Applicable to:
- Plesk for Linux
Question
How to grant a subscription user SSH/SFTP access to its home directory?
Answer
-
Go to Domains > example.com > Web Hosting Access.
-
Select a user shell in the Access to the server over SSH field.
Note: To learn more about different types of the shells, visit this KB article.
-
Click OK to apply the changes.
Now, to connect to the Plesk server as a subscription user via SSH, use the Username under System user in Web Hosting Access.
Video instructions
-
Go to Service Plans > plan_name > Hosting Parameters.
-
Select a user shell in the SSH access to the server shell under the subscription's system user drop-down list.
Note: To learn more about different types of the shells, visit this this KB article.
-
Additional step: To propagate the new user shell to existing subscriptions, go to Service Plans > plan_name > Default > Permissions tab and set Management of access to the server over SSH to Not Allowed.
- Click Update & Sync to apply the changes and synchronize subscriptions with the service plan.
Additional Information
-
To allow Plesk users manage the option Access to the server over SSH in their panel, enable the option Management of access to the server over SSH at Service Plans > plan_name > Hosting Permissions.
-
Use the SSH Terminal extension for Plesk to access the server from the Plesk interface. Alternatively, install the SSH Key extension to add or remove an SSH key which the subscription owner can then use to access the server.
-
The feature to provide SSH access to a particular directory (for example,
/var/www/vhosts/example.com/httpdocs/) is not implemented in Plesk yet. If you would like to see this functionality in Plesk, vote for this feature on Plesk UserVoice. The top-ranked suggestions are likely to be included in the next versions of Plesk.
Comments
15 comments
Hi, how do i allow permission to user over SFTP to only httpdocs folder not root?
@Umar Mughal
Hello!
Such functionality is not implemented in Plesk.
SFTP works over SSH and subscription users are able to access all files of subscription.
New features may be suggested here.
Alright Thanks!
Sorry, to ask this simple question. I executed the command with john_doe and got no output. Is the name john_doe only a placeholder for a real name (customer) or is john_doe himself a real account? I mean, does john_doe already exist by perhaps Plesk or Ubuntu 18 or do I have a greater problem with permissions?
Another important question is, which type of access is usually used by hosters? The first one (/bin/sh) or what do you suggest?
Hello @Markus,
john_doe is a placeholder, you should use the name of a subscription system user instead, it may be checked here:
> Another important question is, which type of access is usually used by hosters?
It depends on preferences, from my experience, the most common are:
Forbidden, /bin/bash and /bin/bash (chrooted)
Thank you very, very much for this support. Plesk and Plesk support is great.
@Markus Wernecke
Thank you for you kind words! We are always glad to help :)
If you disable Plesk SSH, how can you still provide SFTP access to the end user to upload the web content? Isn't it SFTP is part of SSH. If you disable SSH port, it will disable SFTP as well?
Our security team don't like SSH access open to the internet.
Hello @swang liao,
Thank you for your question.
If SSH is completely disabled on the server, then SFTP will not work as well.
However, it is possible to enable SFTP Without Shell Access if the additional configuration is done.
More information on this matter you may find on this 3party resource: How To Enable SFTP Without Shell Access
To improve the server security and continue using SSH, please check the following article: How to secure a Plesk server
The command produces an error:
-bash: username:x:10001:1003::/var/www/vhosts/domain.com:/usr/local/psa/bin/sh: No such file or directory
Hello Justin McMahon,
The command to put into a terminal window is the first line that starts with symbol "#", i.e. "grep john_doe /etc/passwd". The second line in the example is the resulting output.
I can't allow ssh why see this
i also do not see the dropdown box
Unable to activate SSH. Only Forbidden is given and no list available.
Additionally, I tryed to set PowerUser to off so I could edit the subscription and activate this option...
... it told me that this option is forbidden by License.
What a way to make your customers loose time and health.
Hi Kuzma Ivanov,
1) May I ask, how can a path for an additional directory, as /var/www/vhosts/example.com , and its content to be added to the permission access of an existing user which already has a path permitted, as /home/ubuntu ,set on the server, on , may be added?
Those are such paths as set on the file: /etc/passwd
i.e., I would like to add to the user 'ubuntu' the path that the user 'second_user' has, as below:
2) Alternatively, I would like to generate an SSH key for the user 'second_user', so it may connect using SFTP. May I ask how could this be done?
3) I don't understand why is regular SSH Putty access where sudo is switched after connection not considered a security risk, whilst allowing root user to gain SFTP access is. Can you please better explain this issue?
4) And, can you please say what are the SSH CLI to achieve the above via the SSH Console?
5) Can you please explain the differences between the different access levels granted, as in: /bin/sh , /bin/bash, etc. ?
6) What do the 'nologin' and 'flase' ending of user configurations, on the file '/etc/passwd' mean?
7) I feel like the above answer, could be revised to better describe a solution for AWS hosting, where sudo possibly could be used, according to:
https://unix.stackexchange.com/questions/111026/how-to-use-sftp-on-a-system-that-requires-sudo-for-root-access-ssh-key-based-a
Please sign in to leave a comment.