• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Admin Password & Root User Confusion

C

Catia

Basic Pleskian
I have a vps using ubuntu 16.04 and Plesk Onyx 17.0.17 - the vps came with Plesk installed, and the password I got from the provider (1&1) works both for logging into Plesk as Admin and for root access through SSH. It does NOT work for logging into SSH as admin. I'm a little confused by this setup and I'm not sure if this is a Plesk thing, or a function of how the provider set it up.

Shouldn't root logins be disabled by default in Ubuntu? I'm thinking I should set up a super user and disable root logins before I go live with this server, but I don't want to accidentally lock myself out of Plesk. Is the Plesk admin user also a linux system user named admin? Is the Plesk Admin user actually the root user?

Wondering if anyone can shed some light on this for me and/or give me some guidelines for best practices in terms of security going forward. Thanks!
 
Hi Catia,

Catia said:
I'm a little confused by this setup and I'm not sure if this is a Plesk thing, or a function of how the provider set it up.
Click to expand...
The setup has been choosen by your provider and it should help you to administrate the server.

Catia said:
Shouldn't root logins be disabled by default in Ubuntu? I'm thinking I should set up a super user and disable root logins before I go live with this server, but I don't want to accidentally lock myself out of Plesk. Is the Plesk admin user also a linux system user named admin? Is the Plesk Admin user actually the root user?
Click to expand...
Yes, most people ( especially linux "gurus" ), tell you, that disabling "root" for SSH should be essential and the "correct" way.
Plesk sometimes has to use "root" - priviliges on your server - you might call root = admin, when you use Plesk, but the Plesk - user admin is not a linux system user ( check that for example at "/etc/passwd" ). For the database management, Plesk replaces root with admin.

Conclusion and own opinion:
Using Fail2Ban on your server and a decent password ( at least 8 positions, large and lower letters, special characters and numbers included ) is really sufficient to secure your server. Even that it "might be a little bit more secure", to deny SSH - access for the system - user "root", you shouldn't make your server management more complicated than it is. It is as well "more secure" to stay at home, instead of leaving it, but I doubt, that such a suggestions will keep you from doing it. ;) )
 
Thanks so much for your suggestions!

I'm not familiar with Fail2Ban - is this installed & configured through Plesk or is it a completely separate program?

So, I'm content to leave the root user setup as is - but do you think it would be prudent to change the password from the default one they assigned to me (which is plenty long and complicated)? If I did opt to change the password, would I need to change that password separately for the Plesk admin user & root system user? And would those passwords need to be the same for Plesk to work properly?

Thanks again for your help!
 
Hi Catia,

I know that a lot of people hate to read documentations, but from my point of view, reading them will mostly explain standarts and initial questions. Pls. consider to read:


... and IF you still have questions, pls. don't hesitate to ask them. ;)


Catia said:
...
but do you think it would be prudent to change the password from the default one they assigned to me (which is plenty long and complicated)?
Click to expand...
No.
If the password already meets the above suggestions, there is no need to change it.

Catia said:
If I did opt to change the password, would I need to change that password separately for the Plesk admin user & root system user?

And would those passwords need to be the same for Plesk to work properly?
Click to expand...
1.) Yes.
2.) No.
 
Ha! You mean there's actual documentation? Didn't realize that. In other words... RTFM! ;-) Thanks for the link.
 
OK, so the documentation says I should go to Tools & Settings > IP Address Banning (Fail2Ban) (in the Security group) to adjust these settings, but I don't seem to have any option like that in the security group. I've got the following:
Security Policy
SSL/TLS Certificates
Restrict Creation of Subzones
Additional Administrator Accounts
Active Plesk Sessions
Active FTP Sessions
Session Idle Time
Restrict Administrative Access
Prohibited Domain Names

Perhaps I don't have Fail2Ban installed?
 
>> Perhaps I don't have Fail2Ban installed?

It seems like you don't.

Tools & Settings -> Updates and Upgrades -> Add/Remove components

Fail2Ban should be in that list. You can install it from there.

I would also recommend to install the Plesk Firewall. You can find it at 'Plesk extensions' in that same list.
 
You must log in or register to reply here.

Similar threads

G
Question I have changed all Ubuntu permissions and I cannot log in
Replies
0
Views
197
GermanMoyano95
G
A
Resolved how to reactivate Plesk for root or administrator users?
Replies
5
Views
384
Amjr
A
B
Issue Plesk Migration Tool: Access denied for user 'admin'@'localhost' (using password: YES)")
Replies
1
Views
159
Peter Debik
P
K
Question Can/should I set a password for the MariaDB "root" user (not "admin")?
Replies
4
Views
1K
King555
K
P
Question Connecting a second domain
Replies
2
Views
160
pleskatarian
P
Back
Top