• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question SSH Terminal Extension Auto-Enabled

 
Hey Igor,
I know how to disable it, my point is that its enabled by default. This also applies to the backup schedule that fills the server with backups if you are not aware of it.
"Features" like these should be disabled by default and enabled as an option.
Just my opinion.
Rgds
Dave_W
 
Can we stop enabling new "features" by default please. It should be the admins decision as to whether something outside of standard offerings are enabled.
Hi @Dave W,

Thank you for the provided information.

Plesk continuously brings new features to every release. Some of them could be disabled, some of them not. So, the main question is what do you mean by "standard offerings". From our side, I could say that Plesk doesn't make difference if a new feature was delivered right in Plesk's 'Core' codebase or using an extension in the case if it was developed by us and we can guarantee the same quality standards.

"Features" like these should be disabled by default and enabled as an option.
Could you provide more features that potentially should be disabled by default (and why)? It would help us to have a list of such features. We can review their defaults one more time if they can be potentially non-preferred by our customers.

Thank you so much for your attention and participation.
 
Hi Anthony,
While its good to have development of new features which we all welcome, enabling them by default is not always a good thing. Case in point, backups automatically running, this fills the servers disk unless disabled. Backups stored on the source server provide a false sense of security to users. Backups should never be stored on the source server imho.
Enabling ssh access for admin accounts expands the threat exposure of a Plesk server and doing so by not consulting the servers admin is a breach of trust in my opinion. We have ALOT of plesk servers running, and thankfully I have the majority orchestrated using Ansible (when will we see a multi server manager from Plesk?) so it is easy enough to deal with these issues when they arise however, should I have to?
Rgds
Dave
 
Hi Anthony,
While its good to have development of new features which we all welcome, enabling them by default is not always a good thing. Case in point, backups automatically running, this fills the servers disk unless disabled. Backups stored on the source server provide a false sense of security to users. Backups should never be stored on the source server imho.
Enabling ssh access for admin accounts expands the threat exposure of a Plesk server and doing so by not consulting the servers admin is a breach of trust in my opinion. We have ALOT of plesk servers running, and thankfully I have the majority orchestrated using Ansible (when will we see a multi server manager from Plesk?) so it is easy enough to deal with these issues when they arise however, should I have to?
Rgds
Dave
absolutely agree with this... Plesk team please review your strategy about this, have to disable new feature as ssh extension on 100 servers is not an great things....
 
I agree it can be quite a inconvenience for server administrators when new features are introduced which are enabled by default. As some features can break the workflow of administrator. They might need (more) time to adjust, or won't need the feature at all.

The decision to install and enable the Terminal Extension for all on existing Plesk installations illustrates this well. It's definitely a great feature to have. I can see it being useful in many cases. However it should not be enabled by default on existing Plesk installations, certainly not for subscription owners. It should be the decision of the server administrator whether or not this feature should be enabled on his/her server.

Ideally, after an Plesk update which introduces new features, a wizard (or other UI interface) should ask the administrator whether they want to enable new features (and how to configure this feature). cPanel does this quite well imho.

Personally I am always exited when an Plesk updated introduces new features. But sometimes a new feature doesn't really fit my needs and I rather have it disabled :)
 
Last edited:
Thank you for your opinions.

However it should not be enabled by default on existing Plesk installations, certainly not for subscription owners.
It worth mention that the accessibility of this option for subscription owners depends on the permission at "Domain -> Web Hosting Access -> Access to the server over SSH." This permission is disabled by default.

To enable it for subscription owners: (1) they should have proper permission set in Subscription settings (or in a Service plan), and (2) a subscription owner should manually enable it in the Web Hosting Access.

In other words, if your customers do not have access to the server over SSH, they will not see the 'SSH Terminal' functionality.
 
I'd like to add that the enforced SSH terminal activation for the Plesk admin user is no security issue compared to the current situation where there is no SSH terminal. Because the admin user was always able to create cron jobs owned by root. There is no need for a hacker to have an SSH terminal. The hacker could simply wget his script through a "Run once" cron activity, then create another "Run once" cron entry to execute the script and run that one by the root user. It really makes no difference. Disabling SSH terminal for the Plesk admin user only makes sense if the admin also disables root access for his own cron jobs.
 
Back
Top