I just installed the latest version of Hestiacp v1.8.11 with Ubuntu 22.04. Then I transferred 3 users from VestaCP and everything seems to be ok. But in 2 out of 3 users File Manager does not work - Unknown Error. Works only under the administrator and under one of the users. What is the problem?
Try to rebuild those two users:
v-rebuild-user YourUser
did not help(
Show the output of these commands (replace YourUser1
and YourUser2
by your actual users):
grep -riE 'allowuser|match\suser' /etc/ssh/
grep -iE '^YourUser1:|^YourUser2:' /etc/passwd
ls -la /home/YourUser1/.ssh/
ls -la /home/YourUser2/.ssh/
/etc/ssh/sshd_config:#Match User anoncvs
/etc/ssh/sshd_config:Match User sftp_dummy99,admin,uat_b24-14105_civ,uat_civ_achin,uat_sdn_sizovik,uat_kas_sizovik,uat_civ_sizovik,uat_civ_anti,uat_siemens,uat_alyans_tmp,uat_askaneli_front,uat_help_sushi,uat_civ_sushi,uat_crm-mp_sdn,uat_crm-mp_kas,uat_svs_indoor,uat_help,uat_webstripe_svs,uat_civ_everest,uat_admin_report,uat_svs,uat_civ_novo,uat_svs_api,uat_sdn_doors,uat_zni,uat_civ,uat_svs_promsnab,uat_module,uat_sdn,uat_wishcard,uat_ilya,uat_civ_prava,uat_civ_electro,uat_svs_crmindoor,uat_autoshina,uat_autoshina_civ,uat_vdi,rent_vdi
/etc/ssh/sshd_config.ucf-dist:#Match User anoncvs
dev:x:1003:1003:[email protected]:/home/dev:/bin/bash
uat:x:1004:1004:[email protected]:/home/uat:/bin/bash
total 28
drwx------ 2 dev dev 4096 Jan 5 13:59 .
drwxr-x--x+ 16 dev dev 4096 Jan 5 13:46 ..
-rw------- 1 dev dev 889 Jan 5 13:59 authorized_keys
-rw------- 1 admin admin 1052 Jan 5 13:59 hst-filemanager-key
-rw------- 1 dev dev 1675 Feb 15 2023 id_rsa
-rw-r--r-- 1 dev dev 402 Feb 15 2023 id_rsa.pub
-rw-r--r-- 1 dev dev 1776 Nov 9 17:29 known_hosts
total 84
drwx------ 2 uat uat 4096 Jan 6 07:12 .
drwxr-x--x+ 19 root root 4096 Jan 6 05:50 ..
-rw------- 1 uat uat 30162 Jan 6 05:53 authorized_keys
-rw-r--r-- 1 uat uat 267 Apr 21 2023 config
-rw------- 1 admin admin 1052 Jan 6 05:53 hst-filemanager-key
-rw------- 1 uat uat 1679 Apr 12 2023 id_rsa
-rw-r--r-- 1 uat uat 398 Apr 12 2023 id_rsa.pub
-rw------- 1 uat uat 1679 Oct 18 12:50 id_rsa_sibcode
-rw-r--r-- 1 uat uat 402 Oct 18 12:50 id_rsa_sibcode.pub
-rw-r--r-- 1 uat uat 2460 Sep 26 11:53 known_hosts
-rw-r--r-- 1 uat uat 5462 Jun 22 2023 known_hosts.old
-rw-r--r-- 1 uat uat 6130 Aug 8 10:58 known_hosts.old2
Edit /etc/ssh/sshd_config
and in Match User
directive add both users; uat
and dev
:
Like this:
Match User sftp_dummy99,admin,uat_b24-14105_civ,uat_civ_achin,uat_sdn_sizovik,uat_kas_sizovik,uat_civ_sizovik,uat_civ_anti,uat_siemens,uat_alyans_tmp,uat_askaneli_front,uat_help_sushi,uat_civ_sushi,uat_crm-mp_sdn,uat_crm-mp_kas,uat_svs_indoor,uat_help,uat_webstripe_svs,uat_civ_everest,uat_admin_report,uat_svs,uat_civ_novo,uat_svs_api,uat_sdn_doors,uat_zni,uat_civ,uat_svs_promsnab,uat_module,uat_sdn,uat_wishcard,uat_ilya,uat_civ_prava,uat_civ_electro,uat_svs_crmindoor,uat_autoshina,uat_autoshina_civ,uat_vdi,rent_vdi,uat,dev
Once modified, restart ssh server and try again.
systemctl restart sshd
Same error. And there was no third user on the list - rent, although for some reason File Manager works with this user. I’ve added it to this list too.
Check first /var/log/hestia/nginx-error.log
2024/01/07 12:01:14 [error] 3760#0: *19 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught League\Flysystem\Sftp\ConnectionErrorException: Could not login with username:
dev, host: 127.0.0.1 in /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php:244
Stack trace:
#0 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(207): League\Flysystem\Sftp\SftpAdapter->login()
#1 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(650): League\Flysystem\Sftp\SftpAdapter->connect()
#2 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(360): League\Flysystem\Adapter\AbstractFtpAdapter->getConnection()
#3 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(338): League\Flysystem\Sftp\SftpAdapter->listDirectoryContents()
#4 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Filesystem.php(272): League\Flysystem\Adapter\AbstractFtpAdapter->listContents()
#5 /usr/local/hestia/web/fm/backend/Services/Storage/Filesystem.php(199): League\Flysyste" while reading response header from upstream, client: myIP, server: _,
request: "POST /fm/?r=/getdir HTTP/2.0", upstream: "fastcgi://unix:/run/hestia-php.sock:", host: "mydomain:8083", referrer: "https://mydomain:8083/fm/"
Try this with dev
user:
Backup the contents of /home/dev/.ssh/
dir and after that, remove all the files inside it.
rm -f /home/dev/.ssh/*
Once done try again to use file manager with dev
user.
This also didn’t help( Above I corrected the comment from the report nginx-error.log, I noticed that part of the text was cut off
That’s really weird.
Show the output of these commands:
grep -ri sftp /etc/ssh/
namei -mo /home/dev/.ssh/
getfacl /home/dev/
root@uat:~# grep -ri sftp /etc/ssh/
/etc/ssh/sshd_config:Subsystem sftp internal-sftp
/etc/ssh/sshd_config:# Hestia SFTP Chroot
/etc/ssh/sshd_config:Match User sftp_dummy99,admin,uat_b24-14105_civ,uat_civ_achin,uat_sdn_sizovik,uat_kas_sizovik,uat_civ_sizovik,uat_civ_anti,uat_siemens,uat_alyans_tmp,uat_askaneli_front,uat_help_sushi,uat_civ_sushi,uat_crm-mp_sdn,uat_crm-mp_kas,uat_svs_indoor,uat_help,uat_webstripe_svs,uat_civ_everest,uat_admin_report,uat_svs,uat_civ_novo,uat_svs_api,uat_sdn_doors,uat_zni,uat_civ,uat_svs_promsnab,uat_module,uat_sdn,uat_wishcard,uat_ilya,uat_civ_prava,uat_civ_electro,uat_svs_crmindoor,uat_autoshina,uat_autoshina_civ,uat_vdi,rent_vdi,uat,dev,rent
/etc/ssh/sshd_config: ForceCommand internal-sftp
/etc/ssh/sshd_config.ucf-dist:Subsystem sftp /usr/lib/openssh/sftp-server
root@uat:~# namei -mo /home/dev/.ssh/
f: /home/dev/.ssh/
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--x dev dev dev
drwx------ dev dev .ssh
root@uat:~# getfacl /home/dev/
getfacl: Removing leading '/' from absolute path names
# file: home/dev/
# owner: dev
# group: dev
user::rwx
user:dev:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::--x
You didn’t create dev user inside Hestia or you modified the home perms. sftp uses chroot and user’s home should be owned by root.
chown root:root /home/dev/
This command didn’t help. These users have been transferred from VestaCP. Can we compare a working user and a non-working user?
root@uat:~# namei -mo /home/dev/.ssh/
f: /home/dev/.ssh/
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--x root root dev
drwx------ dev dev .ssh
root@uat:~# namei -mo /home/rent/.ssh/
f: /home/rent/.ssh/
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--x root root rent
drwxr-xr-x rent rent .ssh
root@uat:~# ls -la /home/dev/.ssh/
total 16
drwx------ 2 dev dev 4096 Jan 7 11:53 .
drwxr-x--x+ 16 root root 4096 Jan 5 13:46 ..
-rw-r--r-- 1 dev dev 319 Jan 7 11:53 authorized_keys
-rw------- 1 admin admin 1052 Jan 7 11:53 hst-filemanager-key
root@uat:~# ls -la /home/rent/.ssh/
total 16
drwxr-xr-x 2 rent rent 4096 Jan 5 13:50 .
drwxr-x--x+ 14 root root 4096 Jan 5 13:44 ..
-rw-r--r-- 1 rent rent 319 Jan 5 13:50 authorized_keys
-rw------- 1 admin admin 1052 Jan 5 13:50 hst-filemanager-key
Maybe this is the problem?
drwx------ dev dev .ssh
Wow, this helped
chmod 755 /home/dev/.ssh/
Now for user dev
root@uat:~# namei -mo /home/dev/.ssh/
f: /home/dev/.ssh/
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--x root root dev
drwxr-xr-x dev dev .ssh
TY sahsanu and eris!
Yes that is the issue
One user has the same error again, where should I look? and how does it break itself?
root@uat:~# namei -mo /home/uat/.ssh/
f: /home/uat/.ssh/
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-x--x root root uat
drwxr-xr-x uat uat .ssh
root@uat:~# ls -la /home/uat/.ssh/
total 84
drwxr-xr-x 2 uat uat 4096 Jan 25 11:56 .
drwxr-x--x+ 19 root root 4096 Jan 24 06:21 ..
-rw-r--r-- 1 uat uat 30949 Jan 25 11:56 authorized_keys
-rw-r--r-- 1 uat uat 267 Apr 21 2023 config
-rw------- 1 admin admin 1052 Jan 6 05:53 hst-filemanager-key
-rw------- 1 uat uat 1679 Apr 12 2023 id_rsa
-rw-r--r-- 1 uat uat 398 Apr 12 2023 id_rsa.pub
-rw------- 1 uat uat 1679 Oct 18 12:50 id_rsa_sibcode
-rw-r--r-- 1 uat uat 402 Oct 18 12:50 id_rsa_sibcode.pub
-rw-r--r-- 1 uat uat 2460 Sep 26 11:53 known_hosts
-rw-r--r-- 1 uat uat 5462 Jun 22 2023 known_hosts.old
-rw-r--r-- 1 uat uat 6130 Aug 8 10:58 known_hosts.old2
The logs /var/log/hestia/nginx-error.log showed the same authorization error. I restored it step by step:
v-rebuild-user MyUser
Edited /etc/ssh/sshd_config and in Match User
directive added MyUser
rm -f /home/MyUser/.ssh/*
chown root:root /home/MyUser/
And it started working again, it’s not clear how it got corrupted… I think it was the last command that helped.