How to Secure SSH While Allowing cPFence WebUI Access?

If you want to keep SSH secure while ensuring compatibility with the cPFence WebUI, you do not need to enable full root login with a password.

Warning: set up key-based SSH access and verify you can log in with your key before disabling passwords. Otherwise you may lock yourself out.

Recommended SSH Configuration

Use the following settings. Root can use keys, passwords are blocked.

Quick Steps

1) Create a hardening file that loads first

sudo tee /etc/ssh/sshd_config.d/01-cpfence-hardening.conf >/dev/null <<'CONF'
PermitRootLogin prohibit-password
PasswordAuthentication no
PubkeyAuthentication yes
CONF

2) Validate and reload SSH

sudo sshd -t && sudo systemctl reload ssh

3) Quick check

sudo sshd -T | grep -E 'permitrootlogin|passwordauthentication|pubkeyauthentication'

Expected

permitrootlogin without-password
passwordauthentication no
pubkeyauthentication yes

Rollback

sudo rm /etc/ssh/sshd_config.d/01-cpfence-hardening.conf
sudo systemctl reload ssh

Notes

  • Ubuntu reads /etc/ssh/sshd_config.d/*.conf at the start, and the first value wins. Using 01-... avoids later overrides from other files.
  • Seeing without-password in the check is normal. It is the canonical alias of prohibit-password.

Need help

Visit our Knowledgebase or contact our support team.

  • root login, ssh configuration
  • 1 gebruikers vonden dit artikel nuttig
Was dit antwoord nuttig?

Gerelateerde artikelen

How to Add or Remove a Server in the cPFence WebUI Central Dashboard?

If you've installed cPFence on a new server or need to remove an old server and want the changes...

Troubleshooting Common Issues with the cPFence WebUI

Note: Please make sure you added your IP to the whitelist using the commandcpfence...

How to Enable cPFence WebUI?

Important: The cPFence WebUI can only be enabled and run on your Enhance main control panel...