Resolved Log in as root in PuTTY fails but works in Plesk

[PeterK900]

Server operating system version

AlmaLinux 8.10 (Cerulean Leopard)

Plesk version and microupdate number

Plesk Obsidian v18.0.62_build1800240724.11 os_RedHat el8

I can login in Plesk with user root and the password I gave for the admin user when Plesk was configured by the hosting company. But these credentials don't work in PuTTY. Any ideas on how I can fix this? Thanks.

 

[Maarten]

Have you checked with your provider if root login is enabled? It's usually disabled for security reasons. If that's the case, you can try logging in with another user and use sudo for administrative tasks.

 

[PeterK900]

Have you checked with your provider if root login is enabled? It's usually disabled for security reasons. If that's the case, you can try logging in with another user and use sudo for administrative tasks.

Thanks Maarten. Admin Access is disabled (root account sudo access).
Accessing SSH from within Plesk fails with the message "SSH Terminal is not available" and a pointer to this this link. But the commands in the link require SSH access! So without a PuTTY login, I can't solve the problem of SSH access within Plesk, which is the route I use on other servers.
I have created another user with admin role. I can log on in Plesk with this user but I get an access denied message. With PuTTY I get "Access Denied".

I can log into PuTTY using the administrator user created when the server was commissioned but when I use sudo, e.g. sudo bash, I get asked for the user password but the response is "the user is not in the sudoers file and the incident will be reported".
I hope this information is helpful. I currently have a brand new server which I can't do anything useful on because I have no SSH access! I've asked for support from the hosting company but so far no response. Thanks again for your ongoing help on this.

 

[scsa20]

Any user accounts created within Plesk is a Plesk user account and unless you make a new subscription there will not be any new system users and system users will only have the permissions required for that subscription to begin with.

Usually the root account login to Plesk should technically also work to SSH in but that's always assuming root login is allowed over SSH which usually isn't by default. I don't know who the hosting company is but most hosting company would have you make a different user account that will have SUDO access or at least have root login via SSH (but most is usually having you make a new account during deployment). If your hosting has a panel with a console access try logging in that way via the console instead of SSH and update the sshd_conf file or add your user account to the SUDOers. If your hosting provider does not have a panel, you'll need to reach out to the hosting provider for assistance getting that fixed.

 

[PeterK900]

Problem solved as follows:

• logging in to PuTTY using the administrator credentials when server configured and then sudo enabled me to edit /etc/ssh/sshd_config to set PermitRootLogin yes
• With this change, I can now use SSH within Plesk and also login to PuTTY as root with the same password I used with the administrator credentials at server configuration.

Take away point. Using sudo command line prefix enabled me to edit sshd_config. Without sudo opening the file didn't work.

Thanks again Maarten for reminding me about sudo.

 

[PeterK900]

Any user accounts created within Plesk is a Plesk user account and unless you make a new subscription there will not be any new system users and system users will only have the permissions required for that subscription to begin with.

Usually the root account login to Plesk should technically also work to SSH in but that's always assuming root login is allowed over SSH which usually isn't by default. I don't know who the hosting company is but most hosting company would have you make a different user account that will have SUDO access or at least have root login via SSH (but most is usually having you make a new account during deployment). If your hosting has a panel with a console access try logging in that way via the console instead of SSH and update the sshd_conf file or add your user account to the SUDOers. If your hosting provider does not have a panel, you'll need to reach out to the hosting provider for assistance getting that fixed.

Thanks scsa20 for pointing me to whether or not root login was enabled and also encouraging me to go back to the hosting provider.

 

[Maarten]

Problem solved as follows:

• logging in to PuTTY using the administrator credentials when server configured and then sudo enabled me to edit /etc/ssh/sshd_config to set PermitRootLogin yes
• With this change, I can now use SSH within Plesk and also login to PuTTY as root with the same password I used with the administrator credentials at server configuration.

Take away point. Using sudo command line prefix enabled me to edit sshd_config. Without sudo opening the file didn't work.

Thanks again Maarten for reminding me about sudo.

Please don't allow root login on your server. That's a huge security risk.
Instead, add another user on the command line and add the user to the sudoers:

# adduser peter
# passwd peter
# usermod -aG wheel peter

Now, log on using the new user and switch to root:

$ ssh peter@myserver

[peter@myserver] $ sudo su
<your password>
#
# // Now you've become root

 

[mow]

Please don't allow root login on your server. That's a huge security risk.

No, it isn't.
You should, however, use PasswordAuthentication no or at least PermitRootLogin prohibit-password.
Make sure your key works before restarting sshd.

 

[Kaspar]

No, it isn't.

Could you elaborate on that some more? Isn't disabling root login widely regarded as a good practice to enhance security?

 

[Maarten]

Using key-based authentication is definitely more secure than passwords. However, I still recommend avoiding root login altogether as a best practice for most users. Disabling root login and using a non-root user with sudo privileges adds an extra layer of security by limiting direct access to the root account. It's a small step that can help prevent potential attacks, especially for users who may not be as familiar with managing SSH keys.

 

[mow]

Could you elaborate on that some more? Isn't disabling root login widely regarded as a good practice to enhance security?

Only in so far that you should only be root when necessary and do other tasks with an unprivileged account. However we're talking about Plesk servers where usually the only reason you need to log in at all is to do things you can't do from or repair the web interface, for which you need privileges anyway.