WHM cannot restart sshd /etc/hosts.allow

synaptyx

Registered
Jun 11, 2010
4
0
51
Hello,

I am looking for a bit of advice and a bit of technical help.

Recently we had our server MySQL and some of our site files altered/hacked and our mailserver abused. I have just finished 4 days of cleaning up and fixing things and upping the security.
One thing happened that was really annoying was that SSH fell over and I couldn't restart it from WHM. I contacted our VPS host and got this response (which took over 24 hours to be resolved).

We were able to restart your server's sshd process by renaming the pid file for the old process. Please note that since you have SSH connections blocked by default in your /etc/hosts.allow, this will block the cPanel wrapper that attempts to connect to the server through SSH to check the service status, so if you restart the server through WHM again without updating your configuration, you will probably receive an error.
First, I am definitely an amatueur when it comes to managing a WHM/cPanel server.
Second, I don't know if this is something I should allow from a security point of view, but a 24 hour wait for someone else to restart the service when it fails is not good from a business point of view if we are having issues only resolvable via SSH.
And thirdly, if it's safe, exactly how would I go about allowing WHM access to restart the service?

Thanks for reading! :)
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
One thing happened that was really annoying was that SSH fell over and I couldn't restart it from WHM.
Was the message you saw, similar to this one?

Waiting for sshd to restart....finished.

sshd (/usr/sbin/sshd) running as root with PID 2242 (process table check method)

sshd has failed, please contact the sysadmin.
If yes, after you get that message, you might peek here to see what this page says about sshd:
Home » Server Status » Service Status

If you go here:
Home » Service Configuration » Service Manager

You'll see that sshd is (or should be) Enabled. And, the option to Monitor, Enabled as well. Meaning the system will check to make sure these services are up, if not, it will attempt to start them.


Not sure what they mean by this exactly:
Please note that since you have SSH connections blocked by default in your /etc/hosts.allow
But, you could go here:
Home » Security Center » Host Access Control

And modify that file as mentioned here:
Re: Failed: sshd after /upcp - cPanel Forums
(you might like to read that full thread first of course)