SSH plugin?

Friends4U

• August 20, 2016 06:09

Hi, I have two questions :) First: I have a VPS and want to have it as secure as possible, now the security advisor tells me that SSH direct root logins are permitted. Of course I can manually edit /etc/ssh/sshd_config and change PermitRootLogin to "without-password" or "no" and then restart SSH but my server manager dislikes that because he wants to be able to keep giving service trough SSH. I do use the SSH Password Authorization Tweak, but that doesn't change the sshd_config, only disables the use of passwords (bit strange that that tweak doesn't change both). Is it possible to make a (plugin) link the when I click it (in WHM) the sshd_config is changed to yes (when enabling) and to "no" when disabling? Second: He wants to monitor my MySQL, when I configure bind-address=127.0.0.1 in /etc/my.cnf, or close port 3306 in the server"s firewall he cannot monitor the service but when I do not do that the security advisor is not so happy... Is there a way to change MySQL to be 1) safe and 2) allow only the IP of the monitoring service? Thanks for you answers in advance! Greetings, Richard

• 

  24x7server

  • August 20, 2016 15:30

  Hello :), 1) Currently there is no such plugin to update SSHD config file through WHM with in click., You need to edit your sshd config file on your server. 2) Yes, It's safe of you allow port 3306 for some ip's. You need to update server firewall setting to allow port 3306 port for specific IP's. if you are using CSF firewall on your server then update csf.allow file with your IP's
  tcp|in|d=3306|s=11.22.33.44
  

  0
• 

  Friends4U

  • August 21, 2016 10:34

  Thank you for your response! The MySQL fix (with firewall) will not remove the waring from security advisor, so I must ignore that right?

  0
• 

  acenetgeorge

  • August 22, 2016 16:11

  In regards to the SSH Root Login warning, we now use SSH Keys with KeePass 2.x using the KeeAgent plugin to log into our servers with ssh keys. Your server manager could still connect to SSH using keys, and disable root password logins.

  0
• 

  cPanelMichael

  • August 24, 2016 16:43

  Hello, You may also find the following threads helpful: [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) The MySQL service is currently configured to listen on all interfaces Thank you.

  0

Please sign in to leave a comment.