• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Admin Password & Root User Confusion

C

Catia

Basic Pleskian
I have a vps using ubuntu 16.04 and Plesk Onyx 17.0.17 - the vps came with Plesk installed, and the password I got from the provider (1&1) works both for logging into Plesk as Admin and for root access through SSH. It does NOT work for logging into SSH as admin. I'm a little confused by this setup and I'm not sure if this is a Plesk thing, or a function of how the provider set it up.

Shouldn't root logins be disabled by default in Ubuntu? I'm thinking I should set up a super user and disable root logins before I go live with this server, but I don't want to accidentally lock myself out of Plesk. Is the Plesk admin user also a linux system user named admin? Is the Plesk Admin user actually the root user?

Wondering if anyone can shed some light on this for me and/or give me some guidelines for best practices in terms of security going forward. Thanks!
 
Hi Catia,

Catia said:
I'm a little confused by this setup and I'm not sure if this is a Plesk thing, or a function of how the provider set it up.
Click to expand...
The setup has been choosen by your provider and it should help you to administrate the server.

Catia said:
Shouldn't root logins be disabled by default in Ubuntu? I'm thinking I should set up a super user and disable root logins before I go live with this server, but I don't want to accidentally lock myself out of Plesk. Is the Plesk admin user also a linux system user named admin? Is the Plesk Admin user actually the root user?
Click to expand...
Yes, most people ( especially linux "gurus" ), tell you, that disabling "root" for SSH should be essential and the "correct" way.
Plesk sometimes has to use "root" - priviliges on your server - you might call root = admin, when you use Plesk, but the Plesk - user admin is not a linux system user ( check that for example at "/etc/passwd" ). For the database management, Plesk replaces root with admin.

Conclusion and own opinion:
Using Fail2Ban on your server and a decent password ( at least 8 positions, large and lower letters, special characters and numbers included ) is really sufficient to secure your server. Even that it "might be a little bit more secure", to deny SSH - access for the system - user "root", you shouldn't make your server management more complicated than it is. It is as well "more secure" to stay at home, instead of leaving it, but I doubt, that such a suggestions will keep you from doing it. ;) )
 
Thanks so much for your suggestions!

I'm not familiar with Fail2Ban - is this installed & configured through Plesk or is it a completely separate program?

So, I'm content to leave the root user setup as is - but do you think it would be prudent to change the password from the default one they assigned to me (which is plenty long and complicated)? If I did opt to change the password, would I need to change that password separately for the Plesk admin user & root system user? And would those passwords need to be the same for Plesk to work properly?

Thanks again for your help!
 
Hi Catia,

I know that a lot of people hate to read documentations, but from my point of view, reading them will mostly explain standarts and initial questions. Pls. consider to read:


... and IF you still have questions, pls. don't hesitate to ask them. ;)


Catia said:
...
but do you think it would be prudent to change the password from the default one they assigned to me (which is plenty long and complicated)?
Click to expand...
No.
If the password already meets the above suggestions, there is no need to change it.

Catia said:
If I did opt to change the password, would I need to change that password separately for the Plesk admin user & root system user?

And would those passwords need to be the same for Plesk to work properly?
Click to expand...
1.) Yes.
2.) No.
 
Ha! You mean there's actual documentation? Didn't realize that. In other words... RTFM! ;-) Thanks for the link.
 
OK, so the documentation says I should go to Tools & Settings > IP Address Banning (Fail2Ban) (in the Security group) to adjust these settings, but I don't seem to have any option like that in the security group. I've got the following:
Security Policy
SSL/TLS Certificates
Restrict Creation of Subzones
Additional Administrator Accounts
Active Plesk Sessions
Active FTP Sessions
Session Idle Time
Restrict Administrative Access
Prohibited Domain Names

Perhaps I don't have Fail2Ban installed?
 
>> Perhaps I don't have Fail2Ban installed?

It seems like you don't.

Tools & Settings -> Updates and Upgrades -> Add/Remove components

Fail2Ban should be in that list. You can install it from there.

I would also recommend to install the Plesk Firewall. You can find it at 'Plesk extensions' in that same list.
 
You must log in or register to reply here.

Similar threads

S
Question Will disabling Ubuntu SSH root login affect Plesk FTP/SSH Terminal?
Replies
1
Views
285
Kaspar@Plesk
Kaspar@Plesk
C
Question Email notification when user logs in to Plesk
Replies
4
Views
582
Kaspar@Plesk
Kaspar@Plesk
F
Question Plesk Migrator Error: Access denied for user 'admin'@'127.0.0.1' (using password: YES)"
Replies
7
Views
610
Sebahat.hadzhi
Sebahat.hadzhi
S
Issue DB query failed: SQLSTATE[HY000] [1045] Access denied for user 'admin'@'localhost' (using password: NO)
Replies
1
Views
389
Kaspar@Plesk
Kaspar@Plesk
G
Question I have changed all Ubuntu permissions and I cannot log in
Replies
3
Views
695
scsa20
scsa20
Back
Top