New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Urgent - Locked Myself from SSH access
Hello,
I was working on a server and trying to add more security. I was playing with ssh config and trying different options. I remember adding "AllowUsers umair" and even "DenyUsers *" at some point. I was still working while my net disconnected and I lost access to the session.
Now, I can not SSH even with a valid password. I even had my SSH key in there but I am getting "Access Denied" 
Please help. Is there any way I can edit sshd_config file without causing a downtime to the server??? This is a production server
This is cPanel server and I can login to WHM using root pwd. I just can not SSH into it which I really need right now.
Help me please. I screwed up
Thanks
Comments
Is it a VPS? Do you have a VNC console?
Or if it's dedicated, use IPMI or KVMoIP and log in that way to unblock yourself.
What are the odds of that @Jack :P
(when did they add this?)
Unfortunately don't have both options.
This is actually an Amazon instance and getting same
"Access denied / Server refused our key" error.
I can restart SSH via WHM but can not login by setting up a new account either.
@Jack
I didnt know about this option. Let me try it.
@Jack
This killed my SSH completely.
Now I can not even restart SSH from WHM
See this
https://ibb.co/c2LQTv
And
https://ibb.co/d6O11F
I have tried restarting it multiple times via whm. It fails now. I m not getting anything on port 23 or 22. No SSH anymore
Help me guys.
If this server uses EBS, maybe you can shut it off and mount the file system onto another server.
OMG ... This worked.
I had to unlock 23 port (had it firewalled) and I can get in...
Thanks you so much Jack
You're just fortunate he appears to not be able to sleep it's not far of 3AM in his part of the world.
Telnet?
Wait.. this was production?
This is usually how I convince my Linux VPSes to do what I want.
Wow. Nice. So if one secures SSH and all, can heave it all removed with a... breached WHM account? Just wow.
Restrict WHM access to your office IP. Problem solved.
Not solved at all, when you say this kind of stuff it means that you haven't through it through properly. Starting with access for resellers for example. WHM should never touch my services. Period.
About the single best way to make SSH more secure is to combine it with php (whcms) ...
Next week: Help! Some guys hacked into my whcms and robbed my whole web farm!
If you don't like the software, write your own or pay someone with more experience to do it for you
.
??
I'm paying, quite a bit, for a number of licenses for cPanel and I can expect them to have a reasonable approach to security rather than thinking only about reducing their ticket load with stuff that they shouldn't have to deal with in the first place.
Thanks to this thread, I found out that Virtualmin has the same issue. I IP block SSH, but with Virtualmin that I use on all servers, anybody with the root password or if there was a bug, can get access to my server, to SSH (via CP) and do whatever they wanted.
But I have now IP restricted all Virtualmin/webmin access to my three VPNs.
control panels were a mistake
Thats why I really like
https://vpssim.com
Ah you're that type of a person, the one that thinks he is always right. It's you vs cPanel. As @Vita said, if you don't like it, don't buy it. Go build your own.
"WHM should never touch my services." you shouldn't be buying cPanel. Period.
You'd think it would only be for whitelisted or similar accounts - or even as something that could be disabled for those that don't want it as an option.