- Plesk for Linux
- Plesk for Windows
How to provide Plesk Support Team with direct access to the server?
On Plesk Onyx 17.8 and Obsidian for Linux Support SSH Access extension can be used instead, to simplify providing the access.
For Windows and Plesk 17.5 and older use instructions below:
Configure firewall rules:Add Plesk Support IPs to exceptions in the firewall
Note: In case an intermediate firewall is used, such as Google Cloud Platform Firewall, the rules should also be added there. For more information, refer to the product documentation.
Plesk Support uses the following IP ranges to access remote servers:
These IP addresses can be added the following way:
# iptables -I INPUT -s 220.127.116.11/24,18.104.22.168/24,22.214.171.124/24,126.96.36.199,188.8.131.52,184.108.40.206 -j ACCEPT
# ip6tables -I INPUT -s 2A00:1730:FFF9::/48,2001:678:744::10/64 -j ACCEPT
PS New-NetFirewallRule -DisplayName "Plesk Support Access" -RemoteAddress @("220.127.116.11/24", "18.104.22.168/24", "22.214.171.124/24", "126.96.36.199", "188.8.131.52", "184.108.40.206", "2A00:1730:FFF9::/48", "2001:678:744::10/64") -Direction Inbound -Action Allow
Set up SSH keys authentication (for Linux)Setting up SSH keys
Connect to the server using SSH.
Make sure PubkeyAuthentication is enabled in SSH configuration:
# grep PubkeyAuthentication /etc/ssh/sshd_config
.sshdirectory exists in the home directory of the user that will be provided to Support Team:
# mkdir ~/.ssh && chmod 700 ~/.ssh
Place the Plesk Support public SSH key to the
authorized_keysto allow logging in using it:
# curl -L https://support.plesk.com/hc/en-us/article_attachments/360003621494/id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
Keys may be removed after the conclusion of the support incident as follows:
# sed -i '/email@example.com/d' ~/.ssh/authorized_keys
Log into the Plesk Help Center and add server access as a reply to the ticket
Note: Since help Center uses https connection, it is secure. After access to the server is verified by the support engineer, they remove the reply from the ticket and put the credentials to a special field. This field is flushed when the ticket goes to "closed" state.