I was worry about which is more seucre to login to the server
disabling the direct login and using the public key (ssh-dss) with 2084 bit length ?
or use the direct login?
and if the public key is more secure , should we use passphrase when generating the key? or no?
I work alot on the road and need a way to securely connect
at public WiFi hotspots all over.....
I am considering getting the VPN service from StrongVPN.com
im able to login to root via SU perfectly
One problem: All my old files and folders are owned by ROOT so that means my SU account named XXX cant edit/add/delete anything from my SFTP because of folder/file permission.
Is there anyway my SUDO(wheel) account can still edit these files own by ROOT?
login as: hen
hen@xx.xx.xx.xx's password:
Last login:
hen@root [~]# su -
Password:
su: incorrect password
I verified that root password is correct, but no matter how many times I tried, I can't su in
Where's my su permission
-rwxr-xr-x 1 root wheel 24060 Mar 22 2007 /bin/su*
here's inside /etc/group
wheel:x:10:root,hen
I tried to disable direct root login but had to struggle to find step-by-step instructions and have written the steps one needs to follow to disable direct root login.
This is an additional security measure where we prevent direct root logins and instead create a user to login and then use a command ‘su –‘ to gain root privileges.
The only risk in this procedure is that you may prevent root login but forget to add the user to the wheel group - effectively locking yourself out of the system.
Follow the steps below and you will not face a problem.
STEP 1: Let us create a user and add it to the wheel group.
For e.g. we want to create a user neonix and give him root privileges.
SSH into your server as root and follow the below commands to create a user.
groupadd neonix
useradd neonix –gneonix
passwd neonix
enteryouruserpasswordhere
verifyyouruserpasswordhere
// Please note -g in the second line
// You can replace neonix with any username of your choice.
STEP 2: Add user to wheel group.
Use your browser to Login to your WHM panel and click on Manage Wheel Group Users.
You will see the user you just added (neonix). Select the user and click ‘Add to group’.
You will see that the user has been added –
Users Currently in the wheel group root,neonix
You have successfully added a user to the 'wheel' group who will be able to 'su -' to root.
LOGOUT OF SSH
Before we disable root login, let us check if the user can login and su – to gain root privileges.
SSH into your server as 'neonix'
Login as: neonix
Password : enteryouruserpasswordhere
su –
password: enter root password here
You have successfully logged in and have root privileges. Now let us disable root login.
STEP 3: Disable Direct Root Login
(The below steps are from webhostgear.com)
1. Copy and paste this line to edit the file for SSH logins
pico -w /etc/ssh/sshd_config
2. Find the line
Protocol 2, 1
3. Uncomment it (Remove #) and change it to look like
Protocol 2
4. Next, find the line
PermitRootLogin yes
5. Uncomment it (Remove #) and make it look like PermitRootLogin no
6. Save the file Ctrl+X then Y then enter
7. Now you can restart SSH
/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first logging in as 'neonix' and 'su -' to root, and you will be forcing the use of a more secure protocol.
Just make sure you remember both passwords!
I use a login script on my hosting site. and i was wondering if there was any way or any program that would allow me to Block people from going mydomain.com then cpanel?
And forcing them to go to my site to use the cpanel login script on my website?
Im sure that if there was a way to disable Cpanel login it would aslo block the scipt on my site.
Is there a solution to my little perdicament here?
Any software or scripts that do what im looking for?
Currently I have a server that has direct root SSH access disabled (have to login as regular user then su to root), but I am currently working on setting up authentication via SSH keys, but I can't seem to get it working with direct root SSH access disabled? Is this normal, and if so is there anyway to work around it?
Basically I'd like to be able to authenticate both ways; both with SSH keys or by logging in as a regular user and su to root.
One failure cited by a recent PCI compliance report was that of the Plesk non-https login at port 8880. I believe we can resolve this by adding a firewall rule to block access to this port but wanted to check first if this will have any negative consequences elsewhere. Or is there a better way to achieve PCI compliance on this point?
View 2 Replies View RelatedJust got a new additional VPS with WHM/cPanel.
Browse to www.mydomain.com/webmail and get login box > login accepted and taken to Horde/Squirrelmail choice screen > choose Squirrelmail and get login box ... login not accepted! > Retry and choose Horde ... login not accepted!
The login is correct and the results are the same when logging in as root, or through /cPanel or /Webmail.
i had access in some servers via SSH and when i try to connect i get:
Welcome to The HOST!
login as: nickname
--------------------------
We monitor/log everything on that server! IP Logged!
--------------------------
nickname@host's password:
.............
I know that there is the motd file in /etc that i can put a message but i see it when i full be recognized by the server.. (after putting the password).. How can i put the other 2 messages?
I heard the other day from a very reliable source that this is a fact and they expect it to happen sooner rather than later. Since they seem to set the bar anyway seems it was only a matter of time. Anyone else aware of this or am I the only one? Searched the forum before I posted and nothing came up. Seems like a significant development to me...
View 14 Replies View RelatedIm planning on using WAMPserver2 on our web server to host our website. Now, as far as I can tell, WAMPserver2 was mostly created to allow you to do work locally. Is there any known problem with using this software on a web server publically?
View 3 Replies View RelatedYou are hosting your web site on a local server and you have the DNS pointing to the LOCAL (read: not public) IP on your LAN which means only you and those on your LOCAL network can access the site.
192.168.1.8 is a LOCAL (PRIVATE) IP.
I'm on a reseller cPanel WHM account with shell access, and this public FTP for uploading maps for a game.
How do I ban FTP users by their IP? (.htaccess wouldn't do the trick)
How do I regulate priviledges/permissions of FTP users?
How do I control (like configuring how the indexing is displayed, for example) /public_html/somedirectory/ through /public_html/.htaccess?
How do I disallow certain filetypes from existing in /public_html/somedirectory/* or to be uploaded?
How do I disallow apache from rendering any html, php, cgi, java, perl, etc files in /public_html/somedirectory/*?
So, if you had a public FTP (not the "anonymous FTP" cPanel can create, but a regular and single user account shared by everyone), how would you protect your free map hosting service from abuse? What protections would you setup? Etc.
when I find the subscription from the admin side of PPA, if I select "Login as user" I've noticed that it is different from actually logging in as the user - for example - "add domain alias" is missing when I login as a customer - but not as an admin... I need my customers to add their own aliases and manage them - how do I add that feature to the client login side?
View 9 Replies View Relatedwe are looking for a provider that provides public ip vlans' with dedicated server purchases,
so far,,
we have found few companies that offer this at no extra charge or minimal extra charge
1) softlayer (best choice)
2) singlehop
3) nocster/burst.net (not a good provider for business hosting / not reliable / no phone support)
does anyone know of any other dedicated server providers that offer public ip vlans for no extra charge or minimal extra charge?
When I try to login SSH using SecureCRT Software, following error it show.
A public key file has not been specified for the session. would you like to specify one now.
I am using CPanel.
we have a server with customers
now there are any customer that must can 'include' form php a class that we must put out of customer path...
a customer must can include a class that is out of /home/public_html/customerlogin/*
how is possible to make this?
we have this Juniper SSG5 firewall, our very first Juniper and wanted to use it.
While I am able to use it in NAT mode, I have been unsuccessful to use it in route mode.
We have Public IPs from the same segment and I wanted to use it with the firewall but it appears that I can't assign IPs for each port if the IP is from the same segment.
Does it mean that we can't use it other than in NAT mode?
What we want to accomplish is to have one of IPs to act as gateway and filter or route in/out traffic to/from our other IPs.
Due to an emergency with our colo space, we are missing a switch.
As a very temporary measure, would it be possible to put both our public traffic and private traffic (10.0.0.0/8) on the same switch without a VLAN?
Essentially we'd be connecting both the trusted and external side of our (natting) firewall to the same switch, along with our servers (which have private IP's).
What are the security risks of this?
I am looking to migrate from dedicated box with windows server 2012 R2 and plesk 12 over to amazon ec2.
so setup a test server on ec2.
Plesk only shows the private IP, how do I add the public IP ?
Is it even possible ?
I regret to bring this to a public forum but having seen that solarvps has a presence here I am hoping that a resolve to this issue can be found, and any public opinions are welcomed.
Having been a customer with solarvps since 2006 without any cause for concerns it does not make me happy with some recent issues I have had with them. So I have had a vps server hosted with them since 2006. Sometime in February when attempting to login to my VPS I got an error, I left it as this happens sometimes, it happened for 4 days in a row so I thought this is a little strange logged in to my control panel, to see no VPS server was listed under the account. There was no invoice generated either. Ok this is strange but I just assumed it had been terminated, no invoice came through and that particular server was a backup server so I sought hosting elsewhere.
4 months pass I get an email from solarvps stating my account is overdue with charges applied. I contact them back straight away asking what they are billing me for I have explained the situation time and again to them, I have asked the questions why the server disappeared from my account, why I wasn’t able to access the vps remotely and why no invoices got generated at the time to which I have had no response, I have asked more than 5 times now. The only response I keep getting form them is threats if I do not pay to hand over to a collection agency and the possibility of legal action. To which I have replied each time that I will contest any such action and seek legal advice myself.
Granted I should probably have contacted them at the time but really they are at fault more than I am for not asking them what has happened, I truly believe I am not in the wrong here but nobody within solarvps is prepared is looking at the facts of what has happened here.
Well anyway I hope bringing this to a public forum will bring a resolve and maybe some answers. I am getting no response from anybody within solarvps and would be happy to take this away from the public if they are willing.
I am not unfair nor does it make sense that a customer for so long would just decide not to pay you one month and kick up a fuss over such a small amount of money but the fact that I am not in the wrong with this matter, I am not prepared to pay them no matter how much bullying tactics they wish to adopt in trying to make me.
I would like to know there is any.
View 14 Replies View RelatedCurrently we are running a very successful site for extreme sports. We have just spent 6 months on development of our new site which we will launch in a fortnight. This will free up some of my time to look at other areas and avenues to attract members.
Personally I would love to run a hotmail style service on our website, and believe this would help with the growth of our online community.
Just interested in advice from others on areas to be aware and alert when running a service like this?
I am also trying to make the decision between SocketMail or Atmail. If anyone has opinions on these, or an alternative solution i'm all for that advice too.
Basically at this point I am wanting to get as much advice together as possible, then look to making an informed decision to go ahead or not.
Currently we operate off a dedicated server and i realise this may have to become two servers in the near future with such a service. It is fully managed by myself, and a 3rd party individual I hire to maintain the server on a monthly basis.
How do you guys deny run of perl/bash scripts from /tmp, /var/tmp, /dev/shm? I've tried to build simple shell wrapper, but that's not a compromise if you run for example spamassassin on the same server (it needs direct io to/from perl binary). I'm looking intro some kind of binary wrapper or patch that will deny running perl scripts from public folders (also the same for shell scripts will be great). Any ideas or solutions?
If anyone interested in primitive shell wrapper code:
Code:
#!/bin/sh
ARGS=`echo $@ | grep -v "/tmp/"`
if [ "$ARGS" != "" ]; then
/usr/bin/perl.orig $ARGS;
fi
I often need to access my sites from public places, which are behind firewalls, don't have access to hard disk and any Windows tool (just plain internet access).
Problem: firewall, closed ports: 8082 (cPanel), 2078 (SSL; I don't know, if I'll need this), 2077 and maybe others.
Which hosting features I need? to be able to
1. access cpanel, when port 8082 is closed (I was using cpanelproxy.net until now with success).
2. for uploading files from other websites directly to my website (without prior downloading on a PC hard disc) - I've herad SSH should work, but what exact SSH I need - any experience someone? Any other solution? I was trying WEb Disc feature in cPanel11 but it needs port 2078 or 2077 open...