File Manager "Unknown Error" (Could not login to 127.0.0.1) - Hestia 1.9.3 / PHP 8.3.17 (Manual SFTP Works!)

Hi everyone,

Hoping someone can help, I’m really stuck with the File Manager after a server migration. Running HestiaCP v1.9.3 (Panel PHP 8.3.17) on Ubuntu 22.04.5 LTS.

Problem:

When I try to open the File Manager for any user (admin, regular users), I just get the red “Unknown error” message.

Error Log (/var/log/hestia/nginx-error.log): The error is always the same:

PHP message: PHP Warning: ini_set(): Session ini settings cannot be changed when a session is active...
PHP message: PHP Fatal error: Uncaught League\Flysystem\Sftp\ConnectionErrorException: Could not login with username: [username], host: 127.0.0.1 in /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php:244
Stack trace:
#0 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(207): League\Flysystem\Sftp\SftpAdapter->login()
#1 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(650): League\Flysystem\Sftp\SftpAdapter->connect()
... (rest of stack trace) ...

(Sometimes I also see: PHP Warning: file_get_contents(/home/[user]/.ssh/hst-filemanager-key): Failed to open stream: Permission denied... just before the fatal error)

What I’ve Tried (Still Not Working):

  • Manual SFTP Works Perfectly: I can log in fine using sftp [email protected] from the server’s command line with the user’s password.
  • Checked Forum/GitHub: I’ve searched the Hestia forums and GitHub issues for this Could not login... 127.0.0.1 error. Found several related threads/issues (like #4759, #4914, forum thread 18011, forum thread 179XX). Tried the suggested solutions (like removing hst-filemanager-key, checking permissions, applying ACLs) but the problem persists on my server.
  • SSH Config: Set PasswordAuthentication yes in /etc/ssh/sshd_config and restarted sshd. UsePAM yes is also set.
  • User Shell: Set SSH Access to bash for users in Hestia.
  • User Status: Checked users aren’t locked (sudo passwd --status user shows ‘P’).
  • Hestia Rebuild: Ran sudo /usr/local/hestia/bin/v-rebuild-user user.
  • File Manager Key: Tried deleting the key (sudo rm -f /home/*/.ssh/hst-filemanager-key). It regenerates but the error continues. Tried chown user:user on the regenerated key too.
  • Password Resets: Reset passwords through the Hestia UI and using v-change-user-password.
  • Permissions: Session directory permissions seem okay. Tried ACLs (setfacl -m u:hestiaweb:rwx /home/user/.ssh/) - this let the key regenerate but didn’t fix the login error.
  • Service Restarts: Restarted hestia, nginx, sshd many times.

Database Download Issue (This part IS Fixed):

I did have the database download ERR_INVALID_RESPONSE issue too, but thankfully found the fix for the Undefined array key 1 warning (related to PR #4876) on the forum/GitHub. Applied the sed command, restarted services, and that part works now. Huge thanks to the Hestia devs and contributors who find and fix these things – you guys work like magicians sometimes!

Question:

Why would the File Manager fail the SFTP login when manual SFTP from the command line works fine? Has anyone seen this exact behaviour on Hestia 1.9.3 / PHP 8.3 where the common fixes don’t work? Is there some other known bug, PAM issue, PHP setting, or post-migration quirk I’m missing?

Really appreciate any ideas!

Thanks, Newbie
but starting to feel like a Junior :sweat_smile:

Hi @Newbie,

.ssh owner must be the user and the same for the group. Perms are 755. Also, it doesn’t have ACLs.

Owner and group for hst-filemanager-key must be hestiaweb and perms 600.

Could you please show the output of these commands (replace YourUser with the actual user)?

ls -la /home/YourUser/.ssh/
grep -Ev '^#|^$' /etc/ssh/sshd_config.d/*.conf
grep -Ev '^#|^$' /etc/ssh/sshd_config
1 Like

Hi @sahsanu,

Thanks so much for clarifying the specific ownership and permissions needed for the File Manager!

Just to confirm, this “Unknown error” issue is happening for all users on my panel (admin, wp1, mybb), not just the one I’m providing details for below.

sahsanu:

.ssh owner must be the user and the same for the group. Perms are 755. Also, it doesn’t have ACLs.

Owner and group for hst-filemanager-key must be hestiaweb and perms 600.

Okay, that makes sense now, especially the 755 on the .ssh directory itself so hestiaweb can access it, and hestiaweb owning the key. I think some of the things I tried before (like ACLs or changing the key owner to the user) were attempts to work around the access issue before understanding Hestia needed this specific setup – appreciate you setting me straight on the required state!

You asked for the output of these commands (run for user mybb as an example):

  1. sudo ls -la /home/mybb/.ssh/
total 12
drwxrwx---+  2 mybb mybb 4096 May  6 00:36 .
drwxr-sr-x+ 15 mybb mybb 4096 May  4 22:09 ..
-rw-------   1 mybb mybb  323 May  6 00:06 authorized_keys

2.(Note: The hst-filemanager-key file is currently missing as expected after trying the rm command from another thread).*
3. sudo grep -Ev '^#|^

grep: /etc/ssh/sshd_config.d/*.conf: No such file or directory

4.(This directory seems empty/non-existent).*
5. sudo grep -Ev '^#|^

Include /etc/ssh/sshd_config.d/*.conf
LoginGraceTime 1m
PermitRootLogin yes
PasswordAuthentication yes
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
DebianBanner no
AcceptEnv LANG LC_*
Subsystem sftp internal-sftp
Match User sftp_dummy99,admin
    ChrootDirectory /srv/jail/%u
    X11Forwarding no
    AllowTCPForwarding no
    ForceCommand internal-sftp -d /home/%u

It looks like the main difference for the mybb user is the permissions on the .ssh directory (770 with ACL) instead of the 755 without ACLs that you mentioned.

What commands should I run next to correct this based on the output?

Thanks again for the help!

Newbie

You should remove ACL from .ssh dir:

setfacl -b /home/mybb/.ssh/
chmod 0755 /home/mybb/.ssh/
setfacl -b /home/mybb/
chmod 0751 /home/mybb/
setfacl -m "u:mybb:r-x" /home/mybb/
setfacl -m "g:hestia-users:---" /home/mybb/

Also, remove again all the contents inside /home/mybb/.ssh/

rm -f /home/mybb/.ssh/*

Now try to logon with mybb user using file manager. If you get the Unknown Error again, check if the files authorized_keys and hst-filemanager-key have been created:

ls -la /home/mybb/.ssh/

If they are created, try this (you should do it quickly, before the hst-filemanager-key is removed).

sudo -u hestiaweb sftp -o StrictHostKeyChecking=no -i /home/mybb/.ssh/hst-filemanager-key [email protected] <<< $'ls -l\n'

That’s ok.

Conf looks ok too. File manager uses Public Key Authentication and if doesn’t appear in the output is because it is using the default value that is PubkeyAuthentication yes.

3 Likes

Hi @sahsanu,

I wanted to give a massive THANK YOU, THANK YOU, THANK YOU! Your detailed instructions for the permissions on the user’s home directory and the .ssh directory (setting .ssh to 0755 without ACLs, home to 0751 with the specific ACLs you mentioned, and clearing out the .ssh/* files) worked like an absolute charm!

After applying those steps for each user (mybb, wp1, and admin), the File Manager is now working perfectly for all of them! The hst-filemanager-key is regenerating correctly, owned by hestiaweb:hestiaweb with 600 permissions, just as you said it should. I can finally see the files in the panel again. You have no idea how much this helps!

Just one small thing I did as an extra step: after Hestia regenerated the files in .ssh, I noticed authorized_keys (owned by user:user) had 644 permissions. For a bit of extra security, I changed the permissions for each user’s /home/[user]/.ssh/authorized_keys file to 600 (-rw-------). I’m assuming this is okay and won’t interfere with any Hestia operations, as it’s just for the user’s own key-based SSH logins, right?

Seriously, thank you again. After trying so many things based on other threads and GitHub issues, your specific guidance on the directory permissions was the key. You guys on the Hestia team and forum are amazing.

All the best,

After thinking I was becoming Junior I admit I am a Newbie alright! :see_no_evil:

3 Likes