How to give Plesk users SSH access

Follow

Comments

12 comments

  • Avatar
    iamkingsleyf

    The user is able to access everything on the server why?

  • Avatar
    Konstantin Annikov

    Hello, 

     

    Could you please elaborate this? To what resources user is able to access? If the environment is set to '/bin/bash', user will have the same environment as regular Linux user with home directory of /var/www/vhosts/example.com/
    So, he will able to access every file with granted 'read' permissions for 'other' for example. 

  • Avatar
    iamkingsleyf

    I have a site healthable.org its user is healthable i have set SSH to /bin/bash. healthable was able move from healthable.org folder to /etc

    /root

    /home

    You see how dangerous that is? this means plesk is NOT secure. so how do i fix this? i want healthable to remain in healthable.org directory/folder.

    how do i do that?

  • Avatar
    Yulia Plokhotnikova

    Hi @iamkingsleyf If the environment is set to '/bin/bash', user will have the same environment as regular Linux user: he will be able to access every file that has granted 'read' permissions for 'other' user groups. In this case, healthable acts as "other" group and has read permissions only. It's not possible to modify files, though, as write and execute permissions are not granted. This is expected as this is how /bin/bash works in Linux: Plesk obviously cannot change Linux functionality.

    To prevent a user from this, click Forbidden in Web Hosting Access menu. This way, healthable user has to connect to the server over FTP on 21 port, thus, it will have access to it's home directory only. 

  • Avatar
    iamkingsleyf

    So how do i use SFTP? or SSH?

  • Avatar
    Yulia Plokhotnikova

    @iamkingsleyf

    To allow SSH File Transfer Protocol(SFTP) access for additional FTP user, /bin/bash (chrooted) access should be enabled. It is expected that under this mode users will be able to view documents: permissions will not allow them to read or modify those, read my comments above regarding the access rights. To check that your users login to SFTP under chrooted environment, visit:

    https://support.plesk.com/hc/en-us/articles/213904885-How-to-check-if-SFTP-is-working-in-chroot-environment

    For more details, read: https://talk.plesk.com/threads/ssh-or-sftp-how-to-enable-plesk-12.324739/

     

  • Avatar
    iamkingsleyf

    alright thanks

  • Avatar
    iamkingsleyf

    Can i set the option in service plan to Can allow access only to a chrooted environment /bin/bash (chrooted) ?

  • Avatar
    Konstantin Annikov

    Hi, please navigate to Plesk > Service Plans > %Service Plan name% > Hosting Settings and make sure that SSH access to the server shell is set to the value you want. 

    Note: This parameter is not synced if the Management of access to server over SSH permission under  Plesk > Service Plans > %Service Plan name% > Permissions is selected.

    The same is described in our documentation: 

    https://docs.plesk.com/en-US/onyx/administrator-guide/appendix-a-properties-of-hosting-plans-and-subscriptions/hosting-parameters.65720/

    Feel free to use the search in the documentation if you need any additional information.

    And here is the screenshot of the Service Plan configuration which will switch all service plan's users to chrooted shell: 

  • Avatar
    iamkingsleyf

    So i have to set NOT ALLOWED? i thought that will turn it off totally?

  • Avatar
    Konstantin Annikov

    @iamkingsleyf

     

    This toggle does not turn off this feature. In fact, all options in "Permissions" tab are managing users permissions to manage the feature. 

    So, 'Not allowed' means that users of the Service Plan are not allowed to manage the ssh access feature. 

    You can try to test it on test service plan. 

  • Avatar
    iamkingsleyf

    alright thanks

Please sign in to leave a comment.