Jump to content
Froxlor Forum
  • 0
AndrewL

Can't connect to froxlor clients via SFTP

Question

I can login to root and other ssh users using SFTP (ProFTPD) without a problem but I can't connect via sftp to any of the froxlor clients that I add via the panel though.

With some help from here, I did the following:

  1. Add the following to /etc/proftpd/modules.conf

    LoadModule mod_sftp.c
     

  2. Add the following to /etc/proftpd/sql.conf
     

    Include /etc/proftpd/sftp.conf
     

  3. Create file /etc/proftpd/sftp.conf with following content:

    <IfModule mod_sftp.c>
        SFTPEngine on
        SFTPLog /var/log/proftpd/sftp.log
        SFTPHostKey /etc/ssh/sshhostdsakey
        SFTPHostKey /etc/ssh/sshhostrsakey
    </IfModule>
  4. Restarted proftpd and ssh

If I try connecting via filezilla to a froxlor client with host sftp://server-ip username say, user1 and the user password, I get the following error:

Error: Authentication failed.

Error: Critical error: Could not connect to server

Please let me know if there's any info, logs, config, etc you would want me to provide.

Share this post


Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0

We do not officially support this, you may want to ask the guy from the post you got this from

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By DavidCK
      Hi There,
       
      I have a problem with proftpd and folders permissions. I installed wordpress in the domain folder, the installation required sudo chown -R www-data:www-data permission, I assigned this permission via ssh but the problem is when I connect via ftp I can not edit nothing inside my domain folder because my ftp account does not have the permission.
       
      Anyone knows How Can I revert this?
       
      Thanks for your time.
       
      wordpress runs perfect with froxlor!!
    • By divo
      Der FTP-Daemon proftpd startet nicht bei ubuntu 14.04.
      Folgende Fehlermeldung:  Fatal: unknown configuration directive 'TLSECCertificateFile' on line 7 of '/etc/proftpd/tls.conf'
       
      In der Release-Note zu proftpd findet man die Option 'TLSECCertificateFile' erst ab der Version 1.3.5rc4, installiert bei ubuntu 14.04 ist aber 1.3.5rc3.
       
      Nach dem man die Optionen 'TLSECCertificateFile' und 'TLSECCertificateKeyFile' löscht startet der ftp-Daemon nun erfolgreich.
       
    • By v3ng
      Hallo, 
       
      Folgendes Problem, ich wollte gerade meine komplette Owncloud Instanz löschen. FTP meldet jedoch bei einem Ordner ("lib"), dass er keine Rechte hätte. Das Verzeichnis hat genau die selben Rechte sowie Owner, wie andere Verzeichnisse auch, welche ich ohne Probleme löschen kann. 
      Via Shell als selbiger Nutzer funktioniert es ohne Probleme. Nur via FTP klappt es nicht. 
      Genutzt wird ProFTPd. 
       
      Über Hilfe bin ich sehr Dankbar.
       
      Schönes Wochenende!
    • By 3tlam
      Hallo zusammen,
       
      ich habe folgendes Problem, wobei ich mir nicht 100% sicher bin, ob es ein Bug ist oder ich etwas falsch gemacht habe:
      Ich konnte vor dem Update auf 0.9.33, mit einem in Froxlor erstellten Kunden, mich sowohl ?ber SSH verbinden, als auch eine MySQL Verbindung ?ber SSH aufbauen.
      Nach dem Update geht dies nicht mehr
      Er verbindet sich zwar, das Passwort wird auch akzeptiert, bekomme auch die motd, aber dann sofort ein disconnect:
       
      ? ssh -vvv froxlor_kunde@mein.server.tld OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading configuration data /xxx/.ssh/config debug1: Reading configuration data /etc/ssh_config debug1: /etc/ssh_config line 20: Applying options for * debug1: /etc/ssh_config line 102: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to mein.server.tld [8.8.8.8] port 22. debug1: Connection established. debug3: Incorrect RSA1 identifier debug3: Could not load "/xxx/.ssh/id_rsa" as a RSA1 public key debug1: identity file /xxx/.ssh/id_rsa type 1 debug1: identity file /xxx/.ssh/id_rsa-cert type -1 debug1: identity file /xxx/.ssh/id_dsa type -1 debug1: identity file /xxx/.ssh/id_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4+deb7u2 debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH* debug2: fd 3 setting O_NONBLOCK debug3: load_hostkeys: loading entries for host "mein.server.tld" from file "/xxx/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /xxx/.ssh/known_hosts:59 debug3: load_hostkeys: loaded 1 keys debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: none,zlib@openssh.com debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client aes128-ctr hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 131/256 debug2: bits set: 520/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA xx:xx:xx debug3: load_hostkeys: loading entries for host "mein.server.tld" from file "/xxx/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /xxx/.ssh/known_hosts:59 debug3: load_hostkeys: loaded 1 keys debug3: load_hostkeys: loading entries for host "8.8.8.8" from file "/xxx/.ssh/known_hosts" debug3: load_hostkeys: found key type RSA in file /xxx/.ssh/known_hosts:58 debug3: load_hostkeys: loaded 1 keys debug1: Host 'mein.server.tld' is known and matches the RSA host key. debug1: Found key in /xxx/.ssh/known_hosts:59 debug2: bits set: 501/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /xxx/.ssh/id_rsa (0x7fd70a000050), debug2: key: /xxx/.ssh/id_dsa (0x0), debug1: Authentications that can continue: publickey,password debug3: start over, passed a different list publickey,password debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /xxx/.ssh/id_rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,password debug1: Trying private key: /xxx/.ssh/id_dsa debug3: no such identity: /xxx/.ssh/id_dsa: No such file or directory debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password froxlor_kunde@mein.server.tld's password: debug3: packet_send2: adding 64 (len 59 padlen 5 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). Authenticated to mein.server.tld ([8.8.8.8]:22). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug2: callback start debug2: fd 3 setting TCP_NODELAY debug3: packet_set_tos: set IP_TOS 0x10 debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env BOLD debug3: Ignored env GREEN debug3: Ignored env BLACK debug3: Ignored env TERM_PROGRAM debug3: Ignored env RESET debug3: Ignored env SHELL debug3: Ignored env TERM debug3: Ignored env TMPDIR debug3: Ignored env Apple_PubSub_Socket_Render debug3: Ignored env TERM_PROGRAM_VERSION debug3: Ignored env TERM_SESSION_ID debug3: Ignored env ORANGE debug3: Ignored env USER debug3: Ignored env SSH_AUTH_SOCK debug3: Ignored env __CF_USER_TEXT_ENCODING debug3: Ignored env MAGENTA debug3: Ignored env PATH debug3: Ignored env PWD debug1: Sending env LANG = de_CH.UTF-8 debug2: channel 0: request env confirm 0 debug3: Ignored env XPC_FLAGS debug3: Ignored env PS1 debug3: Ignored env PS2 debug3: Ignored env XPC_SERVICE_NAME debug3: Ignored env SHLVL debug3: Ignored env HOME debug3: Ignored env PURPLE debug3: Ignored env LOGNAME debug3: Ignored env PROMPT_COMMAND debug3: Ignored env DISPLAY debug3: Ignored env SECURITYSESSIONID debug3: Ignored env WHITE debug3: Ignored env _ debug2: channel 0: request shell confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0 debug2: channel 0: rcvd eow debug2: channel 0: close_read debug2: channel 0: input open -> closed debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: rcvd close debug3: channel 0: will not send data after close The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Tue Feb 24 11:23:15 2015 from 178-82-139-110.dynamic.hispeed.ch debug3: channel 0: will not send data after close debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1) Connection to mein.server.tld closed. Transferred: sent 2896, received 2688 bytes, in 0.2 seconds Bytes per second: sent 16297.7, received 15127.1 debug1: Exit status 1 FTP geht noch ohne Probleme, nur SSH ist nicht mehr m?glich.
      Wieso genau weiss ich leider nicht, einzig k?nnte ich einen Zusammenhang mit den ?nderungen f?r 0.9.33 sehen?
      Important: the directory permissions for (new) customers changed to be more secure (0755 -> 0750), if you use FCGID or php-fpm you have to update your libnss-mysql confi for this to work, you can see changes in the config-templates at http://config.froxlor.org (chose your distribution and your current version and click "show differences") Server l?uft auf Debian 7 mit php-fmp
       
      Hoffe ihr k?nnt mir da weiterhelfen?
      Gruss
    • By webass
      Hi,
      ich w?rde gerne mit froxlor mit dem in einem Kundenbereich enthaltenen default user und/ oder auch neu erstellten ftp user den sicheren Datentransfer bewerkstelligen.
       
      Eigentlich k?nnte ich es mit dieser Art Vorgehen: sftp ?ber ssh
      ja auch ohne die User aus dem Kundenbereich machen, m?sste dann halt einen eigenen neuen User (uservonshell) erstellen, der auf /var/customers/webs/uservonfroxlor zugreifen darf und dort eingesperrt wird.
       
      Irgendwie lieber w?re es aber, im froxlor panel einen neuen Kunden mit Domain und allem anzulegen (uservonfroxlor), dann mit der Anleitung die Rechte anpassen, einsperren und der kann dann halt per SFTP in /var/customers/webs/uservonfroxlor agieren.
       
      Ich muss sagen ich hab den ganzen Server nur f?r mich und ein zwei andere Leute, also kein Webhosting-Kundenverkehr oder so.
       
      Ich w?rde nur gern wissen, was denn schneller geht, wenn beide Wege gehen.
       
      Und wenn ich wie im Tutorial beschrieben, jetzt das /var/customers/webs/uservonfroxlor was ja uservonfroxlor:uservonfroxlor Rechte hat auf root:uservonfroxlor umstelle, ob das Probleme gibt.
       
      Ich hoffe, man versteht mich.
       
      Vielen Dank im Voraus.
      Andre
×
×
  • Create New...