How to Manage Shell Access from WHM?

WHM (WebHost Manager) is a VPS very powerful control panel that makes it possible for the system administrators to manage the numerous aspects of a server; shell access is one of them. A shell access means the command line interface which is used to input a command or issue instruction to a shell program to perform desired action on the server directly. This is of benefit for users who are technically advanced and need to conduct tasks not available to users of the WHM interface as well as for debugging purposes.

Unlike the case of limited external storage capabilities, logging in to a secure shell (SSH) may also introduce security concerns in case the process is not adequately managed.

Enabling or Disabling Shell Access

WHM gives the users the proper way to enable/disable shell access according to different accounts or packages customers desires. Here's how you can do it:

1. Enter your WHM interface by passing the login.

2. Clicking on "Account Functions" which is under the "Modify an Account" option will take you to the next page.

3. On the domain name field or account selection field, enter the specified domain name, otherwise, select the account you want to change from the list.

4. Refer to the "Shell Access" item in the list below.

5. To get shell access, check the 'Shell Access' check box. Tick the deselection box for shell access to disable this function.

6. Place the cursor in the input field and click on the "Save" button to confirm your changes.
   
   

Alternatively, you can enable or disable shell access for an entire package by following these steps:

• The first step is to connect to your WHM.

• Through the "Package Management" option select "Edit Package".

• Pick out a package from the list of the ones you want to modify.

• See the "Shell Access" section which is under "Shell Access".

• To get shell access to the package, two options are shown one of them is the "Shell Access" checkbox. To disable shell access, remove the applied checkbox.

• Clicking on the "Save" button will save your modifications.
  
  

By default, WHM provides access to the shell for cPanel account users; however, you can modify this setting under the WHM's "Tweak Settings" user interface.

Managing Shell Access Security

The opening port for the shell to access can be helpful sometimes, but meanwhile, it is also dangerous. However, WHM prevents these risks with various security features and instructions for individuals to follow:

1. Password Protection: Individual passwords for each shell or command line you use can be set using WHM, different from your cPanel account password. Such an extra level of security can't be passed or broken down unless someone gets to know the password. It regularly eliminates the chances of access to the server by an unauthorized person.

2. Restricted Shell: WHM employs a restricted shell environment known as a "jail shell" in terms of its security features. Jail shell guarantees a user's permitted access to particular directories or only certain commands, hence preventing error or any mischief.

3. IP Address Restrictions: The configuration of WHM can be set up in a way that the shell access is possible only from a selected IP address or a range of IP addresses. By providing this feature, we enable the prevention of malicious breakdown of the distributed network from untrusted sources.

4. Logging: It is worth mentioning that all shell access activities are recorded in the WHM logs, including unsuccessful connection attempts, user commands, etc. Performing such a task regularly will allow you to identify and prevent incidents that could endanger system security.

5. Disabling Shell Access for Unused Accounts: Making the shell inaccessible for any account that does not require it is the best practice. This narrows the attack area that might be a source of risk which can be achieved through effective security measures.

6. Enabling Two-Factor Authentication (2FA): WHM provides 2FA support for shell access which implies that there is an indefinite time code requirement that must be filled in together with the password.

7. Implementing Firewall Rules: You can configure the firewall of your machine in such a way as to let access to the ports used for shell access or block the access of the ports that are used for shell access ( e.g., SSH (Secure Shell) on port 22).

Best Practices for Managing Shell Access

But although WSM supplies several modules to administer shell access, following standard operating procedures is key to the safe operation and optimized forever server:

• Principle of Least Privilege: Give shell access privilege only to users who need it and with the least privileges to them to perform their work.

• Regular Audits: Every once in a while, make sure you audit the list of users with shell access, matching the access to the users’ current needs.

• Strong Password Policies: Establish a strong password policy for shell access which defines minimum length, complexity requirements, and required password change periodically.

• User Education: Educate users with shell access on the best security practices, like password sharing avoidance, using the latest connections, and updating their devices.

• Monitoring and Incident Response: Shell access logs must be monitored frequently and all necessary action including the Incident Response plan must be taken in response to the likely security threats and suspicious activities immediately.

• Keeping Software Up to Date: To prevent any security breach, make sure your operating system, WHM, as well as other software components, are updated with the latest bug fixes, security patches and recommended versions of software
  
  

Through this article, you may learn the key recommendations and utilize the security properties that WHM has. Thus, you will be able to manage shell access and maintain the security and control of a server.