cPanel & WHM Version 94 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Allow login to WHM, cPanel, and Webmail with key pair

acenetgeorge shared this idea 6 years ago
Open Discussion

Allow log in to WHM, cPanel, and Webmail via a key pair. We manage several client servers, all of whom like to reset their root passwords without letting us know. If we could log in with a key pair similar to the root SSH keys it would save a lot of hassle.


This would tie in with http://features.cpanel.net/responses/as-a-server-administrator-i-want-to-limit-root-login-access-to-specific-ips-so-that-i-have-enhanced-security-and-can-limit-root-access

Comments (5)

photo
1

Could you please walk me through how you would see this working? I'm not sure I understand the request exactly.

photo
1

To login to WHM, you currently need to use the root password. What we would like to do is to log in to WHM with a key pair so that we would not need the root password for a client's server.


If a client was to reset the root password on a server, we would still be able to access the server's WHM.

photo
1

You can approximate this right now by logging in with the accesshash for the root user.

photo
1

Startssl use key authentication to access their admin. I like the idea of it.


To get around your issue couldn't you have your own user with full access rights ? Your customers would know that if they changed your user's password that you wouldn't be able to gain access. We never provide our customers with root access just a reseller account with near to full access


And for the security part, I believe 2FA auth should get this done.

photo
1

I think a better feature than this would be to simply have multiple root-level user support. It makes sense from a security perspective — you would now know exactly who has signed in and performed which actions. Additionally each user would have their own credentials and two-factor authentication configuration, no more sharing credentials. I'm guessing it's possible because it's essentially the same as the new remote access keys but with a username/password instead.


Edit: I've just come across this request which appears to be similar to what I've mentioned here. I'll vote on that request, but I think those who have voted on this request should also consider multi-user support as an alternative resolution to the problem in some scenarios.

Leave a Comment
 
Attach a file