Symptoms
-
/bin/bash (chrooted) is selected as a shell in Plesk > Domains > example.com > Access to the server over SSH
-
The restriction to the
/var/www/vhosts/example.comis active in the SSH session:# ssh user@192.0.2.2
bash-4.2$ echo -n 'SFTP restrictions '; [[ -e /httpdocs ]] && echo 'active' || echo 'inactive'
SFTP restrictions active -
The restriction is not active in the SFTP (it is possible to traverse to the real root):
Cause
Subsystem sftp is set to the external-sftp in the SSHD configuration:
# grep sftp /etc/ssh/sshd_config | grep -v '^#'
Subsystem sftp external-sftp
Note: internal-sftp is not compatible with the Plesk chrooted shell configuration for SFTP.
Resolution
Switch back to the default STFP subsystem:
-
Connect to the server via SSH
-
Comment out currently existing
sftpsubsystem configuration:Note: A backup will be placed to the
/etc/ssh/sshd_config.bkp.# sed -i.bkp '/sftp/s/^/#/g' /etc/ssh/sshd_config
-
Add the default binary path to the configuration:
-
Ubuntu/Debian:
# echo 'Subsystem sftp /usr/lib/openssh/sftp-server' >> /etc/ssh/sshd_config
-
CentOS/RHEL-based:
# echo 'Subsystem sftp /usr/libexec/openssh/sftp-server' >> /etc/ssh/sshd_config
-
-
Check the SSHD configuration:
# sshd -t
Note: In case no output was returned, the configuration is correct.
-
Reload the SSHD to apply new configuration:
# service sshd reload
Note: Sometimes, it might be needed to rebuild chroot template to re-apply the settings.