• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Disable SSH Access (Concern)

A

Andrew D

Guest
Hi,

I'm running Plesk V10.2.0 on an Ubuntu VPS provided by webfusion.
Everything seems to be working well, however in my Service Plans I've set under the "Permissions" tab -> "Management of access to the server over SSH" to "Not Allowed".

This is great, as if a user does attempt to login via SSH, they get logged out again, however if that user logs into Plesk to administer their domain, they can overwrite this setting, OK they get a few warnings but they are able to go through the process and even choose their login shell giving them access to my entire server.

So you may think, well, limit access via the Firewall.. My idea exactly, however trying to active my firewall configuration I get the error block below

==============================================================================
safeact: safeact: /opt/psa/var/modules/firewall/firewall-new.sh failed:
WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
FATAL: Module ip6_tables not found.
ip6tables v1.4.4: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.


proc_close() failed: Undefined index: PLESK_DEBUG_SQL
===============================================================================


If I've missed something, then if someone can point my in the right direction I'd be very grateful!
Otherwise I find this very concerning because my users have the ability to overwrite my security measures and gain access to my server.

Thanks,
Andrew
 
Hi,

Could you please clarify how your customers overwrite this setting in Hosting Panel if it isn't allowed by service plan. Step-by-step instruction or some additional information will be very useful since I can't reproduce the issue.
 
Hi EugeneL,

It appears there is no problem, here what I found.

Previously I've been logging into Plesk with my admin account to amend settings, then entering the Control Panel for the subscriber from here, this seems to give me extra permissions, because I'm logged in with the admin account.

If I log into Plesk directly with my Customer account, the correct permissions are taken into account.

My apologies for not thinking of this previously.

Andrew
 
Back
Top