The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH direct root logins are disabled

Discussion in 'Security' started by Nirjonadda, Apr 22, 2015.

  1. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    151
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Hi,

    I have recently disabled SSH direct root logins on my server as some one suggested to do so because i had many security issues.How ever my new problem is now I'm not able to access SSH server anyway.

    When i try to use Putty, i get this error
    "Server refused public-key signature despite accepting key!"
    So basically now i cannot login to SSH via username/password or by the public/private key.
    Also i cannot login via WinSCP or any other tool. It says "Access denied"

    The only way i can get in to my server is via WHM / Web browser.

    So my question is
    * Is there any way to get in to my server root files without SSH? If yes i can remove the SSH direct login restriction.
    * Why WinSCP or Putty not working from public/private keys?

    Thank you very much
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    If you have any way to (or can ask your host to), change the sshd_config setting for PermitRootLogin from "no" to:

    PermitRootLogin without-password

    This will let key based logins work without allowing password logins for root.
     
    JonTheWong likes this.
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    You may want to try running a temporary instance of SSH to see if it allows you to access your server to investigate:

    Code:
    https://IP:2087/cpsess12345678/scripts2/doautofixer?autofix=safesshrestart
    You would replace "IP" with the server's IP address and the session number with what's displayed in your address bar. Note that this is simply a temporary instance of SSH so you can login and determine what's wrong with the standard SSH service. Then, use the following guide to update your SSH configuration:

    SSH Hardening Guide

    Thank you.
     
Loading...

Share This Page