The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Users cant SSH

Discussion in 'General Discussion' started by wzd, Dec 16, 2005.

  1. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hi Guys,

    All the CPanel users are unable to SSH into their accounts. I have also tried sshing into their accounts with no luck. Each account has the "Shell Access" ticked and they should be able to login into their ssh with username: accountusername and with their respective CPanel password? :confused:

    SSHd is running and all is well as i can ssh in with my manually added accounts but any accounts added by Cpanel with Shell Access ticked are not able to ssh in.

    the erorr is : Access Denied once the password is typed in.

    I think this might be quite easy to solve but i have no idea how to go about it as everything i checked seems to be in order. :confused:

    I am running:
    WHM 10.8.0 cPanel 10.8.1-R30
    FreeBSD 5.4-STABLE i386

    Any help appreciated.

    Thanks :(
     
  2. simplestar

    simplestar Well-Known Member

    Joined:
    Nov 15, 2005
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    6
    In WHM and root, have you verified users have been added to wheelgroup for access?
     
  3. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    thanks for the prompt reply, if i do a 'pw show wheel' i cant see any of those users there. Isnt is insecure adding users to the wheel group as that will give them 'su' command access.

    I dont know how to check user prviviledges in WHM, would any1 be able to run me through the steps? :/

    I would prefer if the users could have Jail shell access as i have set up under "Manage Shell Access" under account functions in WHM and therefore be unable to compile / execute etc...

    Sorry for the noob questions...

    The wheel is:
    wheel:*:0:root,wizard,joe,paul

    -
    None of the above are Cpanel users
    Thanks
     
  4. aby

    aby Well-Known Member

    Joined:
    May 31, 2005
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    You need not be a wheel group user to ssh or jailed shell. You can do from WHM >> manage shell access and add the required shell fro the particular user.. what is the issue with you in doing that ?
     
  5. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    I have done that and have tried enabling both Normal and Jailed shells for the user and i still have no luck. When trying to SSH in you get a Access Denied Error still :confused:

    In desperateness i've added the user to wheel via

    pw user mod user1 -G wheel and i'm still not having any luck with the person being able to SSH in.

    :/
     
  6. aby

    aby Well-Known Member

    Joined:
    May 31, 2005
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Did you check /etc/passwd file and see that it is having the correct shell as you specified in WHM?
     
  7. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    Have you tried a cpanel restart using the command

    /etc/rc.d/init.d/cpanel restart

    this will restart the stunnel and activate the cpanel's secure ports.
    :)
     
  8. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hi Guys

    Thanks for the advice :)
    I've tried all the above:

    The passwd file shows the following:

    me:*:1003:1003:Marko:/home/wizard:/usr/local/bin/bash
    user1:*:1033:1036:User &:/home/tjunyat:/usr/local/bin/bash

    I can make it so that user1 has
    /usr/local/cpanel/bin/jailshell as a shell type (Jailed shell account) but this doesnt make a difference ether...

    The first user (me) has SSH access and i use this account just for ssh and such. This is not a Cpanel account

    The user1 account is a CPanel account and the one that doesnt accept SSH logins

    When i try running the Cpanel command i get :

    su: cpanel: command not found
    4 -rwxr-xr-x 1 root wheel 3035 Dec 6 16:21 cpanel

    but the file is available in the /etc/rc.d/init.d directory structure. :eek:

    Any other ideas? :confused:
     
  9. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hey guys,

    I'm still struggling, tried everything in other threads. Still cant get SSH to work for user accounts. Can any1 please help! :(
     
  10. aby

    aby Well-Known Member

    Joined:
    May 31, 2005
    Messages:
    638
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    I am not able to see where is the issue from the available information..But If you can let somebody to investigate more on the server, it might help.
     
  11. HH-Steven

    HH-Steven Well-Known Member

    Joined:
    Aug 29, 2004
    Messages:
    284
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I had a similar problem recently where the user was unable to log in to ssh via his own domain or ip address (dedicated ip) ***.**.***.*89

    But when the user was asked to use the main server ip (shared ip) ***.**.***.*86 it worked fine.

    Maybe this can help you in someway.
     
  12. BenThomas

    BenThomas Well-Known Member

    Joined:
    Feb 12, 2004
    Messages:
    598
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Texas USA
    cPanel Access Level:
    Root Administrator
    Couple of suggestions:
    1. make sure that the selected shell for each user is executable by the user.
    2. Check /etc/hosts.allow and verify that sshd is not restricted.

    HTH
     
  13. __arjun__

    __arjun__ Guest

    I strongly believe that there is some problems with your ssh configuration and not external files like /etc/passwd etc.
    Let someone ( server administrator ?) have a look at your sshd_config file.


    You may get some clues from server logs like messages/secure etc.
    Do check them.
     
  14. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    An yet another thing to check ...

    Is is possible SSH is listening on a port other than the default of 22 on this account? Lots of folks change this ...

    If you look in /etc/ssh/sshd_config, its simply referenced as Port ###
     
  15. mgsnnetworks

    mgsnnetworks Well-Known Member

    Joined:
    Sep 11, 2005
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Rhyl, North Wales, UK
    I wouln't give users shell access, as it is very flawed. it sends your password in clear text and also allows users to screw your server up with one wrong command.
     
  16. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    SSH most certainly does not send passwords in clear text, it's an encrypted connection. Also, anything they can do in shell they can do in a CGI script, so don't be under the false-impression that it's any more or less secure. There's no reason why a use with sheel can screw up a server with one command, unless you don't have your server setup correctly.

    That said, I also wouldn't recommend allowing shell access as it just makes exploitation a little simpler for a hacker, rather than having to use shell CGI/PHP scripts.
     
  17. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hey guys,

    Thanks for all the replies,
    I figured out the problem. Problem was actually two levels. Number one was SSH config was not allowing certain users through (Security purposes).

    Additionally it seems that the jailshell wasnt working for some reason. Instead of going into the actual code i just did some updates and sorted the jailshell out as well.

    Sometimes things can be too secure i guess ;-)

    Thanks for all the responses...
    :)

    As far as i can see jailshell is pretty secure and has withstood most of my attempts to get past as well as executing rootkits / forkbombs and such. I plan to investigate the security aspects of each user jail as well come 2006 (Dont we love new years resolutions)

    - Will keep you all updated
     
Loading...

Share This Page