• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Can non-chrooted SSH access be disabled for resellers and their customers?

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
For years we've not been offering reseller accounts, because we noticed that a reseller cannot be kept from giving his customers full SSH access.

We'd love to have reseller accounts, but we'd also need to limit these accounts and all the sub accounts to chrooted SSH only. In tests we did not find any way to limit resellers to only giving chrooted SSH access to their clients.

Is there a way to 100% safely achieve this?
 
Are you sure that resellers cannot override the "no non-secure scripting" limit? It think we had tested this here before and were able to make the full SSH access work for the test reseller account, because the reseller was able to change all settings like he wanted them. It seemed that all the limits we set were only "suggestions" to a reseller account, but the reseller was able to change all individually.

O.k., we'll try again and check this again thoroughly.
 
Seems like you're right @IgorG as always. I was not able to reproduce how to break into the system in a new test on Obsidian. Still not sure about Onyx, because I am pretty sure that we turned the option of reseller accounts down before due to the SSH permissions issue. Anyway, Obsidian will be fine if it works there. Will do more, then probably move forward with a reseller product.
 
We are using Resellers for quite some years now (so Onyx and Obsidian) and grant them the permissions to allow chrooted SSH access.
And so far we never had a problem with that, i.e. they were never able to configure a non chrooted access. (and that is also consistent with our internal testing)

Yeah, as far as I know they can configure a service plan with a fully fledged SSH access, but when provisioning a subscription with that, it will not work, i.e. it will remain unsynced and the SSH access is not granted.
 
You must log in or register to reply here.

Similar threads

websavers
Issue Plesk suggests enabling SSH access for git when it has already been enabled
Replies
0
Views
823
websavers
websavers
Sven Wappler
Question PHP CLI versions in chrooted environment
Replies
0
Views
2K
Sven Wappler
Sven Wappler
learning_curve
Question Access? Maybe due to changes / updates in either Plesk Obsidian 18.0.44 and/or Ubuntu OS
Replies
1
Views
863
learning_curve
learning_curve
G
Question Multiple Resseller accounts access the same customers?
Replies
6
Views
1K
Ged
G
burnley
Question How to get a list of pesk sub users via API?
Replies
0
Views
939
burnley
burnley
Back
Top