Archives

Check the SSH commands run by users

If you are giving Shell access to your web hosting users you might want to check what commands they are using. In cPanel, there is a file in the user’s home directory that keeps the SSH history.

The file is /home/username/.bash_history
The dot in from of the filename means the file is hidden. You can use the cat command to see the file content:

cat /home/username/.bash_history

root@web [/home/test]# cat .bash_history
#1521029684
exit
#1584542216
ls
#1584542218
w
#1584542219
top
#1584542230
free -m
#1584542234
uptime
#1584542238
cd /
#1584542240
ls
#1584542251
du -sh /home
#1584542267
du -sh /home/test
#1584542281
exit
root@web [/home/test]#

Notice that the .bash_history file is owned by the user, so the user can modify it anytime.

Epoch Time converter

The lines starting with # contain the time (in Unix/Epoch Time format) when the command was run. Below we put a link to a site where you can convert the Unix Time to human-readable time. Or more easily you can use the date command:

root@web [/home/test]# date -d @1584543556
Wed Mar 18 09:59:16 CDT 2020
root@web [/home/test]#

Resources:
Wikipedia Unix Time/Epoch Time
Epoch Time Converter

Connect to a non-default SFTP port

SFTP, the abbreviation for SSH (or Secure) File Transfer Protocol is using by default port 22. Many servers nowadays are using different port numbers, like 2222. We will show in this article how to connect to an explicit port number, using the sftp utility.

The sftp command information:

root@web [~]# sftp
usage: sftp [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
          [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
          [-o ssh_option] [-P port] [-R num_requests] [-S program]
          [-s subsystem | sftp_server] host
       sftp [user@]host[:file ...]
       sftp [user@]host[:dir[/]]
       sftp -b batchfile [user@]host

To connect with sftp to a specific port as root, use sftp -P port_number hostname

root@web [~]# sftp -P 2222 test.plothost.com
The authenticity of host '[test.plothost.com]:2222 ([192.168.165.1]:2200)' can'                                                                                        t be established.
ECDSA key fingerprint is SHA256:MqoUe1cJlbAqFidXZbV4cSMWfi1meCQ6ZtMiIzZ7yQE.
ECDSA key fingerprint is MD5:06:95:95:63:2f:ea:7a:4c:e7:36:62:73:f6:83:d2:04.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '[test.plothost.com]:2222' (ECDSA) to the list of known hosts.
root@test.plothost.com's password:
Connected to test.plothost.com.
sftp> cd /
sftp> bye
root@web [~]#

To connect with a username, use sftp -P port_number user@hostname

Increase password prompt timeout for sshd

Do you want to control the login timeout for the SSH server? You can control it with the LoginGraceTime setting.

LoginGraceTime
The server disconnects after this time if the user has not successfully logged in. If the value is 0, there is no time limit. The default is 120 seconds.

sshd_config man page

Use your favorite text editor to edit the SSH server settings:

nano /etc/ssh/sshd_config

Look for the LoginGraceTime value – add it or adjust its value:

LoginGraceTime 10

We adjusted it here to 10 seconds. Users will have 10 seconds to log in to the SSH server. Don’t forget to restart the SSH server:

service sshd restart

Resources:
sshd_config man page

MOTD and Banner messages for SSH connections

There are two messages you can set in the sshd configuration. One is MOTD (message of the day) and the other one is the Banner.

Banner Message

The Banner message is displayed before the password login prompt.
To edit/set the Banner message:

1. Login to SSH.

2. We will use the system’s file /etc/issue.net for our message. Edit the file with vi /etc/issue.net . Edit the message as you wish.

3. Now we will edit the /etc/sshd_config file. Use vi /etc/ssh/sshd_config. Look for

# no default banner path
#Banner none

and modify to

# no default banner path
Banner /etc/issue.net

4. Exit the editor and restart the SSH server. In our case:

root@web [~]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
root@web [~]#

5. On next login prompt, you will see the Banner message

login as: root
This computer system is for authorized users only. Individuals using this
system without authority or in excess of their authority are subject to
having all their activities on this system monitored and recorded or
examined by any authorized person, including law enforcement, as system
personnel deem appropriate. In the course of monitoring individuals
improperly using the system or in the course of system maintenance, the
activities of authorized users may also be monitored and recorded. Any
material so recorded may be disclosed as appropriate. Anyone using this
system consents to these terms.


root@web.plothost.com's password:


MOTD Text

The MOTD is displayed after a successful login.
To edit/set MOTD follow the steps:

1. Login to SSH.

2. The MOTD text is in the file /etc/motd. So edit it with vi /etc/motd

3. Now we will enable motd in the ssh server configuration. Use vi /etc/ssh/sshd_config. Look for

#PrintMotd yes

and modify to

PrintMotd yes

4. Exit the editor and restart the SSH server. In our case:

root@web [~]# /bin/systemctl restart sshd.service
root@web [~]#

5. On the next successful login, you will see the MOTD text

login as: root
This computer system is for authorized users only. Individuals using this
system without authority or in excess of their authority are subject to
having all their activities on this system monitored and recorded or
examined by any authorized person, including law enforcement, as system
personnel deem appropriate. In the course of monitoring individuals
improperly using the system or in the course of system maintenance, the
activities of authorized users may also be monitored and recorded. Any
material so recorded may be disclosed as appropriate. Anyone using this
system consents to these terms.


root@web.plothost.com's password:
Last login: Thu Dec 12 06:57:43 2019 from 192.168.2.34
Welcome! This is the MOTD :) <------------------------
root@web [~]#


Notice that instead of the vi tool you can use the nano editor or any other editor.

Resources:
issue.net man page
How to install nano editor

How to run cPanel accounts backup from SSH

It’s always a good idea to make on-site/off-site backups of your cPanel accounts. WHM will automatically make backups as per settings from WHM->Backup->Backup Configuration. But you can also run the backup process from the command line.

To start the backup, run:

/usr/local/cpanel/bin/backup

and to force it, run:

/usr/local/cpanel/bin/backup --force

Notice that if backups are not enabled in WHM you can’t start the backup process with the first command:

root@web [~]# /usr/local/cpanel/bin/backup
[2017-05-30 13:13:11 -0400] info [backup] Started at Tue May 30 13:13:11 2017
[2017-05-30 13:13:11 -0400] info [backup] Backups are not scheduled to run today. This can be adjusted in WHM => Backup => Backup Configuration or by calling bin/backup with the --force argument.

You will need to use the –force argument:

root@web [~]# /usr/local/cpanel/bin/backup --force
[2017-05-30 13:15:21 -0400] info [backup] Started at Tue May 30 13:15:21 2017
[2017-05-30 13:15:22 -0400] info [backup] The backup is now running in the background in process 16608.
[2017-05-30 13:15:22 -0400] info [backup] The backup process’s log file is "/usr/local/cpanel/logs/cpbackup/1496164521.log".
Don’t forget to select the users for which you will run the backup. Select them in WHM->Backup->Backup User Selection

For some time you can also use the old backup (legacy) system. Notice that it will be removed in the next cPanel versions – probably in v66. To start the old backup process:

/scripts/cpbackup

and to force the legacy backup to start, use:

/usr/local/cpanel/scripts/cpbackup --force
You will use the –force parameter if the backup is up to date but you still want to run it for any reason.
Page 1 of 2
1 2