Support SSH Access

This extension helps to provide Plesk Support Team with the access to the server simplifying the routine.

NOTE: Technical support from Plesk company is provided for free only to Plesk's direct partners/resellers or for customers who purchased Plesk directly from Plesk online store. In all other cases support is provided by ISV provider/hoster/license reseller. Should you yet have a direct Plesk support it's available as paid option: How to get support directly from Plesk?

What actions will be done to provide access?

• A new user is created on the server
• Plesk public SSH keys are added to the keychain of the new user to make sure that the connection to the server is secure
• IP address of Plesk Support Team is added to the internal firewall (Note: If an external firewall is used, such as Google Cloud Platform Firewall, manual intervention is required)
• A user lifetime is set to make sure that the user is removed automatically

1.2.10 (1 December 2025)

• [*] Added new support codes. (EXTPLESK-9992)

1.2.9 (23 June 2025)

• [*] Added support for systems with nftables firewall frontend.
• [*] Added support for systems without any firewall frontends.

1.2.8 (9 June 2025)

• [*] Introduced permission for Restricted Mode.

1.2.7 (17 March 2025)

• [*] Internal improvements.

1.2.6 (29 Nov 2024)

• [*] The default SSH access period is extended to 14 days to prevent expiration during support ticket investigations.
• [-] Updates to license keys no longer cause tasks with "Integrity constraint violation" error to appear in task manager. (EXTPLESK-4926)

1.2.5 (22 May 2024)

• [-] Extension no longer fails with the "filemng failed" error during clean installation. (EXTPLESK-5555)

1.2.4 (21 May 2024)

• [*] Internal improvements.

1.2.3 (17 May 2024)

• [-] Extension no longer fails with the "Unit sshd.service not found" error on Ubuntu 24.04. (EXTPLESK-5537)

1.2.2 (20 Feb 2024)

• [*] Internal improvements.
• [-] sshd -T is now used to identify SSH daemon port in non-default configurations. (EXTPLESK-5322)

1.2.1 (20 Nov 2023)

• [-] Extension licenses bought in Plesk Online Store are now again marked as "Supported". (EXTPLESK-5099)
• [-] When a license key is updated, its status is now shown correctly in the Plesk interface right away. (EXTPLESK-4922)

1.2.0 (16 Aug 2023)

• [*] Internal improvements.

1.1.0

• Dropped legacy components compatibility.
• Simplified the process of providing access.
• Overview screen will now display a list of all licenses with the license support status and a reason why license is not supported.

1.0.5

• This is the last version that supports Plesk Onyx and Plesk Obsidian below 18.0.50. New features will not be available on older Plesk versions.
• Introduced compatibility with Plesk Obsidian 18.0.50 (EXTCERT-4019).
• Extension now checks that SSH jail is enabled before attempting to add an exception for support IP addresses (EXTCERT-3619).

1.0.4

• Failure to add an exception to the firewall no longer prevents extension from providing access (EXTCERT-3482)
• Parser for sudo configuration no longer considers groups restricted to a hostname to be a valid superuser group on localhost (EXTCERT-3452)
• The extension now can add exceptions into fail2ban and set the user into the AllowUsers section in OpenSSH (EXTCERT-3460)

1.0.3

• Password-less groups are once again properly selected if they exist on the server (EXTCERT-3448)
• Upgrading database schema no longer produces errors due to the attempts to find a home of the non-existent user (EXTCERT-3449)

1.0.2

• Access can be provided even if database is down by running /usr/local/psa/admin/plib/modules/support-access/scripts/cli.php
• Installation of packages on Debian 9 will no longer fail with an error (EXTCERT-2781)
• OpenSSH bug 2858 in versions 7.7p1 to 8.1 will no longer prevents providing access (EXTCERT-3165)
• Re-installation of the extension no longer shows any warnings (EXTCERT-3387)
• Datepicker no longer stays editable when form is being submitted (EXTCERT-3436)
• Existing sudo groups are dropped in favor of always password-less group for temporary user (EXTCERT-3433)
• UTC timezone will be used as a target timezone when providing access
• CLI was revamped and shows more data about extension's actions
• Extension now clearly understands that access from IPv6 address of the support server should also be allowed whenever possible

1.0.1

• Reliability and usability improvements:
  • Locale handling is changed and no longer may cause extension to show white screen (EXTCERT-2236)
  • Password-less groups are properly selected if they exist in configuration (EXTCERT-2237)
  • Package installation is now performed in the background
  • CLI interface now correctly sets date boundaries
  • Created user is moved out of the CageFS to prevent high LA on removal
  • Error reporting is vastly improved
• New features:
  • Firewall links and metadata info for the hyperscaler instances

1.0

• Initial release