Lost access to Plesk box

A linux box was firewalled to only allow access to special services from certain IP addresses. But of course, those IP addresses changed, so we could no longer access Plesk control panel, or ssh, or FTP from the office or home network. Bugger ey!

But I did have WordPress access! and WordPress let me “edit” php files (ie: the WordPress theme functions file)

Here’s how I gained access to the Plesk box again without paying the hosting provider for KVM over IP.
(the general idea here is to execute SSH on the server to create a tunnel out through the firewall back to my server, this will let me connect to the local SSH daemon running on the firewalled server, and fix the firewall) 

  1. Generate a SSH public key and private key on my own local computer. eg:
    ssh-keygen -t rsa -f tempkey
  2. This will create two files, tempkey (private key) and tempkey.pub (public key)
  3. Copy tempkey to our firewalled server, since we have WordPress access, we can simply upload this key to the server (yer I know, insecure, meh). Once it’s uploaded, click “view” or whatever to see where the file has been uploaded to. We’ll need this to pass to our SSH command in a bit. 
  4. Copy tempkey.pub to our destination server (ie: the one we have full access to). We need to add this public key to the ssh authorized_keys2 file. Google for more info on that if you haven’t used it before.
    My setup involved copying the public key to my server, then appending it to ~/.ssh/authorized_keys2 like so:
    me@localbox:~$ scp tempkey.pub me@myserver.com:~/.ssh/tempkey.pub
    me@localbox:~$ ssh me@myserver.com
    me@myserver.com:~$ cd .ssh
    me@myserver.com:~/.ssh$  cat tempkey.pub >> authorized_keys2
  5. Now we have the private key on our bricked server, and the public key on our accessible server/home pc.
  6. Now we need to execute SSH on the bricked server, and make the bricked server connect to our accessible server, and create a ssh tunnel in the process.
  7. Open up WordPress theme editor, go to the functions file or something, and use a bit of code like this:
    if(isset($_REQUEST['start_ssh'])){
    $command = "ssh -o BatchMode=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /full/path/to/tempkey me@myserver.com -v -R 2222:localhost:22 -N 2>&1";
    echo "Running ssh command: <br> $command";
    passthru($command);
    exit;
  8. Now to run this code, you simply visit the wordpress blog like so: myblog.com/?start_ssh 
  9. If the page stays “loading” and you don’t see any output that probably means it’s working! woot. If it displays nothing or an error then ssh may not be accessible from php, or any number of other possible issues could occur. Tough luck, try something slightly different maybe.
  10. Now we go to myserver.com, and we’ll have a tunnel waiting for us on port 2222 ready to connect to our firewalled server on port 22 (treated as local port 22, not firewalled)
  11. So:
    me@localbox:~$ ssh me@myserver.com
    me@myserver.com:~$ ssh localhost -p 2222
    me@firewalledserver:~$
  12. Tada!  Now you can fix the firewall. 
  13. You can kill the script by killing the ssh process on myserver.com when you are done. This will probably cause the browser window on the wordpress blog to finish loading and display the “running ssh command” message.
  14. Of course clean up after yourself. Remove the authorized key and the private key from the uploads folder. 

Have fun. Hope this helps someone in a similar situation. You probably don’t need a 3rd server either, just bounce straight through to a ssh daemon on your desktop pc. 

 

    Leave a Reply

    Your email address will not be published.