Add FTP after install Hestia

alex2k · May 24, 2026, 5:33pm

Hello,

I was not install FTP when install HestiaCP, now I want to add FTP service.

I already follow guide from Can I install FTP after the HestiaCP installation? - #4 by sahsanu

But I saw in list server, vsftpd keep red and wont start

What I should do, thank you

sahsanu · May 24, 2026, 6:05pm

Hi,

Show the output of these commands:

systemctl status vsftpd --no-pager -l
iptables -S | grep 12000
v-list-firewall | grep 12000
ls -l /etc/vsftpd.conf

alex2k · May 24, 2026, 6:12pm

@sahsanu after running your method in other thread, it’s working now.

But when I try login to ftp, I got this error:

Connection failed.
OOPS: cannot change directory:/srv/jail/mydomain

sahsanu · May 24, 2026, 6:30pm

Instead of mydomain it should be YourUser.

Show the ouput of these commands (replace YourUser with the actual user name):

ls -la /srv/jail/YourUser
grep '^YourUser:' /etc/passwd
grep -Ev '^$|^#' /etc/ssh/sshd_config
cat /etc/vsftpd.conf

alex2k · May 24, 2026, 6:42pm

ls -la /srv/jail/myuser

ls: cannot access ‘/srv/jail/myuser’: No such file or directory

grep ‘^myuser:’ /etc/passwd

mailto:myuser:x:1003:1003:[email protected]:/home/myuser:/usr/sbin/jailbash

grep -Ev ‘^$|^#’ /etc/ssh/sshd_config


Include /etc/ssh/sshd_config.d/*.conf
LoginGraceTime 1m
PermitRootLogin yes
KbdInteractiveAuthentication no
PermitRootLogin yes
UsePAM yes
X11Forwarding yes
PrintMotd no
DebianBanner no
AcceptEnv LANG LC\_*
Subsystem sftp internal-sftp-server
UseDNS no

Match User sftp_dummy99
ChrootDirectory /srv/jail/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp -d /home/%u

cat /etc/vsftpd.conf

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=022
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
dual_log_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
ftpd_banner=Welcome! Please note that all activity is logged.
userlist_enable=NO
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
allow_writeable_chroot=NO
local_root=/srv/jail/%u
user_sub_token=%u
seccomp_sandbox=NO
pasv_enable=YES
pasv_promiscuous=YES
pasv_min_port=12000
pasv_max_port=12100
max_per_ip=10
max_clients=100
use_localtime=NO
utf8_filesystem=YES
ssl_enable=YES
allow_anon_ssl=NO
require_ssl_reuse=NO
ssl_ciphers=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
rsa_private_key_file=/usr/local/hestia/ssl/certificate.key

sahsanu · May 24, 2026, 6:51pm

Execute this:

sed -i 's/internal-sftp.*/internal-sftp/' /etc/ssh/sshd_config
systemctl restart sshd
v-add-sys-sftp-jail

If after that doesn’t work, change the shell of the user from jailbash to nologin and try again.

alex2k · May 24, 2026, 11:46pm

SFTP using port 22 is working.

FTP using port 21 not working.
Connection failed.
OOPS: cannot change directory:/srv/jail/myuser

I think it’s enough for me.
Thank you.

sahsanu · May 24, 2026, 11:54pm

Edit /etc/vsftpd.conf and do these changes:

allow_writeable_chroot=YES
#local_root=/srv/jail/%u
#user_sub_token=%u

Once done, restart the service:

systemctl restart vsftpd

alex2k · May 25, 2026, 3:46am

It’s working now.

Thank you @sahsanu