SSH access becomes disabled

[hal]

Hi all

We allow our reseller customers SSH access for their main WHM accounts, and end users for limited periods upon request. We use WHM to enable the facility, and it works fine. However, after an arbitary period of time, SSH access is disabled without our intervention. This causes extra work and inconvenience to both us and our customers, as it means that they have to contact us yet again, and we have to manually reenable it.

Does anybody know why this happens, and how we can prevent it? Once we have authorsed and enabled SSH access, we would like it to stay enabled, and not reset on its own accord.

Thanks to all!

Hal

 

[techark]

Hmm wish my servers had that feature.

Then I could enable it for a user to do some work and not have to remember to go back and disable it a few hours or days later.

 

[chris74108]

Hi all

We allow our reseller customers SSH access for their main WHM accounts, and end users for limited periods upon request. We use WHM to enable the facility, and it works fine. However, after an arbitary period of time, SSH access is disabled without our intervention. This causes extra work and inconvenience to both us and our customers, as it means that they have to contact us yet again, and we have to manually reenable it.

Does anybody know why this happens, and how we can prevent it? Once we have authorsed and enabled SSH access, we would like it to stay enabled, and not reset on its own accord.

Thanks to all!

Hal

Simple take away whm access from everyone but yourself. Problem solved....

 

[hal]

Hmm wish my servers had that feature.

Then I could enable it for a user to do some work and not have to remember to go back and disable it a few hours or days later.

Really, techark? Then maybe there is some problem with our configuration. I agree that it is very useful for end users, but not for resellers, who require access on a frequent basis.

Does anyone have any suggestions about why there are differences in the way this works for us compared with techark?

Thanks
Hal

 

[hal]

nudge!

Is anyone able to help? This really is driving us mad!

 

[chris74108]

I was not kidding. Remove whm access from everyone else and change your root pass.
Someone is disabling it.

 

[sparek-3]

If you Upgrade/Downgrade an account or if a reseller Upgrade/Downgrades an account, I believe SSH access is reset. Atleast that seems to be the case with our servers, might be an option somewhere though.

 

[nettigritty]

Check if SSH access is enabled in the packages created.

 

[hal]

That is highly unlikely. It has worked this way on all our servers, including ones we've had a couple of years. I assure you, these have not been hacked, and there is no-one physically tampering with SSH.

Would any CPanel staff mind contributing to this, please? Is there any CPanel code that automatically disables SSH access?

Thanks
Hal

 

[hal]

By the way, my last answer was to Chris.


Thank you for your response, nettigritty.


But mainly. thank you, Sparek-3! That's great, as you have confirmed exactly what I am talking about! Changing the package does indeed disable SSH. Is there any way that we can change the scripts to disable this feature? Where can we safely do this?

I also believe that other actions cause. Can anyone give a definitive list as to what these are? Can these also be disabled?

Thanks

 

[nettigritty]

If SSH access is enabled in the package that you upgrade / downgrade to it would stay enabled. But.. if that package had Shell Access unticked, it would get disabled when you up/down the account. Edit packages and make sure Shell Access is ticked.

If you don't intend on giving out SSH access to everyone, you could setup seperate SSH enabled packages.

 

[hal]

Thank you, again, nettigritty.

With your help, I see now what the packages script is doing - it is indiscriminately overwriting settings to existing accounts, which possibly results in changes that:
1) may not need to be changed, as they are already at the correct setting
2) Admins don't necessarily want changed

Is there any possibility that this functionality will be improved? When a package is amended, there are several different scenarios that would be wanted:

1) Change the settings for the package, so that all new accounts based on that package will inherit the new settings, and existing accounts will be reset to conform to the package (the current behavior)

2) Change the settings for the package, so that all new accounts based on that package will inherit the new settings, and *only selected existing accounts* will be reset to conform to the package

3) Change the settings for the package, so that all new accounts based on that package will inherit the new settings, but *no existing accounts* will be reset or changed in any way.

I feel an interactive interface for this process, with radio buttons stating "Reset all accounts", "Reset selected accounts" and "Don't reset any accounts" would make this new functionality intuitive enough for the administrator or reseller.

I can understand the reasons why this may not have been catered for in the past. Previously, SSH has been considered a “value add”, synonymous with a different level of package, whereby server owners would charge more for a package with SSH access. However, these days, SSH access is much more common, being essential for certain tasks (like setting up Rails etc). Hence, nowadays, I feel that granting SSH access is a totally separate process compared with redefining a package, and therefore one should not necessarily impact upon the other.

I hope the benefits that I have described will be clear to everyone, and that the CPanel developers would seriously consider making these changes to improve the product in a future release.

Sincerely
Hal

 

[hal]

nudge

Is there any chance a member of CPanel's staff could indicate whether these suggestions could be considered? It would make such a difference!

Thanks
Hal

 

[dgbaker]

You would need to create an enhancement request here -> http://bugzilla.cpanel.net/ once done you would post the link back here for others to vote on.

 

[hal]

OK, thanks David, I will do that!
Regards
Hal

 

[Kerstin]

When you use some search engines you can found a lot of hints in the databases.

I hope this link can help.

[EMAIL="http://www.experts-exchange.com/Networking/Linux_Networking/Q_21422843.html"]http://www.experts-exchange.com/Networking/Linux_Networking/Q_21422843.html[/EMAIL]

 

[myusername]

Basically what needs to happen is each account has a database entry for it's assigned package. That would be a start.

That would eliminate the whole problem of when you edit a package specification, it affecting every user on the server, when all you wanted to do was make the new plan specs available to new customers.

It would also eliminate the whole shell vanishing problem that occurs when packages are edited and a special user has a shell.

So when wwwacct executes it takes a snapshot of the current plan and stores it for that user. Then users can truly have the package they signed up and paid for.

Once they have their package presets saved / associated with their account, you could edit accounts on a "per site" basis, not server-wide, and settings like shell can be available to selected users. Heck with this sort of functionality you could set a timed shell like you guys are talking about that disables itself based on the time stamp using a cron.

I've always wondered why this was never part of cPanel.

 

[hal]

Thank you for this brilliant contribution. I am really glad that there are others out there that are also finding it difficult to operate with the current CPanel behaviour.

Does anyone else have a view on this topic? If so, please post it here!

Hal