Enabling SSH for cPanel Account Not Working

[the_Dsigner]

I have a dedicated server running CentOS 6.9 with WHM 70.0.48.

So I have tried to get the SSH to work awhile ago for one of my Cpanel accounts with no luck and gave up. I once gain tried this afternoon and again after many hours the same result..."Server has refused your key".

I"m not sure what i'm doing wrong. I have read the WHM faq section, blog posts, and yt how-to vids. I have gone into my WHM and verified SSH is turned on under accounts, and set to normal SSH.

I create a new public/private key in the Cpanel account in question. Key has been authorized, I convert the public key to ppk format for use in putty, download key. In putty I load the key in the SSH/Auth section. I have tried a combination of using the:

1. Server IP that I use for SSH root to the WHM (which works fine) then logging in under the cpanel username. Not accepted.
2. Cpanel domain with the auto-login in the Connection/Data tab of putty as the account username. Not accepted.
3. Tried creating a key with PuttyGen then importing into Cpanel SSH. Not accepted.

I can SSH with putty into the WHM as root, but for an individual Cpanel account I can't get it working. What am I doing wrong here?

Thanks

 

[cPanelMichael]

Hello @the_Dsigner,

Can you monitor the /var/log/secure log file when you attempt to login as the individual user via SSH and let us know the output? EX:

tail -f /var/log/secure

Ensure to replace any identifying information with examples.

Thank you.

 

[the_Dsigner]

ok took a look in the log and found this after doing another attempt...

Jun 7 14:54:51 ADMIN01 sshd[14301]: User USER01 from 196.000.00.00 not allowed because not listed in AllowUsers
Jun 7 14:54:51 ADMIN01 sshd[14302]: input_userauth_request: invalid user USER01

 

[Jcats]

Seems like you are using

AllowUsers in ssh

grep -i AllowUsers /etc/ssh/sshd_config

You will want to add that range like so

*@196.0.0.0/8

just add it to the end of the

AllowUsers line separating it from the previous CIDR with a space.

Also.. *@196.0.0.0/8 allows that entire range, so you may want to specify a smaller range or just define the actual IP address.

Once done restart ssh:

/scripts/restartsrv_sshd

 

[the_Dsigner]

I'm not familiar with the AllowUsers list. Is this something that's setup by default in the SSH?

 

[Jcats]

Nope, that is not a default option, its not even mentioned in the config by default.

If you don't need/want it, just comment it out but comment out similar lines as well like

DenyUsers, AllowUsers, DenyGroups, AllowGroups

 

[the_Dsigner]

Thanks. I don't know why that was activated as I don't want to add/remove Cpanel users every time I feel the need to SSH into that account.

 

[Jcats]

Yeah would be a pain for sure.

 

[the_Dsigner]

Just took a look in my CentOS directory and there is only the ssh_config file, no sshd_config file in /ect/ssh/

 

[Jcats]

What does this give you:

grep -rli AllowUsers /etc/ssh/

 

[cPanelMichael]

Just took a look in my CentOS directory and there is only the ssh_config file, no sshd_config file in /ect/ssh/

Hello @the_Dsigner,

The /etc/sshd_config file should exist. Are you logged in via SSH as root when browsing to the /etc/ directory?

Thank you.