Results 1 to 17 of 17
  1. #1
    Join Date
    Apr 2009
    Posts
    1,320

    How do I disable root login for WHM?

    Meaning you can't use the user root to login to WHM.
    Is that possible?

  2. #2
    Join Date
    Oct 2005
    Location
    United States
    Posts
    1,403
    If you don't use the root user then how can you manage the server via WHM? So I think that may not possible.
    Tommy Tran - tommy @ vinax.net ::: VINAX, LLC ::: http://vinax.net ::: Since 2004
    Premium Dedicated Servers and Colocation in downtown Chicago (350 E. Cermak Rd)
    Premium Bandwidth, 100% Network & Power Uptime SLA, 24/7 Prompt Tech Support

  3. #3
    Join Date
    Apr 2009
    Posts
    1,320
    Something like turn on access via SSH only when needed.

    Is there anyway to give another user root access so hackers have to guess both the user and the password to gain root access?

  4. #4
    Join Date
    May 2008
    Posts
    340
    If you're worried about root login getting compromised, then you can create a WHM user/reseller which has all the privileges/features and use it to manage other accounts. Then set a random password using a command such as,

    openssl rand 12 -base64
    Lastly, you can disable password authentication for SSH and only use public key authentication.
    Twitter : http://twitter.com/eth1networks
    Contact Us : support[at]eth1.in

  5. #5
    Join Date
    Jul 2009
    Posts
    178
    You can also change the SSH port number from default 22 in /etc/ssh/sshd_config file.

  6. #6
    Quote Originally Posted by chasebug View Post
    Is there anyway to give another user root access so hackers have to guess both the user and the password to gain root access?
    Yes, you can also create a reseller user and then give him the required privileges via the 'Reseller Center' in WHM

  7. #7
    Join Date
    Jul 2005
    Posts
    598
    If you want to have more security on SSH, try the following:-

    - Change the SSH port
    - Install sudo and login as normal user
    - Disable root login on SSH

  8. #8
    Join Date
    Apr 2009
    Posts
    1,320
    Quote Originally Posted by InstaCarma_Support View Post
    Yes, you can also create a reseller user and then give him the required privileges via the 'Reseller Center' in WHM
    That works but root can still login to WHM.

  9. #9
    Join Date
    Oct 2009
    Location
    UK - London
    Posts
    73
    I don't believe there is a way to do this... the suggestions given in response to this are all useful but none are solving your primary question.

    You cannot disable the root user login available from WHM with a straight forward technique... if you don't have any resellers then blocking access to ports 2086/2087 might be something you want to consider.

    There are certain features in regard to cPanel/WHM that you can only access through the root WHM control panel, and as access to this is vital, there is no way that you can disable the root access... despite the fact that you can grant root WHM privileges to any reseller user.

    If you are so concerned about this, set a long and generated root password and make it so you don't have to use it (i.e. use key authentication to login to your server via SSH etc.) and generally try and avoid using it. This way, you can make it less possible for anyone to find the password, if it's not used anywhere.
    Guy Riese - Tech-Hosts Ltd. - Registered company in England & Wales (Based in UK - Europe)
    High quality & affordable Web Hosting, Reseller Hosting, Master Reseller Hosting, Linux VPS & Dedicated Servers
    Lowest priced domain names in the industry - instant registration and management

  10. #10
    Join Date
    Feb 2008
    Location
    Houston, Texas, USA
    Posts
    2,955
    Here's how:

    a) Enable sudo access for a trusted user (use sudo -s if you need root-alike access)
    b) Disable SSH root access
    c) Edit /etc/shadow and change the hashed password entry with a few random keystrokes

    Don't do the above if you don't know understand it.

    Regards
    UNIXy - Fully Managed Servers and Clusters - Established in 2006
    [ cPanel Varnish Nginx Plugin ] - Enhance LiteSpeed and Apache Performance
    www.unixy.net - Los Angeles | Houston | Atlanta | Rotterdam
    Love to help pro bono (time permitting). joe > unixy.net

  11. #11
    Quote Originally Posted by chasebug View Post
    Meaning you can't use the user root to login to WHM.
    Is that possible?
    There is no way to disable root login for WHM but you can restrict the WHM access to certain IPs by installing the CSF firewall.

    Install the CSF firewall and remove the WHM ports (2086 and 2087) from TCP_IN which will make sure no one can access WHM. Now to allow specific IPs access to WHM, edit the file

    /etc/csf/csf.allow

    and add the following line:

    tcp:in:d=2086:s=IPADDR

    where, IPADDR is the IP you want to allow WHM access to. You can add multiple IPs in similar way. Once done, save the file and restart the CSF firewall.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  12. #12
    Join Date
    Apr 2009
    Posts
    1,320
    Quote Originally Posted by madaboutlinux View Post
    There is no way to disable root login for WHM but you can restrict the WHM access to certain IPs by installing the CSF firewall.

    Install the CSF firewall and remove the WHM ports (2086 and 2087) from TCP_IN which will make sure no one can access WHM. Now to allow specific IPs access to WHM, edit the file

    /etc/csf/csf.allow

    and add the following line:

    tcp:in:d=2086=IPADDR

    where, IPADDR is the IP you want to allow WHM access to. You can add multiple IPs in similar way. Once done, save the file and restart the CSF firewall.

    Thanks for this, I am currently using the host access list feature in WHM, which would you recommend?

  13. #13
    Quote Originally Posted by chasebug View Post
    Thanks for this, I am currently using the host access list feature in WHM, which would you recommend?
    Either is easy to manage and secure but CSF will provide some more options for other services and alerts messages.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  14. #14
    Join Date
    Apr 2009
    Posts
    1,320
    Quote Originally Posted by madaboutlinux View Post
    Either is easy to manage and secure but CSF will provide some more options for other services and alerts messages.
    I tried the CSF method but it blocks access completely even port 80 while I only selected 2086.

  15. #15
    Quote Originally Posted by chasebug View Post
    I tried the CSF method but it blocks access completely even port 80 while I only selected 2086.
    then your configuration is wrong. you should allow port 80 and remove 2086 from CSF config
    HalfDedi.com Half Dedicated Half Price
    We provide affordable VPS hosting solution Singapore datacenter

  16. #16
    Quote Originally Posted by madaboutlinux View Post
    There is no way to disable root login for WHM but you can restrict the WHM access to certain IPs by installing the CSF firewall.

    Install the CSF firewall and remove the WHM ports (2086 and 2087) from TCP_IN which will make sure no one can access WHM. Now to allow specific IPs access to WHM, edit the file

    /etc/csf/csf.allow

    and add the following line:

    tcp:in:d=2086=IPADDR

    where, IPADDR is the IP you want to allow WHM access to. You can add multiple IPs in similar way. Once done, save the file and restart the CSF firewall.
    this will block access to WHM (not blocking root user only from WHM) and only allow access to IP address added to the rule. this means you have to add your IP and all your resellers' IP address, if your/your reseller's IP address somehow changed then you have to modify the rule again. just FYI
    HalfDedi.com Half Dedicated Half Price
    We provide affordable VPS hosting solution Singapore datacenter

  17. #17
    Join Date
    Apr 2009
    Location
    whitehouse
    Posts
    656
    You need not worry about the security as there are thousands of host out there running cpanel/whm who access it as root. You are pretty much safe if you use strong passsword(10 char and above) and change them regularly(once a week).

    Quote Originally Posted by chasebug View Post
    Meaning you can't use the user root to login to WHM.
    Is that possible?
    James B
    EzeeloginSetup your Secure Linux SSH Gateway.
    |Manage & Administer Multiple Linux Servers Quickly & Securely.

Similar Threads

  1. Disable Direct Root Login - Step by Step Instructions
    By neonix in forum Hosting Security and Technology Tutorials
    Replies: 15
    Last Post: 07-21-2008, 10:21 PM
  2. cpanel pure-ftpd : disable root login
    By barleduc in forum Hosting Security and Technology
    Replies: 4
    Last Post: 07-26-2005, 04:52 AM
  3. Disable Direct Root Login
    By boonchuan in forum Hosting Security and Technology
    Replies: 3
    Last Post: 05-21-2005, 09:56 PM
  4. Replies: 3
    Last Post: 01-29-2005, 06:51 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •