I have secured ssh access to my web server so that an encryption key must be passed to validate access. But anyone who knows the password on the root account can log in to WHM.
Bear in mind that I am coming from a quarter century of experience with Debian, where a hacker must know both my username and my password to get into the system. With RHEL systems the root shell is always available so all a hacker needs to do is guess the password.
How do I secure WHM so that the user needs to know the public key to access services, considering that one of the services provided by WHM is a root shell.
Please sign in to leave a comment.