The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH, passwords and clients

Discussion in 'General Discussion' started by iLLuSi0nS, Nov 2, 2008.

  1. iLLuSi0nS

    iLLuSi0nS Active Member

    Joined:
    Jun 9, 2007
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    I am a web designer and use dreamweaver to work on all my clients websites. I dont like using FTP (too unsecure) and would rather use SFTP to login to my clients accounts, but SFTP wont allow you to use your customers username and your root password to login (with FTP you can) , you must use their password.

    So my question is, is there something I can do? What do you guys suggest? Is there a way of seeing your clients password without resetting it? I dont want to ask the client for their passwords especially since I have so many and people change passwords all the time. I just want to be able to use 1 password for all my clients, but I would never login with my root password over regular unsecure FTP. What can I do?
     
  2. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Lol? Are you serious right now?

    the reason you cannot login to SFTP is because ssh isnt enabled on there Account. Why would your customers want to give you SSH access? it's far more insecure for them to give you that so you can, dare i say it, root there box? There is not much wrong with FTP afterall you're only uploading an Website..
     
  3. iLLuSi0nS

    iLLuSi0nS Active Member

    Joined:
    Jun 9, 2007
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    First of all, you need to stop assuming people are idiots, not everyone is stupid like you think.

    SSH is enabled for all my users, and the reason they would want to give me ssh access is because it is my server in the first place, and they are just users, none of them even know what ssh is. I can easily ssh into my entire server as root and do it that way, but the files that I create will automatically become owned by "root" instead of their username which will defeat the purpose of things and give errors with suhosin.

    There is a lot wrong with ftp, if I use their username and password, logging in through FTP even though its JUST a website upload, your username and password are being transferred in plain sight for anyone to see. They will easily have the clients username and password so they can login into cpanel and do whatever they want.

    So please, think before you post criticizing someone instead of helping
     
  4. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    Hardly, you can just make yourself an FTP account, or even still su to there user? Will make files be owned by there user or chown -R user:group dir (which will then chown all the files to that user & assuming there is more than one file in the folder you wish to chown)

    It is pretty simple..
     
    #4 sirotex, Nov 2, 2008
    Last edited: Nov 2, 2008
  5. iLLuSi0nS

    iLLuSi0nS Active Member

    Joined:
    Jun 9, 2007
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Well thank you for that, didnt think you would be so nice to offer a good solution. I thought of creating a new ftp for each account, but thought there might be another way, but that seems to be the most viable solution. Both your solutions are good because sometimes I need to SSH into the account so I can upload a zip file and unzip it in the server so I am not uploading 5000 files one by one, then I can chown like you said to change ownership.

    I just wish I could SFTP with their username and my root password. That would be amazing.

    Thanks

    While you are being so kind as to helping me, maybe you can offer a solution to these damn security violations of hackers trying to access my ssh repeatidly. attempt after attempt and not automatic bans. I keep getting hit by the same IPs over and over trying to attempt login, I want something that will ban them after a certain amount of failed logins, here is my log

    Nov 2 10:00:32 serv sshd[19991]: Failed password for root from 210.0.210.182 port 3984 ssh2
    Nov 2 10:00:34 serv sshd[20014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.0.210.182 user=root
    Nov 2 10:00:36 serv sshd[20014]: Failed password for root from 210.0.210.182 port 4077 ssh2
    Nov 2 10:00:39 serv sshd[20044]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.0.210.182
     
  6. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    I think an feature to be able to see user accounts passwords maybe a good idea, maybe cPanel should look into that.

    Um they're bots trying to bruteforce your root password. You can fix this by installing APF + BFD, BFD will ban users after so many password attempts..

    Or just disable root logins and add a user to wheel and su to root?

    I also forgot to add, even changing the sshd port to a non-standard port and telling your customers your new port is another way to combat it.

    Hope this helps :)
     
    #6 sirotex, Nov 2, 2008
    Last edited: Nov 2, 2008
  7. iLLuSi0nS

    iLLuSi0nS Active Member

    Joined:
    Jun 9, 2007
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    My main focus is dreamweaver, and dreamweaver hs horrible site connection tools, I had changed the port for ssh and dreamweavers SFTP option stops working. I have a firewall, and I should have a brute force tool as well but i guess not.

    Seeing cpanel passwords would be great, but I am sure the only reason its not available is because cpanel thinks it is a security risk, but if root can login to any account, I dont see how viewing their passwords would be any more insecure.

    I like your idea of "Or just disable root logins and add a user to wheel and su to root?" but what does wheel mean? You mean just add another user with root capabilities and disable root and do everything through that new account?
     
  8. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    /etc/group

    wheel:*:0:root,user,user,user change user to the username of the account you create.

    It basically gives you access to be able to SU from a username to root access.

    cPanel already has the option to login to multiple accounts in WHM.

    Account Information > List Accounts

    Click the cPanel icon of the account you wish to login too as root.

    Also for your sFTP problem, you just need to change the port in your sFTP client to use the new port, i have never tried connecting with dreamweaver or knew it had that feature, you could try downloading WinSCP. It is an sFTP client for windows.
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,470
    Likes Received:
    198
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Any customer even without shell, AFAIK, can now use SFTP as long as they know the IP and port # for it. New Feature in cPanel 11.
     
Loading...

Share This Page