Reset SSH, and find SSH port on cPanel/WHM server

If you lock yourself out of SSH access to your cPanel server or if you do not know on which port your SSH server is running there are several ways you can gain back SSH access to your server.

Flush iptables

If your  IP got locked out in iptables you can use one of cPanel autofixer scripts to flush all iptables chains so your IP can reach SSH on your server again.

Script can be called by adding “scripts2/doautofixer?autofix=iptablesflush” to the end of the WHM url in your browser, and should look something like this:

https://server.domain.tld:2087/cpsess1290981925/scripts2/doautofixer?autofix=iptablesflush

flushing iptables

Reset SSH

If you SSH server is not accessible because of a broken configuration or anything else and is not restarting properly through Home »Restart Services »SSH Server (OpenSSH) in WHM you can try starting safesshrestart script which will kill any running instance of sshd and start a new process on port 22, or if that port is taken on first available port after that, like port 23.

Script can be started by adding “scripts2/doautofixer?autofix=safesshrestart” to the end of your WHM url and should look something like this:

https://server.domain.tld:2087/cpsess1290981925/scripts2/doautofixer?autofix=safesshrestart

Pay attention to the output in WHM when script runs, it will say on which port was SSH started.

safesshrestart

Find out your SSH port

If you are not sure on which port is your SSH server running you can find that out on two ways.

You can use the Restart Services part of WHM and restart SSH by going to Home »Restart Services »SSH Server (OpenSSH) in WHM and watching the output in WHM after you restart SSH, it will say on which port is SSH listening.

Other option is to use an API call to show the port.
You can do that by adding “xml-api/cpanel?user=cpanel&cpanel_xmlapi_apiversion=1&cpanel_xmlapi_module=SSH&cpanel_xmlapi_func=getport” to the end of your WHM url which should look something like this:

https://server.domain.tld:2087/cpsess1290981925/xml-api/cpanel?user=cpanel&cpanel_xmlapi_apiversion=1&cpanel_xmlapi_module=SSH&cpanel_xmlapi_func=getport

You can find out more about WHM autofixers on following link:

https://documentation.cpanel.net/display/ALD/WHM+FAQ#WHMFAQ-WhatistheWHMAutofixer?

Full list of all autofixers can be found here:

http://httpupdate.cpanel.net/autofixer/

How to provide SSH password inside a script or oneliner

If you ever need to provide a password for SSH login inside a bash script or a shell command, to avoid being asked a password when SSH keys are not used, it can be done with usage of expect command, or sshpass utility.

Using expect

Expect is a program that “talks” to other interactive programs according to a script.

http://www.tcl.tk/man/expect5.31/expect.1.html

Lets say you want to SSH to a server and run a remote command, ls for instance, with a command like this:

ssh [email protected] "ls -lh file"

If you are not using SSH keys, you will be prompted a password, and will need to enter it manually.

If you want to avoid entering a password, and have it inputted to login prompt automatically you can use expect command.

Provide SSH password inside a script.

Expect reads cmdfile for a list of commands to execute. Expect may also be invoked implicitly on systems which support the #! notation by marking the script executable, and making the first line in your script:
#!/usr/local/bin/expect -f

Example of a script which runs a remote command over SSH, with password being provided inside a script.

#!/usr/bin/expect -f
spawn ssh [email protected] "ls /file"
expect "assword:"
send "mypassword\r"
interact

One-liner

Running a SSH command with provided password inside a one-liner, can be done using expect -c and then putting the commands inside single quotes.

The -c flag prefaces a command to be executed before any in the script. The command should be quoted to prevent being broken up by the shell. This option may be used multiple times. Multiple commands may be executed with a single -c by separating them with semicolons.

Example of a one-line command:

expect -c 'spawn ssh [email protected] "ls -lh file"; expect "assword:"; send "mypassword\r"; interact'

Using sshpass

SSH password prompt can also be bypassed by connecting with sshpass command, which is available in EPEL repo in CentOS

To install sshpass, first make sure you have EPEL repo on your server.

You can install EPEL with

yum -y install epel-release

Install sshpass with

yum -y install sshpass

You can then connect to remote server with sshpass using a command similar to this:

sshpass -p 'password' ssh [email protected]

If you have never connected to the server before, you will probably not get connected to remote server due to host key checking.
To bypass host key checking use -o StrictHostKeyChecking=no option:

sshpass -p 'password' ssh -o StrictHostKeyChecking=no  [email protected]
References:

http://unix.stackexchange.com/questions/252777/use-she-bang-in-oneliner

http://stackoverflow.com/questions/1924464/bash-controlling-ssh

http://stackoverflow.com/questions/16928004/how-to-enter-ssh-password-using-bash

http://linux.die.net/man/1/expect

http://www.cyberciti.biz/faq/noninteractive-shell-script-ssh-password-provider/