On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at Plesk 360 (formerly known as My Plesk) please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

How to disable root access via the SSH Terminal extension for the Plesk administrator?

Follow

Comments

14 comments

  • Avatar
    Pdiotis

    This is for Linux only, correct?

    0
    Comment actions Permalink
  • Avatar
    Damien Ransome

    Add 'SSH Terminal' extension to the blacklist

    [extensions]
    blacklist = ext-panel-editor

    Are you sure that's the correct extension name for 'SSH Terminal'?

    1
    Comment actions Permalink
  • Avatar
    Lars Doe

    This will prevent users from creating event handlers running as root.

    Sounds like normal users are currently able to have something run as root. Do you mean admins?

    0
    Comment actions Permalink
  • Avatar
    David Hubbard

    Grant root access by default, rather than having to choose to enable it, that makes sense...

    1
    Comment actions Permalink
  • Avatar
    Kelvin Oliveira

    How to disable this extension only for additional admin users?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello,

    Pdiotis yes, Linux only.

    Damien Ransome thank you, fixed.

    Lars Doe rephrased, thank you.

    David Hubbard I'll pass the feedback. For now, in case different behavior is required, use the instructions above.

    Kelvin Oliveira currently, these are the only options available. Feel free to suggest new functionality here.

    0
    Comment actions Permalink
  • Avatar
    Burnley

    Ivan Postnikov as already asked by someone else: is this the right configuration to blackilist the SSH terminal extension?

    [extensions]
    blacklist = panel-ini-editor

    We do NOT want Plesk to install this extension on any of our servers full stop. Thanks.

    0
    Comment actions Permalink
  • Avatar
    George Alibegashvili

    Hello @burnleyvic
    Thank you for bringing our attention to this confusing point in the article.
    Article edited to avoid misunderstanding.
    We disabling ext-panel-editor extension to restrict Plesk administrator possibility to edit panel.ini from Plesk GUI and dismiss the restrictions.
    If you want to restrict SSH Terminal extension installation the following option should be added to panel.ini file:
    [extensions]
    blacklist = ssh-terminal
    If you want additionally restrict Plesk administrator ability to edit panel.ini file from Plesk GUI it is required to restrict also panel-editor extension:
    [extensions]
    blacklist = ssh-terminal, panel-ini-editor

    0
    Comment actions Permalink
  • Avatar
    Eomatica

    Just for make it totally clear. With this plesk extension, can i use this extension with SSH root disabled for accesing with an SSH client as putty?

    0
    Comment actions Permalink
  • Avatar
    George Alibegashvili

    Hello @Eomatica,

    All actions provided in the article does not affect connections to the server via regular ssh clients such as putty.

     

    0
    Comment actions Permalink
  • Avatar
    Andy B

    I have 2 servers, same changes done on both. On one the `plesk-ssh-terminal` is disabled, on the other one not.
    Any suggestions?

    0
    Comment actions Permalink
  • Avatar
    Andy B

    It should be mentioned that the "Extension needs to be uninstalled/removed first" so that the upper setting work properly. 
    Otherwise it's just hidden in the interface and it's still running in the backend. Tricky...

    0
    Comment actions Permalink
  • Avatar
    George Alibegashvili

    Hello @Andy B

    As far as I know, the extension can be installed but can not be accessed after adding 

    [extensions]
    blacklist = ssh-terminal, panel-ini-editor

    If you know the path to use it despite the fact that it is disabled I will appreciate it if you will report this to security@plesk.com 

     

    0
    Comment actions Permalink
  • Avatar
    Andy B

    George Alibegashvili yes, with the upper settings it cannot be accessed anymore; this is true. BUT it is still running in the background. 
    I was looking at a way to disable it completely(see here: https://talk.plesk.com/threads/why-is-plesk-ssh-terminal-running.362228/#post-898428). So the upper steps, disables the "interface", but not the service itself.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request