The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH access becomes disabled

Discussion in 'General Discussion' started by hal, Sep 25, 2006.

  1. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Hi all

    We allow our reseller customers SSH access for their main WHM accounts, and end users for limited periods upon request. We use WHM to enable the facility, and it works fine. However, after an arbitary period of time, SSH access is disabled without our intervention. This causes extra work and inconvenience to both us and our customers, as it means that they have to contact us yet again, and we have to manually reenable it.

    Does anybody know why this happens, and how we can prevent it? Once we have authorsed and enabled SSH access, we would like it to stay enabled, and not reset on its own accord.

    Thanks to all!

    Hal
     
  2. techark

    techark Well-Known Member

    Joined:
    May 22, 2002
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    Hmm wish my servers had that feature.

    Then I could enable it for a user to do some work and not have to remember to go back and disable it a few hours or days later.
     
  3. chris74108

    chris74108 Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    Simple take away whm access from everyone but yourself. Problem solved....
     
  4. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1

    Really, techark? Then maybe there is some problem with our configuration. I agree that it is very useful for end users, but not for resellers, who require access on a frequent basis.

    Does anyone have any suggestions about why there are differences in the way this works for us compared with techark?

    Thanks
    Hal
     
  5. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    nudge!

    Is anyone able to help? This really is driving us mad!
     
  6. chris74108

    chris74108 Well-Known Member

    Joined:
    Apr 30, 2004
    Messages:
    86
    Likes Received:
    0
    Trophy Points:
    6
    I was not kidding. Remove whm access from everyone else and change your root pass.
    Someone is disabling it.
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    If you Upgrade/Downgrade an account or if a reseller Upgrade/Downgrades an account, I believe SSH access is reset. Atleast that seems to be the case with our servers, might be an option somewhere though.
     
  8. nettigritty

    nettigritty Well-Known Member
    PartnerNOC

    Joined:
    Jan 21, 2004
    Messages:
    194
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bangalore, India
    Check if SSH access is enabled in the packages created.
     
  9. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    That is highly unlikely. It has worked this way on all our servers, including ones we've had a couple of years. I assure you, these have not been hacked, and there is no-one physically tampering with SSH.

    Would any CPanel staff mind contributing to this, please? Is there any CPanel code that automatically disables SSH access?

    Thanks
    Hal
     
  10. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    By the way, my last answer was to Chris.


    Thank you for your response, nettigritty.


    But mainly. thank you, Sparek-3! That's great, as you have confirmed exactly what I am talking about! Changing the package does indeed disable SSH. Is there any way that we can change the scripts to disable this feature? Where can we safely do this?

    I also believe that other actions cause. Can anyone give a definitive list as to what these are? Can these also be disabled?

    Thanks
     
  11. nettigritty

    nettigritty Well-Known Member
    PartnerNOC

    Joined:
    Jan 21, 2004
    Messages:
    194
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bangalore, India
    If SSH access is enabled in the package that you upgrade / downgrade to it would stay enabled. But.. if that package had Shell Access unticked, it would get disabled when you up/down the account. Edit packages and make sure Shell Access is ticked.

    If you don't intend on giving out SSH access to everyone, you could setup seperate SSH enabled packages.
     
  12. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Thank you, again, nettigritty.

    With your help, I see now what the packages script is doing - it is indiscriminately overwriting settings to existing accounts, which possibly results in changes that:
    1) may not need to be changed, as they are already at the correct setting
    2) Admins don't necessarily want changed

    Is there any possibility that this functionality will be improved? When a package is amended, there are several different scenarios that would be wanted:

    1) Change the settings for the package, so that all new accounts based on that package will inherit the new settings, and existing accounts will be reset to conform to the package (the current behavior)

    2) Change the settings for the package, so that all new accounts based on that package will inherit the new settings, and *only selected existing accounts* will be reset to conform to the package

    3) Change the settings for the package, so that all new accounts based on that package will inherit the new settings, but *no existing accounts* will be reset or changed in any way.

    I feel an interactive interface for this process, with radio buttons stating "Reset all accounts", "Reset selected accounts" and "Don't reset any accounts" would make this new functionality intuitive enough for the administrator or reseller.

    I can understand the reasons why this may not have been catered for in the past. Previously, SSH has been considered a “value add”, synonymous with a different level of package, whereby server owners would charge more for a package with SSH access. However, these days, SSH access is much more common, being essential for certain tasks (like setting up Rails etc). Hence, nowadays, I feel that granting SSH access is a totally separate process compared with redefining a package, and therefore one should not necessarily impact upon the other.

    I hope the benefits that I have described will be clear to everyone, and that the CPanel developers would seriously consider making these changes to improve the product in a future release.

    Sincerely
    Hal
     
  13. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    nudge

    Is there any chance a member of CPanel's staff could indicate whether these suggestions could be considered? It would make such a difference!

    Thanks
    Hal
     
  14. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    You would need to create an enhancement request here -> http://bugzilla.cpanel.net/ once done you would post the link back here for others to vote on.
     
  15. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    OK, thanks David, I will do that!
    Regards
    Hal
     
  16. Kerstin

    Kerstin Well-Known Member

    Joined:
    Apr 9, 2005
    Messages:
    136
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Berlin
  17. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Basically what needs to happen is each account has a database entry for it's assigned package. That would be a start.

    That would eliminate the whole problem of when you edit a package specification, it affecting every user on the server, when all you wanted to do was make the new plan specs available to new customers.

    It would also eliminate the whole shell vanishing problem that occurs when packages are edited and a special user has a shell.

    So when wwwacct executes it takes a snapshot of the current plan and stores it for that user. Then users can truly have the package they signed up and paid for.

    Once they have their package presets saved / associated with their account, you could edit accounts on a "per site" basis, not server-wide, and settings like shell can be available to selected users. Heck with this sort of functionality you could set a timed shell like you guys are talking about that disables itself based on the time stamp using a cron.

    I've always wondered why this was never part of cPanel.
     
  18. hal

    hal Member

    Joined:
    Apr 12, 2006
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for this brilliant contribution. I am really glad that there are others out there that are also finding it difficult to operate with the current CPanel behaviour.

    Does anyone else have a view on this topic? If so, please post it here!

    Hal
     
Loading...

Share This Page