How to disable root login and enable key authentication on Dedicated server?
Refer following steps to disable direct root login.
1. SSH into your server as root user.
2. Open file sshd_config in your favorite editor
pico /etc/ssh/sshd_config
3. Find the line
Protocol 2, 1
4. Uncomment line and change it to look like
Protocol 2
5. Now find the line
PermitRootLogin yes
6. And Uncomment libe and make it look like as
PermitRootLogin no
7. Save the file sshd_config file,
8. Restart SSH service
/etc/rc.d/init.d/sshd restart
Once root login disabled on server generate authentication key by using following steps.
1. Add user for example we will add user support
useradd support
2.Assigne user support in wheel group.
usermod -G wheel support
3. Set correct permission for sudoers files.
chmod 644 /etc/sudoers
4. Now open sudoers file and set followings line in sudoers file.
pico /etc/sudoers
# User privilege specification
root ALL=(ALL) ALL
# Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
5. Make sure that sudo file binery file is secure.
chmod 4111 /usr/bin/sudo
If you are not sure about sudo binery path then run commamd to confirm the path.
which sudo
6.Now create .ssh directory in support users home directory.
cd /home/support
mkdir .ssh
7. Now generate the key by using PuTTYgen software and save the key on your local machine as support.ppk file.
8. Create authorized_keys file in .ssh directory and copy content from file support.ppk to authorized_keys file.
9. Confirm permission and ownership for files.
cd /home
ll | grep support
The ownership shuold be
drwx—— 7 support support 4096 Jul 10 03:44 support
cd /home/support
ll | grep .ssh
drwxr-xr-x 2 root root 4096 Jul 12 3:34 .ssh/
ll .ssh
The ownership shoud be
drwxr-xr-x 2 root root 4096 Jul 12 03:22 ./
drwx—— 7 support support 4096 Jul 12 03:44 ../
-rw-r–r– 1 root root 224 Jul 12 03:40 authorized_keys
Note : Do not close current Shell until you are able to access server with the support.ppk key.
While creating new subdomain from cPanel we are missing cgi-bin directory. At that time refer following steps.
Login in to WHM and check the domains hosting account package allow “CGI Privilege” or not. If not then enable “CGI Privilege” by editing packages.
WHM >> Account Functions >> Modify An Account and select the user from list and check box following option.
CGI Privilege
And save the package. Now you will able to creaet subdomain with the cgi-bin directory.
Note : As well as plesae set “Y” in WHM >> Main >> Server Configuration >> Basic cPanel/WHM Setup >>CGI Script Alias section.
——————
CGI Script Alias * Automatically create a cgi-bin script alias. This setting can be individually overridden during account creation.
——————
iptables creating rules after restarting the iptables. When iptables service is restarted settings from /etc/sysconfig/iptables file are applied and used with the iptables.
You can either set up iptables rule so that current stat is saved the rule upon restart or stop/start:
You need to make changes in following file as per your requirement for values received in following GREP result.
root@server[~]# grep IPTABLES_SAVE /etc/sysconfig/iptables-config
IPTABLES_SAVE_ON_STOP=”no”
IPTABLES_SAVE_ON_RESTART=”no”
IPTABLES_SAVE_COUNTER=”no”
Or overwrite current settings with iptables-save to /etc/sysconfig/iptables file:
root@server[~]# iptables-save > /etc/sysconfig/iptables
Note : Its always good if we use NO option for following options because some time due to wrong rule we face major problem to access server.
IPTABLES_SAVE_ON_STOP=”no”
IPTABLES_SAVE_ON_RESTART=”no”
IPTABLES_SAVE_COUNTER=”no”
If you receive following error in the error logs
” PHP Parse error: syntax error, unexpected T_STRING”
Then you can add following line in the .htaccess file
php_flag short_open_tag X
Or
If your server is SuExec enabled then you can use following code in php.ini file
short_open_tag = X
You can use following code in .htaccess file to parse php pages in html pages
RemoveHandler .html .htm
AddType application/x-httpd-php .php .htm .html
To can check above code is working ir not? by creating one test page with following code
root@gunjan[~]#pico test.html
< html>
< head>
< body>
< h1>
< ?php echo "WORKING FINE!"; ?>
< /h1>
< /body>
< /html>
Now a days boxtrapper is cause high server load in that case we need to check how many users are really using boxtrapper.You can use following simple command to heck the boxtrapper users.
root@gunjan[/home]#find /home/*/etc -iname .boxtrapperenable
Run above command in /home and you will found out all the users who are using boxtrapper
First you need to found nobody users files than change it to cPanel main user name so that you can change/edit the files without any problem.But its difficult to check ownership one by one for all files in that case you can use following single command
root@gunjan[/home/test]#find ./ -user “nobody” | xargs chown test.test
In above command find will check all files owned by nobody user and after that it chown will change the ownership to test.test where test is cPanel user name
If you use SSH, use mkpasswd command for creating passwords…
root@gunjan[~]#mkpasswd -l 10 -d 3 -C 3 -s 2
L]4P@V6ii3
