Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
152
Suggestions / Re: Why is this project closed source?
« on: June 14, 2019, 09:11:37 PM »Its been sold to a european company. I suspect that they are moving towards commercial version.
Has anyone tried Apache Guacamole?
CWP hasnt been sold to any company.STUDIO 4 HOST supports the developers of CWP
153
Information / Re: ssh disable root login
« on: June 14, 2019, 09:07:07 PM »I may be misunderstanding the question...if so forgive me.
The object of the exercise as far as my limited knowledge of web servers goes is this...
1. having ssh logins for users, in general, is a terrible idea for most web servers. That means, no user should be given ssh login ability unless you are prepared to spend a good deal of time making sure you are both capable and willing to really lock down the web server.
2. If the ssh login is just for a single user, or small group who you have excellent control over, then it's by far one of the most secure forms of communication between yourself and your server!
So the above two scenarios at first glance seem to completely contradict each other, however, that is not exactly a good illustration of the problem. The problem is that one of the most secure forms of communication (ssh) is potentially the most catastrophic to the server should it get hacked! Some of the issues are:
- users being able to see files that dont belong to them
- users potentially running dangerous commands
- ssh can still be brute forced
Whilst all of the above are not beyond fixing, i dont allow any SSH access to my webservers for anyone else but myself. If clients have use of filemanager, or even cms such as wordpress, i dont see any good reason why they need ssh/sftp access (or alternatively, ftp/ftps for that matter).
Now, in terms of root user access from terminal...
the reason we are told to disable "root user" ssh or shell access is
1. just in case the root account gets hacked! Such a scenario would be catastrophic to your web server!
2. so you cant stuff your system so easily when playing around on a live production system!
So the recommended alternative is to create a sudoer user...which has rights similar to root for most things, however, does not have access to high-level directories that can be used to completely destroy the server either intentionally or unintentionally.
sudoer should not be able to edit/write to root owned directories unless group permissions have been assigned that allow such access!
short and curly...create a sudoer administrator user and provide access to ssh for that user. Usually one then disables direct access to ssh by root.
Should you be in command shell via programs such as putty for example, then in order to gain root access, you then elevate your sudo user to temporarily gain root access using a few different methods...
1. sudo
2. sudo -i
3. su
4 sudo -s
I also am able on one of my systems change an existing user to root by typing "su root"
I also do not see any great advantage in using private key files either. Sure it makes brute forcing the server account directly almost impossible, if someone gets access to your keyfiles on your desktop pc (because home computers have such great reputations for getting viruses and trojans etc)....
Finally, i think there is some misconception about the "Control Panel" root user access, and normal shell/command prompt access. Disabling the root user shell access doesnt mean the control panel is going to stop functioning!
this is my understanding of the why and how.
I think your analysis make sense.
He didnt understand what i meant by the keys were created by the root user.I never said all private keys are created by the root user.
Nothwithstanding this, using the root user on the terminal makes working easier but also dangerous as root is the top most admin on the system.A compromise means whole system is compromised.
Also note, same way passowrds can be stolen, private keys can also be stolen
154
Information / Re: ssh disable root login
« on: June 13, 2019, 07:29:01 PM »Not true. Private key was created without any user name input. A matching private and public key is all that is needed.
Apparently, private key login is only used for root login.
Ok That fine.
However, please try to open the private key and you see the user writen as root@hostname.
This i can be seen more on amazon server.
Nevertheless its fine you have figured it out
155
Postfix / Re: Blocked MTA-BLOCKED {TempFailedOpenRelay}
« on: June 13, 2019, 07:20:54 PM »
please contact them here - http://centos-webpanel.com/support-services
so they can investigate and assist
so they can investigate and assist
156
PHP / Re: CWP linking to wrong directory for php.ini when changing to php-FPM
« on: June 13, 2019, 07:19:06 PM »
Ok thanks. Thats a nice observation. CWP developers will be notified about this.
Thanks once again
Thanks once again
157
SSL / Re: SSL Vendor, please recommend
« on: June 13, 2019, 07:05:57 PM »
There are lots of SSL vendors - namecheap,comodo,GeoTrust,Symantec
159
Postfix / Re: Blocked MTA-BLOCKED {TempFailedOpenRelay}
« on: June 13, 2019, 07:02:00 PM »
Please contact support for assistance
160
CentOS 7 Problems / Re: Problem installing on DigitalOcean server
« on: June 13, 2019, 07:46:00 AM »
ok sure
161
PHP / Re: .user.ini allow_url_fopen
« on: June 13, 2019, 07:44:15 AM »
which php.ini file did you edit for php-fpm...I want the full path
162
Installation / Re: How do I connect and manage various serves with one cwp.
« on: June 13, 2019, 07:40:33 AM »
you are welcome
163
Suggestions / Re: Two-Factor Authentication (2FA) - Google Authenticator for CWP and CWP PRO !
« on: June 13, 2019, 07:34:26 AM »
You are welcome
164
CentOS 7 Problems / Re: Must Follow CWP Installation Perquisite
« on: June 13, 2019, 07:33:31 AM »This is right.The only requirement is stated here - http://centos-webpanel.com/system-requirementsApart from Percona pre-requisite, at this point in time.
- A minimal install of centos 6/7
- A static Public IP
- The install scripts configures and install all other pre-requisites for functioning of CWPCode: [Select]error: Failed dependencies: perl(DBD::mysql) >= 1.0 is needed by percona-toolkit-2.2.16-1.noarch
Is this a fresh install of centOS? 6 or 7?
165
Postfix / Re: Blocked MTA-BLOCKED {TempFailedOpenRelay}
« on: June 13, 2019, 07:30:23 AM »
Did you try to restart amavis?
service amavisd restart
service amavisd restart
