cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

SSH: PermitRootLogin without-password

Michael Svendsen shared this idea 6 months ago
Already Exists

As a WHM-admin I would like that the "SSH Password Authorization Tweak" also set "PermitRootLogin = without-password", or at least make it as option, so the "issue" doesn't show up under the "Security Advisor".

Comments (1)

photo
2

This is already what occurs with password authentication disabled and an SSH key added to root's SSH keys.


The following is changed:


[root@server ~]# diff -u /etc/ssh/sshd_config /etc/ssh/sshd_config_nopass.bk
--- /etc/ssh/sshd_config	2021-01-20 15:33:54.642871347 -0600
+++ /etc/ssh/sshd_config_nopass.bk	2021-01-20 15:33:44.067872275 -0600
@@ -62,11 +62,11 @@
 # To disable tunneled clear text passwords, change to no here!
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
-PasswordAuthentication yes
+PasswordAuthentication no

 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
-ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no

 # Kerberos options
 #KerberosAuthentication no
With password authentication disabled, this does not appear in the security advisor as a warning and you are able to access with authorized SSH keys

photo
1

Hi!

I think you misunderstood. I'm not talking about the PasswordAuthentication variable that is indeed changed by WHM.

As written in the feature request, I'm talking about the PermitRootLogin variable which is NOT set/handled by WHM thus it will end up in the Security Advisor. See attached screendump

photo
Leave a Comment
 
Attach a file