Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to provide Plesk Support Team with direct access to the server?
Answer
On Plesk Onyx 17.8 for Linux Support SSH Access extension can be used instead, to simplify providing the access.
For Plesk 17.5 and older use instructions below:
-
Configure firewall rules:
Add Plesk Support IPs to exceptions in the firewallNote: In case an intermediate firewall is used, such as Google Cloud Platform Firewall, the rules should also be added there. For more information, refer to the product documentation.
Plesk Support uses the following IP ranges to access remote servers:
- 195.214.233.0/24
- 91.204.24.0/22
- 80.237.178.180
- 81.184.0.141
- 95.170.131.46
- 2A00:1730:FFF9::/48
These IP addresses can be added the following way:
-
On Linux:
# iptables -I INPUT -s 195.214.233.0/24,91.204.24.0/22,91.204.25.0/22,80.237.178.180,81.184.0.141,95.170.131.46 -j ACCEPT
# ip6tables -I INPUT -s 2A00:1730:FFF9::/48 -j ACCEPT
-
On Windows:
PS New-NetFirewallRule -DisplayName "Plesk Support Access" -RemoteAddress @("195.214.233.0/24", "91.204.24.0/22", "91.204.25.0/22", "80.237.178.180", "81.184.0.141", "95.170.131.46", "2A00:1730:FFF9::/48") -Direction Inbound -Action Allow
-
Set up SSH keys authentication (for Linux)
Setting up SSH keys-
Connect to the server using SSH.
-
Make sure PubkeyAuthentication is enabled in SSH configuration:
# grep PubkeyAuthentication /etc/ssh/sshd_config
PubkeyAuthentication yes -
Make sure
.sshdirectory exists in the home directory of the user that will be provided to Support Team:# mkdir ~/.ssh && chmod 700 ~/.ssh
-
Place the Plesk Support public SSH key to the
authorized_keysto allow logging in using it:# curl -L https://support.plesk.com/hc/en-us/article_attachments/360003621494/id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
Keys may be removed after the conclusion of the support incident as follows:
# sed -i '/support@plesk.com/d' ~/.ssh/authorized_keys
-
-
Log into the Plesk Help Center and add server access as a reply to the ticket
Note: Since help Center uses https connection, it is secure. After access to the server is verified by the support engineer, they remove the reply from the ticket and put the credentials to a special field. This field is flushed when the ticket goes to "closed" state.
Comments
6 comments
Hi,
How can I list the installed keys to check if the process was successfully done?
Thanks!
Hello Mario,
You may use any text editor (like vi or vim) to open the file /root/.ssh/authorized_keys and find out if the key is there.
Or you may use just less (less /root/.ssh/authorized_keys) or cat (cat /root/.ssh/authorized_keys)
Hi,
Today I got these IP's from one of your colleagues:
* 64.131.89.14
* 91.204.24.0/24
* 91.204.25.0/24
* 91.204.26.0/24
* 91.204.27.0/24
* 195.214.232.10
* 195.214.233.106
* 195.214.233.155
* 81.184.0.141
* 195.214.234.4
* 95.170.131.46
* 203.32.4.0/26
* 203.214.176.0/24
* 80.237.178.180
* 195.214.233.10
* 195.214.233.8
What's Plesk's current IP's/ranges to whitelist?
Thanks!
Hi @Mario,
You may find the most actual IP addresses in this exact article. They are as follows:
The current IP address ranges are almost the same as previous.
Netmasks were changed to take less time to whitelist IPs in firewalls, and some outdated IP addresses were removed.
Silly question, I am going to block several countries with ipset from our hardware nodes. This includes Russia.
Now I noticed a week or two ago, Plesk couldn't connect to the server as a result of this.
Now it's not clear; if I block a country with ipset and later on add the Plesk support IP's (as accepted IP's) is they can access the servers?
In other words will the IP's in the ACCEPT list overrule the country block?
Let me know. Thanks.
Hello @Michel vd Lingen,
Yes, whitelist has to work
Besides, you can allow connections for our IP addresses explicitly, however, make sure that these allowing rules are located before your blocking ones
Also, if you have several firewalls allow connection for each
Please sign in to leave a comment.