• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Can non-chrooted SSH access be disabled for resellers and their customers?

Bitpalast

Bitpalast

Plesk addicted!
Plesk Guru
For years we've not been offering reseller accounts, because we noticed that a reseller cannot be kept from giving his customers full SSH access.

We'd love to have reseller accounts, but we'd also need to limit these accounts and all the sub accounts to chrooted SSH only. In tests we did not find any way to limit resellers to only giving chrooted SSH access to their clients.

Is there a way to 100% safely achieve this?
 
Are you sure that resellers cannot override the "no non-secure scripting" limit? It think we had tested this here before and were able to make the full SSH access work for the test reseller account, because the reseller was able to change all settings like he wanted them. It seemed that all the limits we set were only "suggestions" to a reseller account, but the reseller was able to change all individually.

O.k., we'll try again and check this again thoroughly.
 
Seems like you're right @IgorG as always. I was not able to reproduce how to break into the system in a new test on Obsidian. Still not sure about Onyx, because I am pretty sure that we turned the option of reseller accounts down before due to the SSH permissions issue. Anyway, Obsidian will be fine if it works there. Will do more, then probably move forward with a reseller product.
 
We are using Resellers for quite some years now (so Onyx and Obsidian) and grant them the permissions to allow chrooted SSH access.
And so far we never had a problem with that, i.e. they were never able to configure a non chrooted access. (and that is also consistent with our internal testing)

Yeah, as far as I know they can configure a service plan with a fully fledged SSH access, but when provisioning a subscription with that, it will not work, i.e. it will remain unsynced and the SSH access is not granted.
 
You must log in or register to reply here.

Similar threads

websavers
Issue Plesk suggests enabling SSH access for git when it has already been enabled
Replies
0
Views
667
websavers
websavers
Sven Wappler
Question PHP CLI versions in chrooted environment
Replies
0
Views
2K
Sven Wappler
Sven Wappler
learning_curve
Question Access? Maybe due to changes / updates in either Plesk Obsidian 18.0.44 and/or Ubuntu OS
Replies
1
Views
697
learning_curve
learning_curve
G
Question Multiple Resseller accounts access the same customers?
Replies
6
Views
913
Ged
G
burnley
Question How to get a list of pesk sub users via API?
Replies
0
Views
744
burnley
burnley
Back
Top