Articles in this section

See more

How to provide Plesk Support Team with the direct access to the server?

Avatar
Alexandr Nikolaenko
Updated
Follow

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Question

How to provide Plesk Support Team with direct access to the server?

Answer

On Plesk Onyx 17.8 for Linux Support SSH Access extension can be used instead, to simplify providing the access.

For Windows and Plesk 17.5 and older use instructions below:

  1. Configure firewall rules:

    Add Plesk Support IPs to exceptions in the firewall

    Note: In case an intermediate firewall is used, such as Google Cloud Platform Firewall, the rules should also be added there. For more information, refer to the product documentation.

    Plesk Support uses the following IP ranges to access remote servers:

    • 195.214.233.0/24
    • 91.204.24.0/22
    • 80.237.178.180
    • 81.184.0.141
    • 95.170.131.46
    • 2A00:1730:FFF9::/48
    • 2001:678:744::10/64

    These IP addresses can be added the following way:

    • On Linux:

      # iptables -I INPUT -s 195.214.233.0/24,91.204.24.0/22,91.204.25.0/22,80.237.178.180,81.184.0.141,95.170.131.46 -j ACCEPT

      # ip6tables -I INPUT -s 2A00:1730:FFF9::/48,2001:678:744::10/64 -j ACCEPT

    • On Windows:

      PS New-NetFirewallRule -DisplayName "Plesk Support Access" -RemoteAddress @("195.214.233.0/24", "91.204.24.0/22", "91.204.25.0/22", "80.237.178.180", "81.184.0.141", "95.170.131.46", "2A00:1730:FFF9::/48", "2001:678:744::10/64") -Direction Inbound -Action Allow

  2. Set up SSH keys authentication (for Linux)

    Setting up SSH keys

    1. Connect to the server using SSH.

    2. Make sure PubkeyAuthentication is enabled in SSH configuration:

      # grep PubkeyAuthentication /etc/ssh/sshd_config
      PubkeyAuthentication yes

    3. Make sure .ssh directory exists in the home directory of the user that will be provided to Support Team:

      # mkdir ~/.ssh && chmod 700 ~/.ssh

    4. Place the Plesk Support public SSH key to the authorized_keys to allow logging in using it:

      # curl -L https://support.plesk.com/hc/en-us/article_attachments/360003621494/id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys

    Keys may be removed after the conclusion of the support incident as follows:

    # sed -i '/support@plesk.com/d' ~/.ssh/authorized_keys

  3. Log into the Plesk Help Center and add server access as a reply to the ticket

    Note: Since help Center uses https connection, it is secure. After access to the server is verified by the support engineer, they remove the reply from the ticket and put the credentials to a special field. This field is flushed when the ticket goes to "closed" state.

Comments

6 comments

Sort by Date Votes
  • Avatar
    Mario

    Hi, 

    How can I list the installed keys to check if the process was successfully done?

    Thanks!

    0
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    Hello Mario,

    You may use any text editor (like vi or vim) to open the file /root/.ssh/authorized_keys and find out if the key is there.

    Or you may use just less (less /root/.ssh/authorized_keys) or cat (cat /root/.ssh/authorized_keys)

    1
    Comment actions Permalink
  • Avatar
    Mario

    Hi, 

    Today I got these IP's from one of your colleagues:

    * 64.131.89.14
    * 91.204.24.0/24
    * 91.204.25.0/24
    * 91.204.26.0/24
    * 91.204.27.0/24

    * 195.214.232.10
    * 195.214.233.106
    * 195.214.233.155
    * 81.184.0.141
    * 195.214.234.4
    * 95.170.131.46

    * 203.32.4.0/26
    * 203.214.176.0/24
    * 80.237.178.180
    * 195.214.233.10
    * 195.214.233.8

     

    What's Plesk's current IP's/ranges to whitelist?

    Thanks!

    0
    Comment actions Permalink
  • Avatar
    Alexandr Bashurov

    Hi @Mario,

    You may find the most actual IP addresses in this exact article. They are as follows:

    • 195.214.233.0/24
    • 91.204.24.0/22
    • 203.32.4.0/26
    • 203.214.176.0/24
    • 80.237.178.180
    • 81.184.0.141
    • 95.170.131.46
    • 2A00:1730:FFF9::/48

    The current IP address ranges are almost the same as previous.
    Netmasks were changed to take less time to whitelist IPs in firewalls, and some outdated IP addresses were removed.

    0
    Comment actions Permalink
  • Avatar
    Michel vd Lingen

    Silly question, I am going to block several countries with ipset from our hardware nodes. This includes Russia.
    Now I noticed a week or two ago, Plesk couldn't connect to the server as a result of this.

    Now it's not clear; if I block a country with ipset and later on add the Plesk support IP's (as accepted IP's) is they can access the servers?
    In other words will the IP's in the ACCEPT list overrule the country block?

    Let me know. Thanks.

    1
    Comment actions Permalink
  • Avatar
    Nikita Nikushkin

    Hello @Michel vd Lingen,

    Yes, whitelist has to work

    Besides, you can allow connections for our IP addresses explicitly, however, make sure that these allowing rules are located before your blocking ones

    Also, if you have several firewalls allow connection for each

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles