The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Stop/Start ssh and ftp service from whm or cpanel

Discussion in 'General Discussion' started by ASTRAPI, Jun 15, 2009.

  1. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Hello

    How can i stop/start the ssh and ftp service using the whm or cpanel?

    I want to stop the service and start it only when i need it.

    If i just stop it and restart the server it will be enable again?

    Thanks
     
  2. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    You can disable it within the WHM "service manager". If you do not disable it there WHM will restart it when you stop it.


    *edit* you could also block it via firewall and just add your IP
     
  3. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    I want to stop/start these services only and if i have stop them when i restart to be up and working again.
     
  4. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    I was wondering if i can request it as addon to whm so i can have a GUI solution to stop/start the ssh and ftp services ?

    I will pay ofcource a few euro :)

    Any info please?

    Thanks
     
  5. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Eth00 already told you what you need to keep those services offline!

    Just a quick recap .....

    1. Go to "Service Manager" under the "Service Configuration" section in WHM

    2. Uncheck the check boxes under "sshd" and "ftpd" and click "save"

    Now those services won't be automatically restarted.

    Go into your SSH session and type the following:
    Code:
    # service ftpd stop
    # service sshd stop
    
    At this point, you'll probably be kicked out of the shell and your
    SSH and FTP services will be down and won't be restarted again
    by Cpanel because you told it not to monitor those services.

    If you need to reactivate SSH or FTP then you simply go into your
    WHM menu to the "Restart Services" section and click on the service
    you want to bring back online and it will be restarted from the menu.

    (Now out of pure curiosity, why are you disabling FTP and SSH? --
    While you can do this, it doesn't really have any significant advantage
    over just properly configuring and securing these services)
     
  6. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    If the service is disabled is better than trying to secure it.

    Anyway thanks all of you.
     
  7. mattdmin

    mattdmin Member

    Joined:
    Nov 28, 2008
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Disabled vs Secured

    Obviously you don't utilize FTP or SSH on this server which is fine, but for people who do utilize it and want and easy way to secure it, here's what I suggest rather than turning the services off.

    Run a firewall, I suggest CSF & IPTables, keep SSH and FTP running, merely change the port on which you connect to for SSH and FTP. Also, you take your IP addy's that YOU or YOUR CLIENTS connect from and allow them in the Firewall and Viola.

    Also to make things even more secure, make sure to put the password security above 60% secure as a default. :)
     
    #7 mattdmin, Jun 17, 2009
    Last edited: Jun 17, 2009
  8. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Easy to scan and find the changed port and not easy to add a dynamic ip there so is better to stop the service.
     
  9. vincentg

    vincentg Well-Known Member

    Joined:
    May 12, 2004
    Messages:
    140
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    new york
    Really very Bad idea to stop these

    No reason to do it at all and plenty of reasons why you should not.

    If you want help on how to secure your server let the board know and there are people here that can help.
     
  10. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    Tell me one reason please that is better to secure a running service than stop it?

    It is obvious that is more secure a service that is not running at all, than a running service with any kind of security :)

    Anyway you have your opinion as i have my opinion :)

    No problem

    I was use that in my previous panel aand it was great and i hope cpanel to add it...
     
  11. vincentg

    vincentg Well-Known Member

    Joined:
    May 12, 2004
    Messages:
    140
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    new york
    Well the number one reason will be the what if.

    What if your server has problems.
    Now you will have to wait for your server host to answer your help desk request to switch your shell ability back on.

    This since only they will be able to access the server.
    And they too will have to have a hard time getting in as how do you expect them to login to the server?

    Do what I do - lock out all access to the server from all IP's except the local IP and your IP.

    As this works best.

    If not and you go down that road your host will wind up charging you each time an issue comes up. If you have money to waste then feel free to follow this bad idea of stopping SSH service.
     
  12. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    If i just stop the service after the restart that i can do it without waitining the DC all will be working again :)

    For the ip i can't do it as i have a dynamic ip :)
     
  13. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    On the contrary! Disabling critical services is not necessarily better ...

    You must consider the practical side as well as the security.

    Without FTP, hosting account management access is much more limited
    and should something go wrong with your server or even just Apache,
    you may find yourself in a very difficult position without SSH access.

    FTP, you can choose to leave on or turn off if you really don't think
    that you will likely need it.

    SSH, I would NOT turn off because you are slicing your own
    throat unless you have physical access to the machine for a console
    root login (or just like big headaches). For this service, I would leave
    on but do what is necessary to properly secure it such as disabling
    direct root logins, using certificates instead of passwords, changing
    the default port to some other unused port other than 22, and
    limiting connections to protocol 2. Combined with a decent firewall
    and port scanner detector, you should be perfectly fine and the chance
    of any direct SSH compromises would be extremely slim to none yet
    you could still manage your server openly as often as needed.

    (If you are a little more paranoid like me, you could even drop all packets
    to the port you use for your SSH except from your own home IP if it is
    dedicated or from your ISP's CIDR range if your connection is dynamic
    which will still further greatly reduce the odds of any viable attack)
     
    #13 Spiral, Jun 17, 2009
    Last edited: Jun 17, 2009
  14. eth00

    eth00 Well-Known Member
    PartnerNOC

    Joined:
    Mar 30, 2003
    Messages:
    723
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    NC
    cPanel Access Level:
    Root Administrator
    One other consideration is that if you are at a datacenter like softlayer with a private network you could enable ssh on the private network only (which requires a vpn connection to access).

    I agree with Spiral in that disabling ssh is not the best, occasionally WHM has problems and you need ssh to fix it.

    If you do disable ssh I would at least make sure on your datacenters policy on KVMs. You may run into a decent fee to use one if you need to repair things.
     
  15. ASTRAPI

    ASTRAPI Well-Known Member

    Joined:
    Jul 8, 2008
    Messages:
    321
    Likes Received:
    0
    Trophy Points:
    16
    If i stop and not disable the ssh and i have a problem i can restart it from the DC menu that i have annd it will auto load.

    I was use that with my previous panel for 1 year and never had a problem.

    Ok anyway thanks all of you :)
     
Loading...

Share This Page