Resolved SSH cant access via plesk

[Anoop]

Server operating system version

Centos 79

Plesk version and microupdate number

18.0.44

i cant access the ssh terminal via plesk panel after changing the default ssh port. so how to fix this issue.

 

[IgorG]

Did I understand correctly that you changed the port for the Plesk ssh terminal? But does it match the port on the ssh server you want to connect to?
Sorry, but your attached picture shows nothing and is useless.
Need more details.

 

[MicheleP]

I have the same problem.
I've changed the ssh port (not the port of the plesk terminal) but after this, if I try to open the ssh terminal from plesk the plesk terminal try to connect on the old port, giving errors, many errors
If you want try, change the ssh port from ssh config file and restart ssh
Then open the plesk terminal and see
There are no more details
Thanks

 

[Dave W]

So you changed the port of the SSH server and now the Plesk SSH client no longer connects?

Sounds like you need to tell the SSH Terminal client about the new port?

 

[Bitpalast]

I think that removing and reinstalling the Plesk SSH extension is the easiest solution in this case. However, changing the SSH port makes not so much sense. It does nothing but to change the port number. It is not more secure.

 

[MicheleP]

Hi Dave, dont know how to tell the plesk ssh client the new port.
Hi Peter, probably it could be a solution but is a workaround, as this seems a bug of the extension. And yes, it is not more secure, but so you dont have hundred (or toushands?) warnings in the log/secure file. If it is not your case, lucky you.

 

[Bitpalast]

I think we have close to a million such security warnings per day. And they are a good thing, because they can be scanned by Fail2Ban so that the attackers can be blocked. I'd rather have the warnings and bans than to not see warnings but enable attackers to test passwords. You are using the Fail2Ban SSH jail, aren't you?

 

[MicheleP]

Hi, I dont understand ...
If I change port of ssh, the request made on port 22 (that is locked by the firewall) are refused by the same firewall and the attacker cannot test password as they dont have access to the service.
Instead if you use the port 22, the attackers can test password and then (after some try) is blocked by fail2ban. But until the lock they have tested some password... while with ssh on another port they dont.
And while you lock an ip with failtoban, attackers have many other ip to use
So seems to me that you permit however the attacker to test (some) password and then you block them
With ssh on another port there is no pasword testing and the attacker is locked from the firewall
And among those million rows of warnings on the log/secure file how can you be able, in a simple way, to check if something other happens?
More if there are million ip checked by failtoban, I think you have huge use of disk, cpu and memory with possible high server load, resources that are wasted and that instead could be used for the legitimate server tasks
Or am I missing something?

 

[Nik G]

@MicheleP , to change port for Plesk SSH terminal after sshd config was changed and sshd restarted you need to do the below:

/usr/local/psa/admin/sbin/modules/ssh-terminal/installer --update-configuration
systemctl restart plesk-ssh-terminal.service

 

[Kaspar]

@Nik G this isn't currently documented anywhere. Would it be possible to add this information to the Plesk documentation or a support a separate support article?

@MicheleP , to change port for Plesk SSH terminal after sshd config was changed and sshd restarted you need to do the below:

/usr/local/psa/admin/sbin/modules/ssh-terminal/installer --update-configuration
systemctl restart plesk-ssh-terminal.service