1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Disable SSH Access (Concern)

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by Andrew D, May 29, 2011.

  1. Andrew D

    Andrew D Guest


    I'm running Plesk V10.2.0 on an Ubuntu VPS provided by webfusion.
    Everything seems to be working well, however in my Service Plans I've set under the "Permissions" tab -> "Management of access to the server over SSH" to "Not Allowed".

    This is great, as if a user does attempt to login via SSH, they get logged out again, however if that user logs into Plesk to administer their domain, they can overwrite this setting, OK they get a few warnings but they are able to go through the process and even choose their login shell giving them access to my entire server.

    So you may think, well, limit access via the Firewall.. My idea exactly, however trying to active my firewall configuration I get the error block below

    safeact: safeact: /opt/psa/var/modules/firewall/firewall-new.sh failed:
    WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
    FATAL: Module ip6_tables not found.
    ip6tables v1.4.4: can't initialize ip6tables table `filter': iptables who? (do you need to insmod?)
    Perhaps ip6tables or your kernel needs to be upgraded.

    proc_close() failed: Undefined index: PLESK_DEBUG_SQL

    If I've missed something, then if someone can point my in the right direction I'd be very grateful!
    Otherwise I find this very concerning because my users have the ability to overwrite my security measures and gain access to my server.

  2. EugeneL

    EugeneL Regular Pleskian

    Feb 18, 2011
    Likes Received:

    Could you please clarify how your customers overwrite this setting in Hosting Panel if it isn't allowed by service plan. Step-by-step instruction or some additional information will be very useful since I can't reproduce the issue.
  3. Andrew D

    Andrew D Guest

    Hi EugeneL,

    It appears there is no problem, here what I found.

    Previously I've been logging into Plesk with my admin account to amend settings, then entering the Control Panel for the subscriber from here, this seems to give me extra permissions, because I'm logged in with the admin account.

    If I log into Plesk directly with my Customer account, the correct permissions are taken into account.

    My apologies for not thinking of this previously.