Using SSH in Plesk

SSH stands for Secure SHell. This is because the core of the Linux operating system (upon which Plesk runs) is the Kernel. So, the thing that wraps around the Kernel-- that is, what people use to interact with it, is called the Shell. In Windows, the GUI, called Explorer, is the shell. CMD is also a shell for Windows.

Secure shell allows you to access a shell on Linux remotely with an encrypted connection. Most commonly, the shell is only text based. This can be intimidating to first time users, however, a grasp of some basic movement in a Linux shell will be a tremendous boon when working on the server.

Earlier in the guide, we set up the user account to have permissions to use a shell account in a chrooted environment. This just means that the files that the user can see and interact with will be limited for security and safety purposes. You may have used this account for FTP already.

  1. Go back into the FTP options under Websites and Domains, and select the account. You will want to change SSH Access to /bin/bash (chrooted).
  2. To get started with SSH, you'll need to download an SSH client, like PuTTY. Launch it up, and you'll be given a menu.
  3. There are a lot of options here, but the only thing of concern at the moment is the hostname option at the top. Fill that in, and press the open button. You may get a security alert error. This is because unlike with web pages and SSL certs from there, there's not a commonly used registrar for public keys in SSH. If you downloaded Putty and stored it somewhere, clicking Yes will save the certificate and not bother you about it again unless it changes. If you didn't save PuTTY anywhere specific, it will always give you this warning. Pick Yes.
  4. You'll be given a login prompt. Enter the username and password when prompted.
    • *Note that your password will not show up as you type it. Your keystrokes will be accepted, but invisible.*
  5. After you've logged in successfully, you will find yourself at a command prompt:
    [janedoe@plesk /]$ 
    • You can find out where you are with pwd. You should see that you are in /:
      [janedoe@plesk /]$ pwd
      /
      [janedoe@plesk /]$ 
    • The reason you see / instead of something longer (you are actually in /var/www/vhosts somewhere) is because the server has changed the root directory (chrooted) your shell.
  6. To find out what files are in this directory, run:
    ls -la
    ...which will output something like:
    total 80
    drwxr-xr-x 20 root    root    4096 Sep 27 17:59 .
    drwxr-xr-x 20 root    root    4096 Sep 27 17:59 ..
    drwxr-x---  5 janedoe psaserv 4096 Sep 27 17:59 anon_ftp
    drwxr-xr-x  2 root    root    4096 Sep 27 17:59 bin
    drwxr-x---  3 janedoe psaserv 4096 Sep 27 17:59 cgi-bin
    drwxr-x---  3 root    psaserv 4096 Sep 28 21:40 conf
    drwxr-xr-x  2 root    root    4096 Sep 27 17:59 dev
    drwxr-xr-x  2 root    psaserv 4096 Sep 27 17:59 error_docs
    drwxr-xr-x  2 root    root    4096 Sep 27 17:59 etc
    drwxrwx--- 12 janedoe psaserv 4096 Sep 28 17:17 httpdocs
    drwxr-xr-x  2 root    root    4096 Sep 27 17:59 lib
    drwxr-xr-x  2 root    root    4096 Sep 27 17:59 lib64
    drwxr-x---  2 root    psaserv 4096 Sep 28 21:40 pd
    drwx------  2 janedoe root    4096 Sep 27 17:59 private
    dr-xr-x---  7 janedoe psaserv 4096 Sep 27 17:59 statistics
    drwxr-xr-x  2 root    psaserv 4096 Sep 27 17:59 subdomains
    drwxrwxrwt  2 root    root    4096 Sep 27 17:59 tmp
    drwxr-xr-x  4 root    root    4096 Sep 27 17:59 usr
    drwxr-xr-x  3 root    root    4096 Sep 27 17:59 var
    drwxr-xr-x  2 root    psaserv 4096 Sep 27 17:59 web_users

This seems like a lot, so let's break it down. Here's a line:

drwxrwx--- 12 janedoe psaserv 4096 Sep 28 17:17 httpdocs

The first column, drwxrwx--- is related to Linux permissions. The first letter means that the file is actually a directory (or folder in Windows parlance). The rest of the column is the permissions schema discussed in the Linux Permissions section. The second column, 12, means there's 12 references to that folder. Each file in a directory makes a reference to the directory. Note that this includes ., which is a shortcut for the current directory, should you be inside the directory and need to refer to it, and .., which means the parent directory, which, in this case, is the folder you're currently in. Other things can also create references to a directory, but they are beyond the scope of this tutorial. The next columns are janedoe and psaserv. This means the file is owned by janedoe, and is under the group psaserv. The next number, 4096, would be the size of the file, were this a normal file. Because it's a directory, this number has a meaning that is especially complex and not really needed for anything in this article. We'll skip it. Next is the last modification time, Sep 28 17:17, and after that is the name, httpdocs. Now that we're oriented, let's begin making our change.

  1. We want to enter httpdocs. So let's Change Directories:
    cd httpdocs
    You will notice the prompt change to reflect the new directory you are in.
[janedoe@plesk httpdocs]$ 

You can use the prompt to help you figure out where you are, but if you ever get lost you can use the pwd command again to show you.

[janedoe@plesk httpdocs]$ pwd
/httpdocs
[janedoe@plesk httpdocs]$ 
  1. Let's run ls -laagain.
    [janedoe@plesk /]$ ls -la
    total 300
    drwxrwx--- 12 janedoe psaserv  4096 Sep 28 17:17 .
    drwxr-xr-x 20 root    root     4096 Sep 27 17:59 ..
    -rw-r--rw-  1 janedoe psacln    410 Sep 27 23:26 LEGGIMI.txt
    drwxr-xrwx  3 janedoe psacln   4096 Sep 27 23:26 blogs
    drwxr-xrwx  2 janedoe psacln   4096 Sep 27 17:59 css
    -rw-r--rw-  1 janedoe psacln   1150 Sep 27 17:59 favicon.ico
    drwxr-xrwx  6 janedoe psacln   4096 Sep 27 17:59 img
    -rw-r--rw-  1 janedoe psacln    395 Sep 27 23:26 index.php
    -rw-r--rw-  1 janedoe psacln  17935 Sep 27 23:26 licencia.txt
    -rw-r--rw-  1 janedoe psacln  23149 Sep 27 23:26 licens.html
    -rw-r--rw-  1 janedoe psacln  19929 Sep 27 23:26 license.txt
    -rw-r--rw-  1 janedoe psacln  24880 Sep 27 23:26 licenza.html
    -rw-r--rw-  1 janedoe psacln  10197 Sep 27 23:26 liesmich.html
    drwxr-xrwx  2 janedoe psacln   4096 Sep 27 17:59 picture_library
    drwxr-xr-x  2 root    root     4096 Sep 27 17:59 plesk-stat
    -rw-r--rw-  1 janedoe psacln   3128 Sep 27 23:26 readme-ja.html
    -rw-r--rw-  1 janedoe psacln   9177 Sep 27 23:26 readme.html
    drwxr-xrwx 11 janedoe psacln   4096 Sep 27 17:59 test
    drwxr-xrwx  2 janedoe psacln   4096 Sep 27 23:26 tmp
    -rw-r--rw-  1 janedoe psacln   4264 Sep 27 23:26 wp-activate.php
    drwxr-xrwx 10 janedoe psacln   4096 Sep 27 23:26 wp-admin
    -rw-r--rw-  1 janedoe psacln   1354 Sep 27 23:26 wp-app.php
    -rw-r--rw-  1 janedoe psacln    271 Sep 27 23:26 wp-blog-header.php
    -rw-r--rw-  1 janedoe psacln   3522 Sep 27 23:26 wp-comments-post.php
    -rw-r--rw-  1 janedoe psacln   3177 Sep 27 23:26 wp-config-sample.php
    -rw-r--r--  1 janedoe psacln   3030 Sep 27 23:26 wp-config.php
    drwxr-xrwx  6 janedoe psacln   4096 Sep 28 17:18 wp-content
    -rw-r--rw-  1 janedoe psacln   2726 Sep 27 23:26 wp-cron.php
    drwxr-xrwx  8 janedoe psacln   4096 Sep 27 23:26 wp-includes
    -rw-r--rw-  1 janedoe psacln   1997 Sep 27 23:26 wp-links-opml.php
    -rw-r--rw-  1 janedoe psacln   2395 Sep 27 23:26 wp-load.php
    -rw-r--rw-  1 janedoe psacln  29084 Sep 27 23:26 wp-login.php
    -rw-r--rw-  1 janedoe psacln   7712 Sep 27 23:26 wp-mail.php
    -rw-r--rw-  1 janedoe psacln   9916 Sep 27 23:26 wp-settings.php
    -rw-r--rw-  1 janedoe psacln  18299 Sep 27 23:26 wp-signup.php
    -rw-r--rw-  1 janedoe psacln   3700 Sep 27 23:26 wp-trackback.php
    -rw-r--rw-  1 janedoe psacln   2788 Sep 27 23:26 xmlrpc.php
  2. There are some files here for the Plesk default page, and the WordPress installation. However, we're not directly interested in either of these. What we want is to edit the .htaccessfile. This file may not exist yet, but it controls the rules for displaying a website. If the file exists, make a backup of the file:
    cp .htaccess .htaccess.bak
  3. Then, edit the file.
    nano .htaccess
    We're going to add some lines that will add security to WordPress by blocking certain files. Add these to the top:
    # Block the include-only files.
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
  4. Hit ctrl+o to save. You may be asked if you're sure you want to overwrite. You took a backup, so type y for yes. Type ctrl + x to exit. Do try to load the site. If you're able to browse around, and you don't get a 500 Internal Server Error, you did it correctly. If you do get a 500 internal server error, check to make sure there aren't any typoes. If you are certain there are no typoes, remove the lines you added. If you need to restore the backup .htaccessfile, you can use:
    cp .htaccess.bak .htaccess
    • You may get asked to confirm the overwrite. Go ahead and do so. If you didn't have an .htaccesswhich needed backing up, you can always just remove the file with:
      rm .htaccess