The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Setup Remote Access Key - Need to remove from reseller WHM panels, but how?

Discussion in 'General Discussion' started by jols, May 2, 2006.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Setup Remote Access Key

    I need to remove this feature from the reseller WHM panels, just to stop a cascade of "How do I use this?" questions. But I don't see any way of doing that. Anyone?
     
  2. NT

    NT Well-Known Member

    Joined:
    May 4, 2004
    Messages:
    137
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    Hi,

    I believe you can disable this through Reseller Privileges in the Reseller area of WHM.

    Hope that helps.
     
  3. jondolar

    jondolar Well-Known Member

    Joined:
    Feb 15, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Cant remove Cluster/Remote Access for Reseller

    I have the same problem.
    WHM 10.8.0 cPanel 10.8.2-S120
    CentOS 4.4 i686 - WHM X v3.1.0

    Reseller privs don't have cluster enabled but if I log in as the user I get the ability to view and change the WHM key.

    This is a security issue for sure.
     
  4. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    No answer yet

    To date, I haven't received any answer from cPanel for the same Q.
     
  5. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I am personally getting a little tired of the enduring vulnerabilities like this, and the little stuff like the typos in the vsite cPanels.

    Did you make out a bugzilla report for this latest thing?
     
  6. hariskhan

    hariskhan Well-Known Member

    Joined:
    Apr 15, 2004
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    #6 hariskhan, Sep 28, 2006
    Last edited: Sep 28, 2006
  7. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Wow, since last July. THIS IS NUTS!!!!!!!!

    Do they not care if cPanel vsite resellers are able to take down the entire server?

    I just put in one too, before I found that you had as well:

    http://bugzilla.cpanel.net/show_bug.cgi?id=4635
     
  8. jondolar

    jondolar Well-Known Member

    Joined:
    Feb 15, 2004
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Everything is ok

    I opened a ticket last night and got a quick reply.

    When the reseller logs in they can see their own Key. I did not know that there were multiple keys. Resellers have their own remote access key which they can change.
     
  9. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Please read the documentation on this feature: Setup Remote Access Key

    The only way "disable" this is by editing your WHM theme and removing the reference. The following shows how to do this:

    As jondalar noted, each reseller, which includes root, has a Remote Accesss Key assigned, and can create a new one, thereby invalidating the old. When a reseller creates a new Remote Access Key, it is his key only that gets regenerated. Likewise when viewing the Remote Access key, the reseller only sees his own. Scripts and Applications that use this key for validation can only perform the same actions that the reseller could via the WHM interface.
     
Loading...

Share This Page