Jan 27, 2013
cPanel Access Level
Website Owner

I am working to improve my site's security.
In this site,

10 Tips for making your cPanel and WHM servers more secure | cPanel, Inc.

It says there

2) Secure SSH
Enable public key authentication for SSH and disable password authentication read more >>
Move SSH access to a different port. People are looking for port 22 as a possible way to access your servers. Moving SSH to a different port will add a simple way to deter those without specific knowledge of your server from easily discovering your SSH port.
You can modify the port that SSH runs on within /etc/ssh/sshd_config. Change the line that says #Port 22 to a different port such as: Port 1653. Make sure to keep your current SSH session open when testing the new port so you can change back to port 22 if the new port doesn’t work.

I cannot find the /etc/ssh/sshd_config in my directory. Under etc, I only have one folder related caching. I made sure that the hidden files are visible. Is there a way to configure it?

In addition, I am working to disable password authentication and instead enable public key authentication. Here Using Public Key Authentication for SSH and transfers | cPanel, Inc. it says

go to Tweak Security in the Security section of WebHost Manager and configure the SSH Password Auth Tweak. Make sure this is set to disabled by clicking on Disable Password Auth.

Under security section of my cpanel, I only have the following

Password Protect Directories
IP Deny Manager
SSL/TLS Manager
SSH/Shell Access
HotLink Protection
Leech Protect
GnuPG Keys

How do I activate it?

Thank you very much and Any help will be deeply appreciated. ^_^


Well-Known Member
Feb 25, 2010
Houston, TX
cPanel Access Level
Root Administrator
You are not going to have access to /etc/ssh/sshd_config. The etc directory you see is in your account's home directory, not in the server's root directory. It is not the same directory, and you do not have access to the server's /etc directory, so you do not have access to modify the server's sshd_config file. Only the server administrator does.

You do not have access to Tweak Settings. That is in the WebHost Manager, not in cPanel. Individual site owners do not have access to the WHM.

Password and public key authentication refer to shell access, which most hosts leave disabled for their hosting customers, which, from the vantage point of trying to secure your site, renders this point moot. It has nothing to do with logging into cPanel or anything on your actual site.

Since you are not the server administrator, you do not have the access required to carry out the items in the security tutorial you found. Those items are the server administrator's concern, not an individual Web site owner's, and the tutorial is written from the perspective of the security of the server as a whole, not an individual site.

If you are concerned about the server's security, talk to your host. You do not have the access needed to do anything you have listed.