Root User Password Disabling

Discussion in 'Security' started by WebEndev, Dec 8, 2014.

  1. WebEndev

    WebEndev Member

    Hello.

    I have read that a good security measure is to disable password login for the root user.

    If this is done, then I take it that it would have to be enabled again, each time KnownHost was asked to get involved via support ticket?

    How hard is it to disable and enable? And how is it done?

    What do other KH users recommend?

    Thanks!
     
  2. Dion

    Dion Member

    I disable SSH password login, and for the times I've needed KH support, I provide a private key they can use to log in. Support can also use the password to log in to WHM and temporarily re-enable SSH password login. (I consider this a bug in WHM; it should be possible to force WHM login credentials to be different than SSH login credentials.)
     
  3. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    For now it's easiest for us to be able to login with password auth. I do hope that in the future we can have a key-based auth system similar to the one cPanel's tech support uses but there's a few projects ahead of this in line.
     
  4. WebEndev

    WebEndev Member

    Hi Jonathan,

    I'm just a little shell shocked from a recent hack, and am battening down the hatches :eek:

    Key-based would be the ultimate way to do it, but I need to be able to also balance the KH support situation also...

    P.S. - is there a way in WHM to disable password authentication for SSH, or is the only way by modifying the sshd_config file on the command line?

    Thanks
     
  5. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

  6. WebEndev

    WebEndev Member

    Ah yeah, that's it.

    So if you disable password authorization, can you still get into WHM?
     
  7. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

  8. WebEndev

    WebEndev Member

    So then there are still possibilities of a WHM hack....
    Hmmmm....
     

Share This Page