Usability and Security on VPS with CyberPanel

Detalhes: By Ribamar FS; Categoria: VPS; 26 Janeiro 2024; Hits: 201

Improving Usability and Security on VPS with CyberPanel

Administering CyberPanel VPS with a regular user

Let's go

- Create common user on VPS (ribafs)
- Add it to sudo so it has some privileges
- Configure SSH so that it user can access the VPS through SSH
- Remove root access to VPS via SSH

This way we can execute some tasks/commands with elevated privileges using sudo,
Or directly access root, since he does not have access to SSH, but my user can allow him to connect, assume:

Most tasks can be done using

sudo command

su and Enter

Provide the root password

I will now remove the snapshot created and create a new one with the current state, to predict, as problems with the permissions and owners of the VPS files have happened to me several times.

Then I will implement these activities:

ssh -p 60022 root@IP

Create user (change it to yours)

adduser ribafs

Add to sudo

adduser ribafs sudo

Add to SSH

adduser ribafs sudo

Change SSH

nano /etc/ssh/sshd_config

Add these two lines to the end of the file

PermitRootLogin no
AllowUsers ribafs

Restart SSH

service ssh restart

See that we didn't change the port, we just added ribafs and removed root.
Exit the server with

exit

Connect with the new user

ssh -p 60022 ribafs@IP

Try running

sudo clear

Note that it asks for the user's password and will keep it in cache for a long time so that the next time it runs without asking for the password.

Now try using the administrative panel and creating a backup of a website for testing.

So far so good with me. But you know, in case of a problem, while we get used to CyberPanel, we can use Snapshot Rollback and, as a last resort, reinstall the VPS.

Bonus

Backup to desktop with common user

Allow regular user to backup all files from /home/backup to desktop

Connect to server

ssh -p 60022 ribafs@IP

su
adduser ribafs root
chmod -R 775 /home/backup

Create an alias on the desktop (make the necessary adaptations for yourself)

cd
nano .bashrc
alias backups="rsync -av --ignore-existing -e 'ssh -p 65522' Este endereço de email está sendo protegido de spambots. Você precisa do JavaScript ativado para vê-lo.:/home/backup/* /backup/transp/backup/"
source .bashrc

When running, backups will bring all files from /home/backupup to the desktop, but only those that do not exist on the desktop

Create the script on the server

sudo nano /usr/local/bin/perms

#!/bin/sh
clear;
echo "";
chown -R ribafs:root /home/backup;
echo "";
echo "Done!";

sudo chmod +x /usr/local/bin/perms

Run with

su
perms

Now you can check /home/backup which has new permissions on all files and is ready to be downloaded to the desktop.

Both the backup and restore of sites continue to work, which tells us that our changes did not affect the CP.

Remember that always before running backups, you need to run perms on the server

Change CyberPanel URL to something like

https://painel.ribamar.net.br:8043/base/

Comments powered by CComment

Novidades

Pensamento do dia

A felicidade não é uma estação de chegada, mas um modo de viajar. (M. Ruberck)