Linux Servers cPanel webhosting blog » Basic Linux

How to disable root login and enable key authentication on Dedicated server?

Gunjan — Sun, 11 Jul 2010 23:00:12 +0000

How to disable root login and enable key authentication on Dedicated server?

Refer following steps to disable direct root login.

1. SSH into your server as root user.

2. Open file sshd_config in your favorite editor

pico /etc/ssh/sshd_config

3. Find the line

Protocol 2, 1

4. Uncomment line and change it to look like

Protocol 2

5. Now find the line
PermitRootLogin yes

6. And Uncomment libe and make it look like as
PermitRootLogin no

7. Save the file sshd_config file,

8. Restart SSH service
/etc/rc.d/init.d/sshd restart

Once root login disabled on server generate authentication key by using following steps.

1. Add user for example we will add user support

useradd support

2.Assigne user support in wheel group.

usermod -G wheel support

3. Set correct permission for sudoers files.

chmod 644 /etc/sudoers

4. Now open sudoers file and set followings line in sudoers file.

pico /etc/sudoers

# User privilege specification
root ALL=(ALL) ALL

# Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL

5. Make sure that sudo file binery file is secure.

chmod 4111 /usr/bin/sudo

If you are not sure about sudo binery path then run commamd to confirm the path.

which sudo

6.Now create .ssh directory in support users home directory.

cd /home/support

mkdir .ssh

7. Now generate the key by using PuTTYgen software and save the key on your local machine as support.ppk file.

8. Create authorized_keys file in .ssh directory and copy content from file support.ppk to authorized_keys file.

9. Confirm permission and ownership for files.

cd /home

ll | grep support

The ownership shuold be

drwx—— 7 support support 4096 Jul 10 03:44 support

cd /home/support

ll | grep .ssh

drwxr-xr-x 2 root root 4096 Jul 12 3:34 .ssh/

ll .ssh

The ownership shoud be

drwxr-xr-x 2 root root 4096 Jul 12 03:22 ./
drwx—— 7 support support 4096 Jul 12 03:44 ../
-rw-r–r– 1 root root 224 Jul 12 03:40 authorized_keys

Note : Do not close current Shell until you are able to access server with the support.ppk key.

New subdomain missing cgi-bin directory.

Gunjan — Sun, 11 Jul 2010 02:32:23 +0000

While creating new subdomain from cPanel we are missing cgi-bin directory. At that time refer following steps.

Login in to WHM and check the domains hosting account package allow “CGI Privilege” or not. If not then enable “CGI Privilege” by editing packages.

WHM >> Account Functions >> Modify An Account and select the user from list and check box following option.

CGI Privilege

And save the package. Now you will able to creaet subdomain with the cgi-bin directory.

Note : As well as plesae set “Y” in WHM >> Main >> Server Configuration >> Basic cPanel/WHM Setup >>CGI Script Alias section.

——————

CGI Script Alias * Automatically create a cgi-bin script alias. This setting can be individually overridden during account creation.

y – Yes
n – No

——————

How to define iptables rules save option?

Gunjan — Wed, 27 Jan 2010 10:37:25 +0000

iptables creating rules after restarting the iptables. When iptables service is restarted settings from /etc/sysconfig/iptables file are applied and used with the iptables.

You can either set up iptables rule so that current stat is saved the rule upon restart or stop/start:

You need to make changes in following file as per your requirement for values received in following GREP result.

root@server[~]# grep IPTABLES_SAVE /etc/sysconfig/iptables-config
IPTABLES_SAVE_ON_STOP=”no”
IPTABLES_SAVE_ON_RESTART=”no”
IPTABLES_SAVE_COUNTER=”no”

Or overwrite current settings with iptables-save to /etc/sysconfig/iptables file:

root@server[~]# iptables-save > /etc/sysconfig/iptables

Note : Its always good if we use NO option for following options because some time due to wrong rule we face major problem to access server.

IPTABLES_SAVE_ON_STOP=”no”
IPTABLES_SAVE_ON_RESTART=”no”
IPTABLES_SAVE_COUNTER=”no”

PHP Parse error: syntax error, unexpected T_STRING?

Gunjan — Fri, 25 Dec 2009 05:26:24 +0000

If you receive following error in the error logs

” PHP Parse error: syntax error, unexpected T_STRING”
Then you can add following line in the .htaccess file

php_flag short_open_tag X

If your server is SuExec enabled then you can use following code in php.ini file
short_open_tag = X

How to parse php pages in html page?

Gunjan — Sun, 06 Dec 2009 18:51:49 +0000

You can use following code in .htaccess file to parse php pages in html pages

RemoveHandler .html .htm
AddType application/x-httpd-php .php .htm .html

To can check above code is working ir not? by creating one test page with following code

root@gunjan[~]#pico test.html

< html>
< head>
< body>
< h1>
< ?php echo "WORKING FINE!"; ?>
< /h1>
< /body>
< /html>

How to check user who are using boxtrapper?

Gunjan — Sat, 28 Nov 2009 20:33:52 +0000

Now a days boxtrapper is cause high server load in that case we need to check how many users are really using boxtrapper.You can use following simple command to heck the boxtrapper users.

root@gunjan[/home]#find /home/*/etc -iname .boxtrapperenable

Run above command in /home and you will found out all the users who are using boxtrapper

How to change nobody ownership to cpanel user?

Gunjan — Fri, 27 Nov 2009 18:51:04 +0000

First you need to found nobody users files than change it to cPanel main user name so that you can change/edit the files without any problem.But its difficult to check ownership one by one for all files in that case you can use following single command

root@gunjan[/home/test]#find ./ -user “nobody” | xargs chown test.test

In above command find will check all files owned by nobody user and after that it chown will change the ownership to test.test where test is cPanel user name

htaccess pcfg_openfile unable to check htaccess file (403 error)

Gunjan — Tue, 17 Nov 2009 20:05:32 +0000

If you are receiving 403 error message after browsing your domain than check the Apache error logs.

root@gunjan[~]tail -f /usr/local/apache/logs/error_log

[Tue Nov 17 19:38:32 2009] [crit] [client 192.168.0.2] (13)Permission denied: /home/admin/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

As per above logs it seems that the nobody user is not getting read and executing permission upto any of that folder.So make sure that the public_html and the subdomain are set read and executing permission for nobody user.

How to generate the password from shell (SSH)?

Gunjan — Fri, 13 Nov 2009 02:39:29 +0000

If you use SSH, use mkpasswd command for creating passwords…

root@gunjan[~]#mkpasswd -l 10 -d 3 -C 3 -s 2
L]4P@V6ii3

How to change timezone on Linux server?

Gunjan — Thu, 12 Nov 2009 00:49:39 +0000

You can change the time zone for your server by using following command.

root@gunjan[~]#date

Wed Nov 11 19:30:29 EST 2009

For example we are changing time zone from EST to GMT.

root@gunjan[~]#ln -sf /usr/share/zoneinfo/GMT /etc/localtime

root@gunjan[~]#date

Thu Nov 12 00:31:36 GMT 2009