How to remove WHM access from another CPanelId
The server we run was taken over from another company whereby my company took over their company and as part of this move took control of their WHM server.
When this was carried out of course access passwords were changed.
I have now found out however that staff from the previous company (technically now dissolved) can still access OUR WHM server because they still have valid CPanel ID logins which side-step the WHM root login process.
To make matters a little more complicated - we retained one server admin staff from the other company as a sub-contractor for times when we are short staffed (often holidays) and need a fallback reserve guy to log in, for emergencies.
To this end this single member of staff has ongoing 2FA access BUT does not have current password access to WHM.
However, by accident he showed recently that he can still access the WHM by using his CPanelId login rather than the usual user/pwd access.
How can I limit this persons access to only be allowed at times when we need it, such as when covering absenses, without needing to constantly reset 2FA as this is a fiddle trying to reset this for 5 other people who are rarely in the same place at the same time.
1) For reference: What is the best method of resolving this?
2) Does this require a support ticket (I suspect so)?
Edit: regardless of 2FA I am uncomfortable with the concept that any authorised CPanelId can access our server. What are the options for limiting this, from our end (aside from the 2FA)?
Cheers
Martin
-
The docs should be of some use to you: cPanelID - cPanel Knowledge Base - cPanel Documentation 0 -
Oh thats fantastic, thanks TL;DR: Home " Security Center " Manage External Authentications can turn off CPanelID access to WHM. Followup Question: Can you block a specific CPanelId User rather than that whole access system? Cheers 0 -
Hi @martin MHC You might also want to look at removing the reseller privileges for the user in question, that would remove their privileges to access WHM and leave them to cPanel only. Can you block a specific CPanelId User rather than that whole access system? Cheers
Can you clarify this question? The Manage External Authentications documentation might be helpful? Manage External Authentications - Version 74 Documentation - cPanel Documentation Thanks!0
Please sign in to leave a comment.
Comments
3 comments