User Accessing via SSH Despite....

TitaniumHosting

Well-Known Member
Dec 11, 2004
157
0
166
Ireland
Ok,
According to some logs, one of our clients, a reseller, is accessing their account via SSH, despite it being disabled in WHM root. Is this possible? And, if so, what can be done to prevent it, and how are they doing it?

Thanks,
Dan.
 

rootsupport

Member
May 2, 2006
18
0
151
India
If you could paste the logs here that would be helpful.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
TitaniumHosting said:
Ok,
According to some logs, one of our clients, a reseller, is accessing their account via SSH, despite it being disabled in WHM root. Is this possible? And, if so, what can be done to prevent it, and how are they doing it?
Yes, it is possible, if that reseller knows Linux very well. The best way, in this cae, to prevent any body from accessing your server are:
1) Activate /etc/host.allow and /etc/host.deny
Unless you add the IP of a client, otherwise they won't be able to SSH to your server

2) Do NOT enable shell access, normal and/or jailshell to any of your clients.

3) Add a user on top of your root to access shell. That means you'll login as a user (let's say admin) and then you can su to root.

Hope this helps!
 

lloyd_tennison

Well-Known Member
Mar 12, 2004
698
1
168
A real simple hack to to just change the port number to one they do not know. It would take a ling time to check and find it...