Facebook
Twitter
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Resolved SSH cant access via plesk
- Thread starter Anoop
- Start date
I have the same problem.
I've changed the ssh port (not the port of the plesk terminal) but after this, if I try to open the ssh terminal from plesk the plesk terminal try to connect on the old port, giving errors, many errors
If you want try, change the ssh port from ssh config file and restart ssh
Then open the plesk terminal and see
There are no more details
Thanks
I've changed the ssh port (not the port of the plesk terminal) but after this, if I try to open the ssh terminal from plesk the plesk terminal try to connect on the old port, giving errors, many errors
If you want try, change the ssh port from ssh config file and restart ssh
Then open the plesk terminal and see
There are no more details
Thanks
Hi Dave, dont know how to tell the plesk ssh client the new port.
Hi Peter, probably it could be a solution but is a workaround, as this seems a bug of the extension. And yes, it is not more secure, but so you dont have hundred (or toushands?) warnings in the log/secure file. If it is not your case, lucky you.
Hi Peter, probably it could be a solution but is a workaround, as this seems a bug of the extension. And yes, it is not more secure, but so you dont have hundred (or toushands?) warnings in the log/secure file. If it is not your case, lucky you.
I think we have close to a million such security warnings per day. And they are a good thing, because they can be scanned by Fail2Ban so that the attackers can be blocked. I'd rather have the warnings and bans than to not see warnings but enable attackers to test passwords. You are using the Fail2Ban SSH jail, aren't you?
Hi, I dont understand ...
If I change port of ssh, the request made on port 22 (that is locked by the firewall) are refused by the same firewall and the attacker cannot test password as they dont have access to the service.
Instead if you use the port 22, the attackers can test password and then (after some try) is blocked by fail2ban. But until the lock they have tested some password... while with ssh on another port they dont.
And while you lock an ip with failtoban, attackers have many other ip to use
So seems to me that you permit however the attacker to test (some) password and then you block them
With ssh on another port there is no pasword testing and the attacker is locked from the firewall
And among those million rows of warnings on the log/secure file how can you be able, in a simple way, to check if something other happens?
More if there are million ip checked by failtoban, I think you have huge use of disk, cpu and memory with possible high server load, resources that are wasted and that instead could be used for the legitimate server tasks
Or am I missing something?
If I change port of ssh, the request made on port 22 (that is locked by the firewall) are refused by the same firewall and the attacker cannot test password as they dont have access to the service.
Instead if you use the port 22, the attackers can test password and then (after some try) is blocked by fail2ban. But until the lock they have tested some password... while with ssh on another port they dont.
And while you lock an ip with failtoban, attackers have many other ip to use
So seems to me that you permit however the attacker to test (some) password and then you block them
With ssh on another port there is no pasword testing and the attacker is locked from the firewall
And among those million rows of warnings on the log/secure file how can you be able, in a simple way, to check if something other happens?
More if there are million ip checked by failtoban, I think you have huge use of disk, cpu and memory with possible high server load, resources that are wasted and that instead could be used for the legitimate server tasks
Or am I missing something?
@Nik G this isn't currently documented anywhere. Would it be possible to add this information to the Plesk documentation or a support a separate support article?
