The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM and disabled ssh root access

Discussion in 'Security' started by ben_dog, Mar 26, 2010.

  1. ben_dog

    ben_dog Member

    Joined:
    Mar 25, 2010
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    Working on setting a new VPS running WHM/cPanel.

    Currently ssh access is enabled for root, which is great for the initial setup.

    We'd like now to create a different ssh login account and disable the root account.

    I'm not entirely sure how admin actions work in WHM, does it need ssh root access to work or is it independent?

    Thanks
    Ben
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    1. Use the "useradd <login>" to create a new user in SSH

    2. Change the user's password "passwd <login>"

    3. Use 'chsh' or check /etc/passwd to make sure you got "/bin/bash" as the shell which it should be but you'll kick yourself later if it isn't.

    4. Assign the user to "wheel" group. If you don't know how to do this
    manually, there is a menu option in WHM to do precisely this.

    5. Edit /etc/ssh/sshd_config
    Code:
    Find this line:
    
    #PermitRootLogin yes
    
    Uncomment if necessary and change to this:
    
    PermitRootLogin no
    
    (While you are in there changing ports and protocols is good too)

    Save and restart your SSH server ("service sshd restart")

    Now before you exit your current SSH session, open up a new SSH window and login with the new login name and then use "su -" to escalate yourself to root entering root password when asked.

    If you can't login --- you didn't do something right

    If you are able to login with the new user and upgrade yourself to root
    then you did everything correctly and it's safe to log out of your
    original ssh session at that point.
     
Loading...

Share This Page