Plesk allows you to create a new website for your domain quite simply, yet you can only access it using your favourite FTP client. Any client now allows you to access a server using SFTP, let’s see how we can process .

Edit and reload SSH configuration

The SFTP subsystem’s configuration already exists, though it’s commented by default, while on any standard Linux configuration it doesn’t exist at all. The reason behind this is Plesk : the product only needs a self-made shell to unlock SFTP access. There is no need to prepare a full SFTP subsystem block, with chrooted access.

First, edit the config file :

vi /etc/ssh/sshd_config

Uncomment the line starting by “#Subsystem sftp” :

#Subsystem sftp /usr/lib/openssh/sftp-server

The shell can be different depending on your Plesk version, we won’t concern ourselves with this detail and simply delete the # from the aforementioned line.

Subsystem sftp /usr/lib/openssh/sftp-server

Then, save the file, exit the editor and reload the service :

sshd -t && service ssh reload

This command tests the SSH config syntax. If it returns an error, the next command won’t be run.


Modify the domain user’s shell

The next step will configure the shell to our FTP user, which was created as the same time as the subscription and domain. When you’re on the domain or subdomain’s main configuration page, please click on the “FTP Access” button.

Then, click on the username you want to modify.

Once you access the user’s configuration, please unroll the “Access to the server over SSH” menu and instead of “Forbidden“, select “/bin/bash (chrooted)“. Click the OK button, the server will take a little time to process this change. This is because it’s creating a root subsystem in the user’s directory :

drwx--x---+ 16 sftp_domain_username psaserv 4096 2018-07-20 18:32 .
drwxr-xr-x+ 86 root root 4096 2018-07-20 18:21 ..
drwxr-xr-x+ 2 root root 4096 2018-07-20 18:14 bin
drwxr-xr-x+ 2 root root 4096 2018-07-20 18:14 dev
drwxr-xr-x+ 2 root psacln 4096 2018-07-20 15:01 error_docs
drwxr-xr-x+ 2 root root 4096 2018-07-20 18:14 etc
drwxr-xr-x+ 4 root root 4096 2018-07-20 18:14 home
drwxr-x---+ 6 root psacln 4096 2018-07-20 15:01 httpdocs
drwxr-xr-x+ 4 root root 4096 2018-07-20 18:14 lib
drwxr-xr-x+ 2 root root 4096 2018-07-20 18:14 lib64
drwx------+ 2 root psacln 4096 2018-07-20 15:01 logs
drwxrwxrwt+ 2 root root 4096 2018-07-20 18:14 tmp
drwxr-xr-x+ 3 root root 4096 2018-07-20 18:14 usr
drwxr-xr-x+ 3 root root 4096 2018-07-20 18:14 var

Please remember not to change any of the new directories, or your SFTP access won’t work anymore.

Note :

As soon as you don’t need this access anymore, you can forbid SSH again in the user’s configuration. This will delete the subsystem created before, leaving only the initial data directories. Access will then only be available by FTP.