At present, Ploi’s server health monitoring (“Server Unreachable”) appears to authenticate using the root account, while deployments, terminal access, and the Connection Debugger are able to authenticate successfully as the ploi user.

This creates an inconsistency in environments that follow modern Linux hardening practices.

For example:

  • PermitRootLogin no
  • PasswordAuthentication no
  • KbdInteractiveAuthentication no
  • PubkeyAuthentication yes

With this configuration:

  • Deployments continue to work.
  • The Connection Debugger reports SSH ploi: Success.
  • However, the server is reported as Server Unreachable because the health check still attempts to authenticate as root.

This forces administrators to re-enable root SSH (PermitRootLogin prohibit-password) solely to satisfy the health check, even though the platform already has a fully functional non-root management account.

Suggested enhancement

Allow the server health monitor to authenticate using the configured management user (typically ploi) instead of always using root.

Possible implementations:

  • Use the same SSH user configured for deployments.
  • Add a per-server “Health Check SSH User” setting (defaulting to ploi for new servers).
  • Fall back to root only for legacy servers where a non-root account is unavailable.

Benefits

  • Aligns with modern Linux security best practices.
  • Allows administrators to keep PermitRootLogin no.
  • Removes the need to maintain a root SSH key purely for health monitoring.
  • Makes the health check consistent with the Connection Debugger and deployment mechanisms.
  • Improves compliance with security baselines such as CIS Benchmarks, NIST, and common enterprise hardening standards.
  • Reduces the attack surface of Internet-facing servers.

As Ploi already successfully authenticates as the ploi user for deployments and diagnostics, extending the health monitoring service to use the same account would provide a more consistent and secure operational model.

Allow Server Health Checks to Authenticate as the ploi User Instead of root

1 total vote
Quick Actions
Activity
View recent activity and updates
Use arrow keys to navigate