Results 1 to 21 of 21
  1. #1
    Join Date
    Mar 2002
    Location
    illinois
    Posts
    29

    Question Secure Login's to CPanel???

    Do many hosts provide secure SSL login to Cpanel to protect user name and password?
    Is it something that's hard to set up?

  2. #2
    Join Date
    Dec 2001
    Location
    Netherlands
    Posts
    849
    https://yourdomain.com:2083/
    https://yourdomain.com:2087/

    :2082 and :2086 are insecure
    :2083 and :2087 are secure


    .
    # experienced Cloud/OpenStack Architect
    #
    # Feel free to PM me for any info or help to build your cloud.

  3. #3
    I am sorry to inform you but 2083 and 2087 are not secure either.


    Originally posted by admin0
    https://yourdomain.com:2083/
    https://yourdomain.com:2087/

    :2082 and :2086 are insecure
    :2083 and :2087 are secure


    www.tys.us
    12 Years Webhosting / Servers
    100% Power Uptime 99.999% Network
    Colocation / Dedicated / Managed

  4. #4
    Join Date
    Jun 2002
    Location
    Chicago
    Posts
    191
    2083 and 2087 are 2082 and 2086 wrapped in stunnel....

    albeit not 100% rock solid impenetrable, but pretty freaking solid considering.

    What do you mean exactly, not secure?
    ..........................................
    http://www.fastservers.net
    travis@fastservers.net

  5. #5
    Join Date
    Dec 2001
    Location
    Netherlands
    Posts
    849
    huh?

    i always considered ssh and https:// secure

    ???

    please shed some light!

    .
    # experienced Cloud/OpenStack Architect
    #
    # Feel free to PM me for any info or help to build your cloud.

  6. #6
    Join Date
    Jun 2002
    Location
    Arabia
    Posts
    678
    Acording to cPanel.net https and 2087 are secure. I have never heard othewise - anyone know something they don't?

  7. #7
    Join Date
    Jun 2002
    Location
    Chicago
    Posts
    191
    2083 and 2087 are https:// , yes

    I think what the dude meant above is that the connection isn't backed by a real deal certificate-- you'd have to by an ssl cert for the hostname of each box if you didn't want the annoying browser error saying "not a valid certificate authority" , etc.

    But that doesn't mean the handshake and transmission isn't via ssl- it still is very much secured.
    ..........................................
    http://www.fastservers.net
    travis@fastservers.net

  8. #8
    Join Date
    Dec 2001
    Location
    Netherlands
    Posts
    849


    .
    # experienced Cloud/OpenStack Architect
    #
    # Feel free to PM me for any info or help to build your cloud.

  9. #9
    Join Date
    Apr 2002
    Location
    Auckland - New Zealand
    Posts
    1,575
    :2083 :2087
    Yes, the connection is still encrypted through port 443 but your web browser will cry if the site name does not match the cert and says the cert is not trusted...... no biggie, and still secure.

  10. #10

    okay, here's the easy way...

    Forget the ports, you're just going to confuse your users if you tell them to use them. But fortunately the guys at Cpanel have implemented another way to access the CPanel via SSL. I don't know if it is documented, but I found it by digging through httpd.conf.

    Just use http://yourdomain.com/securecontrolpanel

    Enjoy!

  11. #11
    Join Date
    Mar 2001
    Location
    Downunder..
    Posts
    2,612

  12. #12
    Join Date
    Jul 2002
    Posts
    57
    cannon7 it's really working! Thanks

  13. #13
    Join Date
    Apr 2002
    Location
    Here?
    Posts
    2,560
    Thanks Cannon7! Works great.

  14. #14
    Join Date
    May 2002
    Location
    Durham - UK
    Posts
    450
    They are secure ports from which cpanel can be accessed - whats there to agrue about? a facts a fact
    Barry
    UK Based Freelance PHP Developer
    PHP/SQL/Ajax/HTML5 - Contact for Quote

  15. #15
    Originally posted by TYS
    I am sorry to inform you but 2083 and 2087 are not secure either.
    Then perhaps you would like to sniff the traffic going over those ports and see if you can decipher it?

    Also, with regard to the browser warning, you can actually use WHM to configure ports 2083 and 2087 to use your server's SSL certificate--if you have one.

    So you have a certificate for servername.yourdomain.com... you can use that certificate not only on port 443 for serving HTTP securely, you can also have the same certificate running on the control panel's SSL ports at the same time. There is an option in WHM to do this pretty quickly and easily: the "Change cPanel/WHM Certificate" link under the SSL/TLS menu in WHM.
    Matt Lightner - http://www.mattlightner.com/
    - First initial to the last name at the mail service provided by the world's largest search engine
    - Founder and CEO (Former) Site5.com, sold in 2008
    - Really honestly wants to be a good WHT citizen but can never remember all the correct etiquette. Mods, sorry in advance

  16. #16
    Join Date
    Jun 2002
    Location
    Arabia
    Posts
    678
    Thanks cannon7!!

    My home ISP refuses https - so I "had" to use a crapo and much more expensive one - no more

  17. #17
    Join Date
    May 2001
    Location
    Fresno, Ca.
    Posts
    181
    Yes, it's secure on those ports with the tunneling. But cPanel is much slower and has a large delay finishing the page load. You may see complaints.

    If you watch the progress bar in your web browser you will see the large delay in finishing the page load. The page will be displayed but it will not finish for a few seconds after that.

    I have tested this on hosts all over the place using their live demos, so it's not something just with us. I remember a time when it did not do this, the page would finish loading just fine, approx. 7 months ago it all started.

    I don't know what changed but I wish they would fix it..

  18. #18
    Join Date
    Jan 2002
    Location
    The Netherlands
    Posts
    10

    Red face

    Hi there,

    from behind the firewall I am know, I don't even have permission to access my Cpanel with http://www.mydomain.com:2082/
    Are there any other alternatives.....?

    Thanks!

    Marsha

  19. #19
    You can change the port by editing /var/cpanel/cpanel.config, however you still need to make sure that whatever access control device is in place will allow connections on the new port you choose (and you also don't want to choose a port that's in use by another service--check /etc/services to be sure).

    If it's a firewall that's blocking your access, it's very unlikely that any other port is going to be open either. Perhaps contact your firewall administrator (or ISP?) to see if they can enable access on port 2082 and 2083 for you.
    Matt Lightner - http://www.mattlightner.com/
    - First initial to the last name at the mail service provided by the world's largest search engine
    - Founder and CEO (Former) Site5.com, sold in 2008
    - Really honestly wants to be a good WHT citizen but can never remember all the correct etiquette. Mods, sorry in advance

  20. #20
    Join Date
    Jun 2002
    Location
    Chicago
    Posts
    191
    Matt-

    I realize we should probably be talking about this at cpanel.net's forums, but whatev. Is there a similar config for the backend, (whostmgrd) where you can reassign a port, among other things?

    I know I can tweak the stunnel startup & config and manually whisk it away to another port, but I am curious if there is a config file for the WHM as cpaneld has.

    Thanks man.
    ..........................................
    http://www.fastservers.net
    travis@fastservers.net

  21. #21
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,977
    Originally posted by isildur
    Matt-

    I realize we should probably be talking about this at cpanel.net's forums, but whatev. Is there a similar config for the backend, (whostmgrd) where you can reassign a port, among other things?

    I know I can tweak the stunnel startup & config and manually whisk it away to another port, but I am curious if there is a config file for the WHM as cpaneld has.

    Thanks man.

    I just use IPtables when I want to forward 2086 to another port...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •