The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ssh2

Discussion in 'General Discussion' started by teck, Mar 26, 2002.

  1. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    Are there any plans to have a ssh2 daemon running on cpanel servers?
     
  2. kwimberl

    kwimberl Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
    hmm. I connect via SSH2 to my cpanel servers every day. I'm not sure what you mean?!?!?!?
     
  3. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    Oh ok.. I thought that only ssh1d was listening and not ssh2. I will try using ssh2.
     
  4. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    The ssh daemon on these machines is the build of a version of OpenSSH that listens for both protocol types.... one and two. All by default.

    By default it allows root logins as well, on both protocols- that's basically the only major shortcoming as long as you keep up to date with patches and vital new releases.
     
  5. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    Thanks Travis.
     
  6. tic67

    tic67 Active Member

    Joined:
    May 8, 2002
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Try This re root login and ssh1

    If you want to disable root login to your server, do the following:

    [root]# pico /etc/ssh/sshd_config[RETURN]

    Press [CTRL-W] then type 'PermitRoot' and press [RETURN]. Change:

    PermitRootLogin yes

    to:

    PermitRootLogin no

    This change means that you will not be able to directly login to your server via SSH as 'root', so you will have login as admin then 'su -' to root. This is because when you first connect, the connection is not encrypted until you have completed logging in. This ensures that nobody can 'sniff' on the network for your root password.

    The following is an extract from the top of the same file. If you delete the number 1 from the Protocol entry ssh1 access to your server will be disabled.



    # $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $

    # This is the sshd server system-wide configuration file. See sshd(8)
    # for more information.

    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.

    #Port 22
    Protocol 2,1



    John
     
  7. SBS2003

    SBS2003 Member

    Joined:
    Aug 14, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Way over my head

    That last post went way over my head but it sounds exactly what I want to do.

    Here is want I am looking for -disable root access but I need to still be able to get to root (obviously) with SSH.

    SSH1 needs to be disabled (from what I hear there are security concerns.)

    I am pretty darn ignorant when it comes to command line stuff (I am an old DOS guys - not UNIX.)

    Can someone please explain the steps for a dummy like me.

    Greatly appreciated!

    Thanks!

    Mark
     
  8. nickn

    nickn Well-Known Member
    PartnerNOC

    Joined:
    Jun 15, 2003
    Messages:
    619
    Likes Received:
    1
    Trophy Points:
    18
    I would not advise making changes to your SSH configuration file blindly, one mistake and you lock yourself out of your server.

    Ask your DC to do it, as they probably know what they are doing :)

    It's one of those things you shouldn't do if you're not familar.
     
  9. SBS2003

    SBS2003 Member

    Joined:
    Aug 14, 2004
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Good Advice

    Actually really good advice. I pay for managed hosting anyway - they should earn their pay :) (Just kidding, they do great.)

    I would hate to lock myself out of my server - that wouldn't be fun.

    Thanks again,

    Mark
     
Loading...

Share This Page