Setup Remote Access Key - Need to remove from reseller WHM panels, but how?

jols · May 2, 2006

Setup Remote Access Key

I need to remove this feature from the reseller WHM panels, just to stop a cascade of "How do I use this?" questions. But I don't see any way of doing that. Anyone?

NT · May 2, 2006

Hi,

I believe you can disable this through Reseller Privileges in the Reseller area of WHM.

Hope that helps.

jondolar · Sep 27, 2006

Cant remove Cluster/Remote Access for Reseller

I have the same problem.
WHM 10.8.0 cPanel 10.8.2-S120
CentOS 4.4 i686 - WHM X v3.1.0

Reseller privs don't have cluster enabled but if I log in as the user I get the ability to view and change the WHM key.

This is a security issue for sure.

hariskhan · Sep 28, 2006

No answer yet

To date, I haven't received any answer from cPanel for the same Q.

jols · Sep 28, 2006

I am personally getting a little tired of the enduring vulnerabilities like this, and the little stuff like the typos in the vsite cPanels.

Did you make out a bugzilla report for this latest thing?

hariskhan · Sep 28, 2006

I posted the bug on cpanel's bugzilla website

I have posted it as a bug on bugzilla.cpanel.net. The bug report I put there;

http://bugzilla.cpanel.net/show_bug.cgi?id=4421

Am waiting for an answer or resolution, since.

jols · Sep 28, 2006

Wow, since last July. THIS IS NUTS!!!!!!!!

Do they not care if cPanel vsite resellers are able to take down the entire server?

I just put in one too, before I found that you had as well:

http://bugzilla.cpanel.net/show_bug.cgi?id=4635

jondolar · Sep 28, 2006

Everything is ok

I opened a ticket last night and got a quick reply.

When the reseller logs in they can see their own Key. I did not know that there were multiple keys. Resellers have their own remote access key which they can change.

cPanelKenneth · Sep 28, 2006

Please read the documentation on this feature: Setup Remote Access Key

The only way "disable" this is by editing your WHM theme and removing the reference. The following shows how to do this:

Edit /usr/local/cpanel/whostmgr/docroot/themes/<themename>/comand Move the
ENDWHMDEFINE statement on line 331 two lines down, just after the next <br />
tag. This will cause the "Setup Remote Access Key" functionality to only
display if someone has ROOT or CLUSTERING access.

Note: you should do this in a copy of your WHM theme, otherwise the next upcp
update will overwrite your changes.

As jondalar noted, each reseller, which includes root, has a Remote Accesss Key assigned, and can create a new one, thereby invalidating the old. When a reseller creates a new Remote Access Key, it is his key only that gets regenerated. Likewise when viewing the Remote Access key, the reseller only sees his own. Scripts and Applications that use this key for validation can only perform the same actions that the reseller could via the WHM interface.

Thread starter	Similar threads	Forum	Replies	Date
	keep getting xx-xx-xx-xx.cprapid.com in my SSL certificates under my hostname in Ubuntu cpanel setup	Account Administration	17	Feb 15, 2022
	SOLVED Accounts show setup date "2070-01-01 00:00"	Account Administration	6	Nov 16, 2020
J	SETUP DATE ERROR	Account Administration	3	Jul 20, 2020
T	Version 70 missing Basic WebHost Manager® Setup?	Account Administration	1	Apr 20, 2018
	Basic WebHost Manager® Setup - reset on its own	Account Administration	13	Mar 21, 2018

Search

Search

Setup Remote Access Key - Need to remove from reseller WHM panels, but how?

jols

Well-Known Member

NT

Well-Known Member

jondolar

Well-Known Member

hariskhan

Well-Known Member

jols

Well-Known Member

hariskhan

Well-Known Member

jols

Well-Known Member

jondolar

Well-Known Member

cPanelKenneth

cPanel Development