Applicable to:
- Plesk for Linux
Question
How to give SSH access to Plesk users?
Answer
First of all make sure the
SSHTerm - SSH Terminal java applet
is installed via Plesk autoinstaller under
Additional Plesk extensions
menu:
# plesk installer
There is some difference for Service Provider view and Power User view
If Power User view is used, the following steps should be done:
-
Open Plesk > Websites and Domains > Web Hosting Access > Access to the server over SSH
-
Click OK button to apply changes
For the Service Provider view :
-
Open Plesk > Domains > example.com > Web Hosting Access > Access to the server over SSH
-
Click OK button to apply changes
Note: If not selected, attempts to log in via SSH will fail with immediate log out.
Note: The non-selectable ' Forbidden ' value (see screenshot below) means that the ' Management of access to the server over SSH ' permission is set to ' Not allowed ' in the subscription and/or service plan settings by service provider.
To provide SSH access to all Plesk users of subscriptions with the same service plan:
-
Set environment in the ' Home > Service Plans > Service_Plan_Example > Hosting Parameters > SSH access to the server shell under the subscription's system user ' dropdown list;
-
Click Update & Sync button to apply changes and synchronize subscriptions with service plan.
To ensure that the SSH access is provided to the '
username
' user do the following:
# grep 'username' /etc/passwd
username:x:10001:1003::/var/www/vhosts/example.com:/usr/local/psa/bin/chrootsh
In the example above, the last value (
/usr/local/psa/bin/chrootsh
) corresponds to chrooted access.
Comments
12 comments
The user is able to access everything on the server why?
Hello,
Could you please elaborate this? To what resources user is able to access? If the environment is set to '/bin/bash', user will have the same environment as regular Linux user with home directory of /var/www/vhosts/example.com/
So, he will able to access every file with granted 'read' permissions for 'other' for example.
I have a site healthable.org its user is healthable i have set SSH to /bin/bash. healthable was able move from healthable.org folder to /etc
/root
/home
You see how dangerous that is? this means plesk is NOT secure. so how do i fix this? i want healthable to remain in healthable.org directory/folder.
how do i do that?
Hi @iamkingsleyf If the environment is set to '/bin/bash', user will have the same environment as regular Linux user: he will be able to access every file that has granted 'read' permissions for 'other' user groups. In this case, healthable acts as "other" group and has read permissions only. It's not possible to modify files, though, as write and execute permissions are not granted. This is expected as this is how /bin/bash works in Linux: Plesk obviously cannot change Linux functionality.
To prevent a user from this, click Forbidden in Web Hosting Access menu. This way, healthable user has to connect to the server over FTP on 21 port, thus, it will have access to it's home directory only.
So how do i use SFTP? or SSH?
@iamkingsleyf
To allow SSH File Transfer Protocol(SFTP) access for additional FTP user,
/bin/bash (chrooted)access should be enabled. It is expected that under this mode users will be able to view documents: permissions will not allow them to read or modify those, read my comments above regarding the access rights. To check that your users login to SFTP under chrooted environment, visit:https://support.plesk.com/hc/en-us/articles/213904885-How-to-check-if-SFTP-is-working-in-chroot-environment
For more details, read: https://talk.plesk.com/threads/ssh-or-sftp-how-to-enable-plesk-12.324739/
alright thanks
Can i set the option in service plan to Can allow access only to a chrooted environment & /bin/bash (chrooted) ?
Hi, please navigate to Plesk > Service Plans > %Service Plan name% > Hosting Settings and make sure that SSH access to the server shell is set to the value you want.
Note: This parameter is not synced if the Management of access to server over SSH permission under Plesk > Service Plans > %Service Plan name% > Permissions is selected.
The same is described in our documentation:
https://docs.plesk.com/en-US/onyx/administrator-guide/appendix-a-properties-of-hosting-plans-and-subscriptions/hosting-parameters.65720/
Feel free to use the search in the documentation if you need any additional information.
And here is the screenshot of the Service Plan configuration which will switch all service plan's users to chrooted shell:
So i have to set NOT ALLOWED? i thought that will turn it off totally?
@iamkingsleyf,
This toggle does not turn off this feature. In fact, all options in "Permissions" tab are managing users permissions to manage the feature.
So, 'Not allowed' means that users of the Service Plan are not allowed to manage the ssh access feature.
You can try to test it on test service plan.
alright thanks
Please sign in to leave a comment.