Results 1 to 10 of 10
  1. #1
    Join Date
    Oct 2007
    Posts
    240

    How to handle root password and support?

    I'm curious. I have VPS's with two companies that have managed/semi-managed support (depending on how you define it) and rely on them for a fair amount.

    Whenever submitting a support request, I have to submit my root and cPanel passwords. Do people in my situation leave their root password as they would normally and just changing it however often they would if it wasn't given to support? Or, do you change your root/cpanel passwords before making a support request, and then change it back after the ticket is closed?

    No offense intended to either of the VPS companies or their personell (that monitor WHT), both have been great. But, the reality is that I take it everyone at the company that has access to submitted tickets now have access to the root password, and since as a customer, I don't know when there has been employee turnover, that seems a security risk.

    So, I am curious how others handle this. Not really sure if this belongs here or in the VPS forum, but since it could apply to any type of server/hosting account, I figured it belonged here.

  2. #2
    Join Date
    Oct 2006
    Location
    India
    Posts
    62
    Usually people do supply root passwords to the support companies. But what they do are change it very frequently(twice or thrice monthly) and update the new password.

    Also you could ensure if your support company is password protecting your datas.
    Sony Koithara ,
    CrazyAdmins.com
    -> where admins go c r @ z y!!!

  3. #3
    Join Date
    Oct 2007
    Posts
    240
    Quote Originally Posted by koithara View Post
    Usually people do supply root passwords to the support companies. But what they do are change it very frequently(twice or thrice monthly) and update the new password.

    Also you could ensure if your support company is password protecting your datas.
    With WHM/Cpanel, I assume I can just change the root password via that (I believe I saw that option), rather than via SSH/Bash?

  4. #4
    Join Date
    Oct 2006
    Location
    India
    Posts
    62
    Yes, indeed you could change the password through WHM of your server by logging in as the root user.
    Sony Koithara ,
    CrazyAdmins.com
    -> where admins go c r @ z y!!!

  5. #5
    Join Date
    Mar 2005
    Location
    Maine, USA
    Posts
    302
    If it were me, I'd make a temporary password to give to them for the support ticket. Once closed, I'd then change the password to whatever I want.

  6. #6
    Join Date
    Apr 2002
    Posts
    930
    I think it depends on how often you are submitting tickets to them.

    If you are only submitting tickets to them very rarely, maybe once or twice a month, then I would adopt the policy of either changing the root password before you open the ticket and give them that password, or give them the current root password and change it after their work is completed.

    If you submit tickets on a fairly regular basis then I would look into adopting a policy where you change your server passwords every week or every two weeks, or on some interval that you are comfortable with.

    Other things to bear in mind are how many servers you have. If you have one or two servers, its a lot easier to change the root passwords. If you have 20 servers then this becomes a bit more difficult (though no less important).

    It also just depends on how much value you put on server security. Security is going to come at the cost of convenience, there's no question. You have to decide where you fall on this line. I think the datacenters and the management team will tell you that for ultimate security you should change the password after having a ticket resolved with them. The less people that know the active password for your server, the less likely that the password can be compromised. If this is done, this basically takes away the finger pointing at the datacenter or management team when the password is compromised. Is it less convenient? You bet. This means that the datacenter or management team won't be able to access your servers to assist with any problem without notifying you before hand. (I suppose SSH keys is one alternative, but just to keep everything in context I am sticking with password based authentication, plus if you are dealing with a large management team or datacenter they probably have the keys and passphrases stored just like they would have the passwords stored, which still could be potentially compromised).

  7. #7
    Join Date
    Oct 2007
    Posts
    240
    I have two VPS's and both copanies requires the root password when you open a ticket. Currently, I am relying on them quite a bit, as I learn more, then hopefully I will be more self sufficient.

    Another question. What happens if you forget the root password? Is basically everything gone at that point?

  8. #8
    Join Date
    Apr 2002
    Posts
    930
    Its probably a good idea to look into SSH keys, just for yourself. Then you can SSH into the server without having to know the root password, just a passphrase to authenticate the key. This way if you forget the root password, you can still SSH into the server and reset the password.

    Alternatively, a dedicated server datacenter can reset the root password by rebooting the server into single user mode and then resetting the password. Single user mode doesn't require a password, but requires that you physically be at the console of the machine. They might charge for this, and they might not do it all. It might be a bit of a hassle for the datacenter, but if you do forget your root password the datacenter should be able to reset it using this method (assuming they do this service).

    For VPS servers, it probably depends on what virtualization software is being used. I would think that most VPS datacenters would not need the root password for your VPS as they could just enter the VPS through the main controlling node. With that they should also be able to reset your root password in case you forget it.

    You may need to provide some type of credentials to prove that you are who you say you are with the datacenter. I know I'd be a little annoyed if they just reset the password to a server for anyone that wrote in asking about it.

  9. #9

    * Yes U Can

    Yes u can change password through WHM of your server by logging in as the root user.

  10. #10
    Join Date
    Jan 2008
    Posts
    34
    You can change password from WHM follow this path in WHM Main >> Server Configuration >> Change Root Password

    Usually support companies ask root password, nothing to worry about it they required it to investigate the issues. You can also change the password after the issue rectified. Changing the root password of your server frequently will increase security.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •