The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

sshd_config

Discussion in 'Security' started by debug, Dec 25, 2013.

  1. debug

    debug Member

    Joined:
    Apr 19, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I am looking to change the port 22 of my VPS for another port in etc/sshd_config. Right now, Password Authentication is currently disabled in Security/WHM.

    I am looking at my sshd_config more carefully. I compare with the example of sshd_config File given to Securing SSH

    Questions:

    1) In my sshd_config file, I see: PasswordAuthenticationno (without empty space between PasswordAuthentication and No). In the example of cPanel, there is an empty space. Is it normal ?

    2) I do not think I'll use SSH / port 22 on this server. Right now, Password Authentication is disabled in Security/WHM. Therefore, can I erase without problem the port 22 in Allow incoming TCP ports of the CSF firewall configuration file ? Sorry if the question is stupid. :)

    3) Can I choose one of the following port (below 1024): 223, 223 ... 299 (by example).

    4) Do I have to change ListenAddress with my own IP for better security ?

    Regards
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    1) there should be a space as far as I know.

    2) yes, you can close the port 22 once you move SSH to another port. Be sure to open that port first.

    3) yes you can use any other un-used TCP port.

    4) Listen address just tells the server which of it's own IP's to listen on. Leaving it default means you can SSH to any IP allocated to the server. If you change it to one of the IP's assigned to the server, that is the only IP that will accept SSH connections.
     
  3. debug

    debug Member

    Joined:
    Apr 19, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    1) There is no space in sshd_config and its a new server since three days The file have been opened/edited today but not by me. Maybe it's a bad writing from WHM (it's the last version release).

    2) I would like only disable password auth in WHM Security and remove the port 22 inside the two lists of CSF config file. I don't want use/move the port 22. My VPS is managed.
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    cPanel doesn't install the stock sshd_config file, your operating system package manager (i.e. RPM or yum) does.

    What I'm saying is you can remove port 22 from csf config for open ports, but you have to add the new ssh port number to open ports before you change the port that SSH is using in sshd_config.
     
  5. debug

    debug Member

    Joined:
    Apr 19, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Yes, you are right.

    But my question was can I only delete the port 22 in incoming/outcoming ports CSF listing and forget the rest (without edit sshd_config) ? I am alone on my VPS (my own website) and the hoster have access to SSH with their tools.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, you can do this but keep in mind that SSH will not be accessible. You will have to contact your hosting provider in the event WHM fails to load.

    Thank you.
     

Share This Page