• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk 12.5, CentOS 6.7: ssh auth by certificate

kiav

Basic Pleskian
How to turn it on?

I already installed "SSH Keys Manager extension" but it just add new certificates into ~/.ssh/authorized_keys

When trying to connect y Putty I see only "Server refused our key".
 
Please make sure that you've granted a shell access to your user. Go to your subscription -> Web Hosting Access and check that "Access to the server over SSH" has something like "/bin/bash"
 
Please make sure that you've granted a shell access to your user. Go to your subscription -> Web Hosting Access and check that "Access to the server over SSH" has something like "/bin/bash"
I already done it before installing Plesk plugin for ssh keys.
 
In most cases I've seen earlier the problem is related to improper PuTTY configuration, rather than problems on the server side.
Try to take some Linux machine with the shell access, generate SSH key, put it to Plesk (via SSH keys manager) and check the ability to connect using keys. This action should help to localise the problem (server or client side configuration is not ok).
 
In most cases I've seen earlier the problem is related to improper PuTTY configuration, rather than problems on the server side.
Try to take some Linux machine with the shell access, generate SSH key, put it to Plesk (via SSH keys manager) and check the ability to connect using keys. This action should help to localise the problem (server or client side configuration is not ok).
A already use this certyificate on nearly ten servers. Most of them are CentOS servers. But they all use authorized_keys2 instead of authorized_keys (like PLesk plugin does).
 
File authorized_keys2 is deprecated for ages. Could you tell please which OS do you use? Also please provide the output of the command: ssh -V
 
# uname -a
Linux example.com 2.6.32-573.el6.x86_64 #1 SMP Thu Jul 23 15:44:03 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release
CentOS release 6.7 (Final)

# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
 
File authorized_keys should also work for you then. Unless you've changed the AuthorizedKeysFile variable in sshd_config file.
 
1.) I installed CentOS 6.7 Minimal
2.) Installed EPEL, fio, sysbench, deinstalled EPEL.
3.) Chenged hostname (/etc/sysconfig/network, /etc/hosts)
4.) Installed Plesk 12.5
5.) Opened three ports in IPv4 iptables (8443, 8447, 80)

Then I installed several packages and returned EPEL. I did not changed /etc/ssh/sshd_config at all.
 

Attachments

  • sshd_config.txt
    3.8 KB · Views: 2
I found solution for root.

The /root/.ssh and /root/.ssh/authorized_keys must be owned by root:root

But what should I do with non-privileged user (e.g. with login user). Under Plesk all files are owned by user:psacln. I can't change ownership to user:user because of absense of such user group.

The restorecon -r /var/www/vhosts/example.com/.ssh does not help too.
 
Found in 'man sshd':

~/.ssh/authorized_keys
Lists the public keys (RSA/ECDSA/DSA) that can be used for log-
ging in as this user. The format of this file is described
above. The content of the file is not highly sensitive, but the
recommended permissions are read/write for the user, and not
accessible by others.

If this file, the ~/.ssh directory, or the user’s home directory
are writable by other users, then the file could be modified or
replaced by unauthorized users. In this case, sshd will not
allow it to be used unless the StrictModes option has been set to
“no”
.

I checked permisions. Neither user home directory, nor .ssh and authorized_keys are writable by other users. But I tested setting StrictModes to "no" and restartin sshd. It does not help.
 
A also created user outside of the Plesk:
Code:
useradd -b /opt backups


Then a copied /root/.ssh into /opt/backups and done:
Code:
chown -R backups:backups /opt/backups/.ssh
restorecon -r /opt/backups/.ssh

And it works! Why it does not work with users created by Plesk?
 
Back
Top