2024/04/11 15:49:53 [error] 1254#0: *47 FastCGI sent in stderr: “PHP message: PHP Warning: Undefined array key 2 in /usr/local/hestia/web/fm/configuration.php on line 110” while rea2024/04/11 15:49:53 [e>
Line 110 in the configuration.php is:
$user_list = explode(“,”, $matches[2]);
Include /etc/ssh/sshd_config.d/*.conf
LoginGraceTime 1m
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
DebianBanner no
AcceptEnv LANG LC_*
Subsystem sftp internal-sftp
AuthenticationMethods publickey
PubkeyAuthentication yes
AuthorizedKeysCommand /usr/sbin/aad_certhandler %u %k
AuthorizedKeysCommandUser root
Match User sftp_dummy99,admin,admin_guysmiley,admin_sholtOldSite,admin_snipers
ChrootDirectory %h
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
Above directives are managing the authorized keys, do you know what that script (aad_certificate) does?
Could you please comment both lines, restart sshd and try again?
Warning: Once ssh is restarted, don’t close your current ssh session (if there is a problem with the sshd config you still will have the connection open), try to open a new connection to your server to check if you can connect via ssh after doing the change, if you can’t connect, undo the change and restart again sshd.
Ok, that’s the reason I told you to not close the active ssh session so you should have the session open, uncomment the directives and restart sshd.
I don’t know what the command is doing but seems it could be interfering with the way in which the file manager tries to validate with a key and that could be the reason it can’t connect.
I have a private key that works in winscp, however its not working through the Azure portal. SMH. I have several restore points like every 4 hrs so I guess I will just have to restore at some point. I tried to change the authenticationmethod to publickey,password but no love there either. It’s all quite odd.
Ok, let me know how it goes but, if you are going to restore the server, could you please try again to comment the directives, restart sshd and try if you can access the file manager from Hestia Web UI?
Update. I commented out all the lines regarding using a private key and restarted sshd. I was then able to login to ssh using username/password. However the file manager still doesn’t work. Below is my full file for review.
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
LoginGraceTime 1m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
DebianBanner no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp internal-sftp
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
# Hestia SFTP Chroot
# Match User *@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*@*,????????-????-????-????-????????????||||#|Added|by|aadsshlogin|installer,admin,admin_guysmiley,admin_sholtOldSite,admin_snipers
#AuthenticationMethods publickey
#PubkeyAuthentication yes
#AuthorizedKeysCommand /usr/sbin/aad_certhandler %u %k
#AuthorizedKeysCommandUser root
Match User sftp_dummy99,admin,admin_guysmiley,admin_sholtOldSite,admin_snipers
ChrootDirectory %h
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
If you want to use the File Manager that line must be uncommented.
# Hestia SFTP Chrootmust be just before the Match directive, some scripts use it to add and remove the sftp users so remove it and add it again just before the Match directive.
# Hestia SFTP Chroot
Match User sftp_dummy99,admin,admin_guysmiley,admin_sholtOldSite,admin_snipers
ChrootDirectory %h
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
I am sure if left uncommented default falls back to yes so unless you change it to no and uncomment it should break
Hestia SFTP Chrootmust be just before the Match directive, some scripts use it to add and remove the sftp users so remove it and add it again just before the Match directive.
This was the issue as
Line 110 in the configuration.php is:
$user_list = explode(“,”, $matches[2]);