• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk 7.5.3 - SFTP Server?

M

md3vxx

Guest
In the release notes for Plesk 7.5.3 is lists:

26. [+] sftp-server is added in chrooted environment.

Does this mean SFTP is supported natively in PSA 7.5.3 now?

We have upgraded one of our test boxes to 7.5.3 but do not see it listed as a shell option.

We are using SCP-Only at the moment for SFTP type services but would prefer an integrated solution should Plesk have provided one.
 
If you enable the 'chrooted-shell access option' for a domain in the control panel, chrooted SFTP is also added for that domain.

You should use SFTP instead of the 'older' SCP. And disable 'protocol 1' in 'sshd_config'.
 
I see no such option in the CP - can you outline where you see it located?
 
Login to your control panel. Click on Domains. Click on the domain you wish to set for chroot.

Click on Setup.

Under the FTP Login info, look for line which says 'Shell access to server with FTP user's credentials', pull down list, select '/bin/bash (chrooted)', then save changes.

If you do not see the chrooted option in the list, then check your /etc/shells file to see if it has /usr/local/psa/bin/chrootsh listed.
 
SFTP

Hi,

We do not want to provide shell access only SFTP. A chrooted shell will provide shell access...

I guess Plesk has yet to provide a solution for this so we will continue to use SCP-Only.
 
SFTP is integrated in SSH. So i think it is obvious that it comes with shell access.

However .. nothing is wrong with the chrooted shell access Plesk offers. One can't do very much harm with the few commands that are supported.
 
Originally posted by BoXie
However .. nothing is wrong with the chrooted shell access Plesk offers. One can't do very much harm with the few commands that are supported.
Click to expand...
BoXie -- are you certain that not much harm can be done with Plesk SSH? I've been asking our server provider for some secure FTP access to our server (we're resellers) for 2 years now, and they've consistently said "never", because it was "much too dangerous".
Now that we're about to upgrade to our own server at about 4x the cost, I would *really* like to have some sort of secure FTP access to our domains; changing FTP passwords after one had to upload files while in a public WLAN is really becoming silly.

TIA for any infos on the matter :)
 
Originally posted by BoXie
SFTP is integrated in SSH. So i think it is obvious that it comes with shell access.
Click to expand...

Actually, SSH protocol does not require to provide shell acces when it's need to provide SFTP (as opposite to SCP, which does require shell), but I don't know whether OpenSSH implementation allows such a setup.
 
With OpenSSH, the same executable can be called for either shell access:

"C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe"

or for sftp:

"C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe" /f

So if you or your client's set it up so the program is always called with the /f option, then they will immediately see the sftp window instead of the shell access window.
 
Originally posted by jamesyeeoc
With OpenSSH, the same executable can be called for either shell access:

"C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe"

or for sftp:

"C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe" /f

So if you or your client's set it up so the program is always called with the /f option, then they will immediately see the sftp window instead of the shell access window.
Click to expand...

LOL. I'm talking about server-side setup. SSH protocol defines several core subsystems: X11 forwarding, port forwarding, shell excution, command execution, and optional subsystems, and SFTP is the one of this. Nothing prevents the authors of SSH server to add the option to selectively prohibit any of this subsystems (and for X11 forwarding and port forwarding the options are surely present in OpenSSH).

SCP works through the command execution subsystem executing the 'scp' utulity on the other end to transfer files, while SFTP is the different subsystem and nothing prevents from making it only one available subsystem.

Anyway, it is the matter of patching OpenSSH, or, if we are lucky, just adding to the Plesk code that properly configures OpenSSH on the server side.
 
Originally posted by atomicturtle
A better way would be to just bind someones SSH key (and you are using keys right?) to sftp.
Click to expand...

Hmm... Seems to be usable. But... It's possible to make a port forwading in such a situation, which may be too dangerous.
 
thats all configurable in sshd_conf, down to the user level. I wouldnt classify port forwarding in a single node configuration as dangerous in any way. At best you might be able to connect to the system as localhost, or relay to another server. perl, or cgi-bin apps pose a much greater risk to the host in terms of direct vectors for unauthorized access.
 
hey everyone. Quick question.

I am the only user on my server. I've read the regular FTP is very insecure and I'm better off using sFTP. Since I'm the only user on the box, Is there any risk in setting the domains "shell access to server with FTP users credientials" to: /bin/bash (chrooted) ?

Thanks!
 
You must log in or register to reply here.

Similar threads

MagicSpam12
Input MagicSpam is supported on the latest Plesk version (18.0.57)
Replies
2
Views
2K
HoracioS
HoracioS
Hangover2
Question Plesk Backup Manager auto-creates SSH keys
Replies
0
Views
396
Hangover2
Hangover2
dash
  • Sticky
Question Try our new tool to upgrade your old MariaDB server from Plesk UI
2 3
Replies
45
Views
5K
VNick
V
C
Issue DKIM and SPF do not align with RFC5322. Then DMARC result is fail.
Replies
2
Views
702
cmartinez127
C
malisaeed
Issue write (github.com): Connection refused: port 22
Replies
0
Views
491
malisaeed
malisaeed
Back
Top