The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH direct root logins are permitted

Discussion in 'Security' started by keat63, Nov 21, 2014.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Security advisor states that SSH logins are permitted for root.
    Before I start asking questions about creating new users and adding to the wheel group(what ever this means), could I ask the following.

    My dedicated server will be used for work only, i will be the only user logging in.
    I've added every subnet except my work, my home and the server provider to CPhulk.
    I've enabled logins from verified IP's only.

    Do i still need to consider tightening root logins through SSH ?
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You should consider either closing the SSH port itself and whitelisting your IPs, or making use of a wheel group user.

    Users in the "wheel" group can use the "su - " command to reach a root prompt. This means you'd ssh as whatever username you added to the wheel group, auth as that user, and then use "su - " to get a root prompt.There is a thread on sshd hardening stickied in this section of the forums. http://forums.cpanel.net/f185/tutor...y-your-server-read-sshd-hardening-403381.html
     
  3. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Before I start reconfiguring and creating wheel users etc.
    I have tightenedd CPHulk and narrowed this down to just 3 IP address.
    Does this work for WHM and SSH ?
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    chaps, i'm still desperately seeking advise on this.

    I will be the only person logging in to our dedicated server. well me and the server providors.
    So i've configured CPHulk to accept only a small list of IP addresses. Everything else is blacklisted.
    Iv'e also granted a small number of IP's access via Host Access control to WHM and SSHD.
    all other ip's are denied acces to WHM and SSHD.

    Is this enough to keep the bad guys out.
    Is there any point in denying root access and creating a wheel group or changing the SSH port.
    To me, it looks impenetrable, but my knowledge of SSH and WHM is no more than a week old.
     
    #4 keat63, Nov 25, 2014
    Last edited: Nov 25, 2014
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    If your IP address(es) are literally the only ones that can access the SSH / WHM port, then changing the port doesn't really matter. Disabling direct root login wouldn't matter a whole lot either at that point.
     
  6. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    hi quizknows

    Would there be any reasons/situations why someone would allow SSH and WHM access to others.
     
  7. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Access to the SSH port is often allowed so users can use SFTP (which is actually file transfer over SSH, not actual ftp, and is much more secure than "normal" FTP).

    Access to WHM is granted in some situations for reseller accounts to manage their own cPanel accounts.
     
  8. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm not a reseller.
    There will only be our own domains on there.

    Using Host manager, ive narrowed down SSH, WHM and FTP to just a hand full of IP's.
    Could anyone suggest any other protocols to block ?
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You could restrict access to any service that you do not plan on opening up to the public. Note that you may still want to install a third-party firewall such as CSF.

    Thank you.
     
  10. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I installed CSF this afternoon, but there's so much config to consider, i now have less of a clue. :-(
    I have noticed some default High, Medium and Low configs.
    I assume it's safe for me to apply any of these ?
     
  11. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I noticed in the CSF monitor the following entry.

    (sshd) Failed SSH login from 220.xxx.xxx.xxx (CN/China/-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]

    If I have SSHD denied in "Host Access Control", does this mean CSF has blocked it first ?
     
  12. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I think I answered my own question.

    SSH is locked down in WHM to only 2 x IP's.
    I tried to log in to SSH using Putty from a 3rd IP, (which had WHM access but not SSH.)
    Putty hung, and I was booted out of WHM
    When I checked, CSF had blaclisted my IP.

    I whitelisted it, and tried again, this time Putty still hung, but i was no longer blacklisted in CSF.
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page