Setup Remote Access Key - Need to remove from reseller WHM panels, but how?

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
Setup Remote Access Key

I need to remove this feature from the reseller WHM panels, just to stop a cascade of "How do I use this?" questions. But I don't see any way of doing that. Anyone?
 

NT

Well-Known Member
May 4, 2004
137
0
166
England, UK
Hi,

I believe you can disable this through Reseller Privileges in the Reseller area of WHM.

Hope that helps.
 

jondolar

Well-Known Member
Feb 15, 2004
46
0
156
Cant remove Cluster/Remote Access for Reseller

I have the same problem.
WHM 10.8.0 cPanel 10.8.2-S120
CentOS 4.4 i686 - WHM X v3.1.0

Reseller privs don't have cluster enabled but if I log in as the user I get the ability to view and change the WHM key.

This is a security issue for sure.
 

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
I am personally getting a little tired of the enduring vulnerabilities like this, and the little stuff like the typos in the vsite cPanels.

Did you make out a bugzilla report for this latest thing?
 

jondolar

Well-Known Member
Feb 15, 2004
46
0
156
Everything is ok

I opened a ticket last night and got a quick reply.

When the reseller logs in they can see their own Key. I did not know that there were multiple keys. Resellers have their own remote access key which they can change.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
Please read the documentation on this feature: Setup Remote Access Key

The only way "disable" this is by editing your WHM theme and removing the reference. The following shows how to do this:

Edit /usr/local/cpanel/whostmgr/docroot/themes/<themename>/comand Move the
ENDWHMDEFINE statement on line 331 two lines down, just after the next <br />
tag. This will cause the "Setup Remote Access Key" functionality to only
display if someone has ROOT or CLUSTERING access.

Note: you should do this in a copy of your WHM theme, otherwise the next upcp
update will overwrite your changes.
As jondalar noted, each reseller, which includes root, has a Remote Accesss Key assigned, and can create a new one, thereby invalidating the old. When a reseller creates a new Remote Access Key, it is his key only that gets regenerated. Likewise when viewing the Remote Access key, the reseller only sees his own. Scripts and Applications that use this key for validation can only perform the same actions that the reseller could via the WHM interface.