = username
    10.0.0.2 is the servers ip you want to connect to

    If you dont know how to use ssh, just be careful using ROOT !!!!
     
  8. ephlox

    ephlox Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    ssh

    Hi,
    I am using "Putty" for connecting server. i know how to use it. it was not my question. i asked i want to add another user like ROOT. Who will have full access to use all commands as root. I didn't receive any satisfactory answer.

    I am still waiting for reply.

    Best Regards from,
    Farrukh Hussain
     
  9. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    This has actually been answered in this thread, but, to summarise, you have two options:

    1. Add an existing user to the wheel group, allowing you to establish an SSH connection as that user and then switch to the root user (su).

    2. Use the sudo tool to assign relevant privileges to an existing user. The privileges are rather varied, allowing you to grant access only to certain features or to grant full root access.

    May I ask why you want another user with root access? Since the root user already has full root access, what benefit would there be from granting such access to another user?

    Use the man utlity to find documentation for various tasks:

    man adduser - information about how to add a user
    man su - information on the 'su' tool
    man sudo - information on using sudo
     
  10. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Somewhat related to this topic ....

    If you want to be particularily evil, you can do what we do and setup an IPTABLE rule
    to block all connections to SSH ports unless they originate from your IP address.

    Doesn't matter what login name you want .... can't use any of them if you can't reach the server.

    We made that rule primarily because of all the on going brute force SSH hack attempts which are
    pretty pointless but still an annoyance with your logs filled up with failed SSH login attempts.

    iptables -A INPUT -s ! {YOUR IP GOES HERE} -p tcp --dport 22 -j DROP

    (PS: if you try out the above rule, do NOT forget the "!" between "-s" and the IP !!!!!!!)

    Since we added the IPTABLES rule about a year ago, we have not had one single SSH hack attempt
    in our logs and everything is always nice and quiet on the SSH front :)
     
  11. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    It is possible to have more than one user with "root" privledges, we have done this and seen it done in many environments and works fine. You just need to create a user and edit /etc/passwd and change the uid to 0. Do not change the guid leave it as is. I know many corporate environments that do this to seperate multiple server admins they create super id's like superdb, superbm or such.
     
  12. PatrickES

    PatrickES Registered

    Joined:
    Oct 21, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    St. Louis, MO
    It would be a security risk having two accounts with root level rights.

    But I also have another account I use for administrating the server via SSH. Just add the new account to the "wheel" group and disable root logins via SSH.
     
  13. electron33

    electron33 Well-Known Member

    Joined:
    Feb 24, 2004
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    As far as I'm aware, adding a wheel user doesn't stop loggin as root in WHM, which is very bad...
     
  14. Shrek

    Shrek Active Member

    Joined:
    Sep 6, 2004
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Arkansas, USA
    I have a question on this matter.
    Isn't it just as secure to have a very long and tough to guess password and just go ahead and user "root"? I do this on all my servers... strange passwords like:
    ThisTYPE_%pAss-Word#123JkLm^

    I mean the odds on that being cracked is very good in my favor (nobody get excited it's nothing close to any password we use), :D

    I don't mean to stomp on this thread but I do think it is relative the this topic somewhat.
     
  15. electron33

    electron33 Well-Known Member

    Joined:
    Feb 24, 2004
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    Having a strong password is always a good idea, but it's not enough. The question here is why WHM doen't have an option for a 2-level login system like ssh.
     
  16. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I completely agree. I see little additional security in using su from a user account. Indeed, user accounts are usually more easy to compromise by their nature and that could give you a false sense of additional security for your root account. Personally, I'd recommend using key authentication and disabling password authentication altogether.
     
  17. electron33

    electron33 Well-Known Member

    Joined:
    Feb 24, 2004
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    I belive the problem with WHM security model still remains as the weakest link in the chain (assuming you've hardened everything else). You can do lots of things to secure terminal access, but when your WHM access is only as strong as your root password.
     
Loading...

Share This Page