• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Can non-chrooted SSH access be disabled for resellers and their customers?

Bitpalast

Plesk addicted!
Plesk Guru
For years we've not been offering reseller accounts, because we noticed that a reseller cannot be kept from giving his customers full SSH access.

We'd love to have reseller accounts, but we'd also need to limit these accounts and all the sub accounts to chrooted SSH only. In tests we did not find any way to limit resellers to only giving chrooted SSH access to their clients.

Is there a way to 100% safely achieve this?
 
Are you sure that resellers cannot override the "no non-secure scripting" limit? It think we had tested this here before and were able to make the full SSH access work for the test reseller account, because the reseller was able to change all settings like he wanted them. It seemed that all the limits we set were only "suggestions" to a reseller account, but the reseller was able to change all individually.

O.k., we'll try again and check this again thoroughly.
 
Seems like you're right @IgorG as always. I was not able to reproduce how to break into the system in a new test on Obsidian. Still not sure about Onyx, because I am pretty sure that we turned the option of reseller accounts down before due to the SSH permissions issue. Anyway, Obsidian will be fine if it works there. Will do more, then probably move forward with a reseller product.
 
We are using Resellers for quite some years now (so Onyx and Obsidian) and grant them the permissions to allow chrooted SSH access.
And so far we never had a problem with that, i.e. they were never able to configure a non chrooted access. (and that is also consistent with our internal testing)

Yeah, as far as I know they can configure a service plan with a fully fledged SSH access, but when provisioning a subscription with that, it will not work, i.e. it will remain unsynced and the SSH access is not granted.
 
Back
Top