Separate names with a comma.
Discussion in 'General Discussion' started by teck, Mar 26, 2002.
Are there any plans to have a ssh2 daemon running on cpanel servers?
hmm. I connect via SSH2 to my cpanel servers every day. I'm not sure what you mean?!?!?!?
Oh ok.. I thought that only ssh1d was listening and not ssh2. I will try using ssh2.
The ssh daemon on these machines is the build of a version of OpenSSH that listens for both protocol types.... one and two. All by default.
By default it allows root logins as well, on both protocols- that's basically the only major shortcoming as long as you keep up to date with patches and vital new releases.
Try This re root login and ssh1
If you want to disable root login to your server, do the following:
[root]# pico /etc/ssh/sshd_config[RETURN]
Press [CTRL-W] then type 'PermitRoot' and press [RETURN]. Change:
This change means that you will not be able to directly login to your server via SSH as 'root', so you will have login as admin then 'su -' to root. This is because when you first connect, the connection is not encrypted until you have completed logging in. This ensures that nobody can 'sniff' on the network for your root password.
The following is an extract from the top of the same file. If you delete the number 1 from the Protocol entry ssh1 access to your server will be disabled.
# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Way over my head
That last post went way over my head but it sounds exactly what I want to do.
Here is want I am looking for -disable root access but I need to still be able to get to root (obviously) with SSH.
SSH1 needs to be disabled (from what I hear there are security concerns.)
I am pretty darn ignorant when it comes to command line stuff (I am an old DOS guys - not UNIX.)
Can someone please explain the steps for a dummy like me.
I would not advise making changes to your SSH configuration file blindly, one mistake and you lock yourself out of your server.
Ask your DC to do it, as they probably know what they are doing
It's one of those things you shouldn't do if you're not familar.
Actually really good advice. I pay for managed hosting anyway - they should earn their pay (Just kidding, they do great.)
I would hate to lock myself out of my server - that wouldn't be fun.