Community Forum
https://forum.vestacp.com/
I guess this is normal behavior (code snippet from v-add-user). Notice the useradd function. This script also checks whether the user exists in /etc/passwd (where all linux users are present).stelios wrote:Am i the only one having this issue ?
Also is it ok to disable root access and change root pass after installing vesta ?
Code: Select all
# Adding user
/usr/sbin/useradd "$user" -s "$shell" -c "$email" -m -d "$HOMEDIR/$user"
if [ $? -ne 0 ]; then
echo "Error: user creation failed"
log_event "$E_INVALID" "$EVENT"
exit $E_INVALID
fi
Hi there...thank you very very much for you reply :)What do you mean by disabling root access? SSH? VestaCP Admin user? MySQL?
Please specify :)
You can deny root login from SSH. Will post the code and location tomorrow, as I'm currently on mobile.stelios wrote:Hi there...thank you very very much for you reply :)What do you mean by disabling root access? SSH? VestaCP Admin user? MySQL?
Please specify :)
I meant SSH, i'm trying to make a vps using VestaCP as secure as possible but still open enough so a client can add his sites etc. So i'm open to any suggestions.
Cheers,
Stelios
I think it's in /etc/sss/sshd_configYou can deny root login from SSH. Will post the code and location tomorrow, as I'm currently on mobile.
- You could of course only allow ssh-key based logins :)stelios wrote:I think it's in /etc/sss/sshd_configYou can deny root login from SSH. Will post the code and location tomorrow, as I'm currently on mobile.
Any more suggestions to make the VPS even more secure are more than welcome and appreciated :)
By the way in /root/ there are 4 files, deb_signing.key , vst-install-ubuntu.sh , vst-install.sh , vst_install_backups . Should we keeping vst-install-ubuntu.sh , vst-install.sh , vst_install_backups or is it safer to delete those ?
cheers