The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Root Password Problem

Discussion in 'General Discussion' started by emaster, Mar 1, 2005.

  1. emaster

    emaster Member

    Joined:
    Mar 1, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I have just as a security measure changed root password. I have the password written down and the program I generated the password from says I am entering the correct password but it will not let me login as root either in whm or ssh...

    Please can anyone help. :confused:
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The only thing you can do is to contact your datacenter and have them connect via the console and have them reset your root password for you, it cannot be done remotely.

    I'd then advise that you research using key authentication for SSH login to the root account to avoid that problem in the future.
     
  3. emaster

    emaster Member

    Joined:
    Mar 1, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thanks For That

    Hi Chirpy

    Thanks for your help...I am seeing if the datacenter can do that for me as we speak..

    Gary
     
  4. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    In my opinion it would be better to disable remote root login altogether, and instead use sudo so the root password is never needed.
     
  5. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The advantage of not having to su to root all the time, by allowing a single IP to connect to a second SSH daemon using key authentication on an uncommon port, makes many server tasks a whole lot easier.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. Key authentication is leagues more secure than any password based system, especially sudo. Once you start allowing non-priv users to do priv operations you're simply opening yourself up for more trouble. With key authentication enabled and password access disabled you're only realistic next level of access security would be to use port knocking with key authentication.
     
  7. astopy

    astopy Well-Known Member

    Joined:
    Apr 3, 2003
    Messages:
    165
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    My way of thinking is that if it is not possible to login directly as root, and only key-based authentication is allowed, then an attacker would have to guess the username of the account you use as an admin, crack your public key and crack your password in order to authenticate with sudo. To me this seems more secure than simply requiring a key to login as root, even if you do have a second daemon running (it would not take long for a determined attacker to find it, no matter which port you put it on).
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I wouldn't disagree with that, on the proviso that the alternative account is not a cPanel account :) Having said that, cracking an SSH key if you only have root key authentication enabled would be no mean feat.
     
Loading...

Share This Page