The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH plugin?

Discussion in 'Security' started by Friends4U, Aug 20, 2016.

Tags:
  1. Friends4U

    Friends4U Member

    Joined:
    Jan 20, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I have two questions :)


    First:

    I have a VPS and want to have it as secure as possible, now the security advisor tells me that SSH direct root logins are permitted.

    Of course I can manually edit /etc/ssh/sshd_config and change PermitRootLogin to “without-password” or “no” and then restart SSH but my server manager dislikes that because he wants to be able to keep giving service trough SSH.

    I do use the SSH Password Authorization Tweak, but that doesn't change the sshd_config, only disables the use of passwords (bit strange that that tweak doesn't change both).

    Is it possible to make a (plugin) link the when I click it (in WHM) the sshd_config is changed to yes (when enabling) and to "no" when disabling?


    Second:

    He wants to monitor my MySQL, when I configure bind-address=127.0.0.1 in /etc/my.cnf, or close port 3306 in the server’s firewall he cannot monitor the service but when I do not do that the security advisor is not so happy...

    Is there a way to change MySQL to be 1) safe and 2) allow only the IP of the monitoring service?


    Thanks for you answers in advance!


    Greetings,

    Richard
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello :),

    1) Currently there is no such plugin to update SSHD config file through WHM with in click., You need to edit your sshd config file on your server.

    2) Yes, It's safe of you allow port 3306 for some ip's. You need to update server firewall setting to allow port 3306 port for specific IP's. if you are using CSF firewall on your server then update csf.allow file with your IP's

    Code:
    tcp|in|d=3306|s=11.22.33.44
    
     
  3. Friends4U

    Friends4U Member

    Joined:
    Jan 20, 2005
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for your response!

    The MySQL fix (with firewall) will not remove the waring from security advisor, so I must ignore that right?
     
  4. acenetgeorge

    acenetgeorge Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2008
    Messages:
    64
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Southfield, MI
    cPanel Access Level:
    DataCenter Provider
    In regards to the SSH Root Login warning, we now use SSH Keys with KeePass 2.x using the KeeAgent plugin to log into our servers with ssh keys. Your server manager could still connect to SSH using keys, and disable root password logins.
     
Loading...

Share This Page