Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security
Tags ssh

SSH: PermitRootLogin without-password

Michael Svendsen shared this idea 4 years ago
Already Exists

As a WHM-admin I would like that the "SSH Password Authorization Tweak" also set "PermitRootLogin = without-password", or at least make it as option, so the "issue" doesn't show up under the "Security Advisor".

3 I like this idea 0  

Replies (1)

photo
2
cPanelLauren 4 years ago

This is already what occurs with password authentication disabled and an SSH key added to root's SSH keys.


The following is changed: 


[root@server ~]# diff -u /etc/ssh/sshd_config /etc/ssh/sshd_config_nopass.bk
--- /etc/ssh/sshd_config	2021-01-20 15:33:54.642871347 -0600
+++ /etc/ssh/sshd_config_nopass.bk	2021-01-20 15:33:44.067872275 -0600
@@ -62,11 +62,11 @@
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
-PasswordAuthentication yes
+PasswordAuthentication no

 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
-ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no

 # Kerberos options
 #KerberosAuthentication no
With password authentication disabled, this does not appear in the security advisor as a warning and you are able to access with authorized SSH keys

Reply
photo
1
Michael Svendsen 4 years ago

Hi!

I think you misunderstood. I'm not talking about the PasswordAuthentication variable that is indeed changed by WHM.

As written in the feature request, I'm talking about the PermitRootLogin variable which is NOT set/handled by WHM thus it will end up in the Security Advisor. See attached screendump

Files: permitrootlogin.png
photo
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.