File Manager Unknown Error for some users

alferus · January 5, 2024, 11:52am

I just installed the latest version of Hestiacp v1.8.11 with Ubuntu 22.04. Then I transferred 3 users from VestaCP and everything seems to be ok. But in 2 out of 3 users File Manager does not work - Unknown Error. Works only under the administrator and under one of the users. What is the problem?

sahsanu · January 5, 2024, 12:21pm

Try to rebuild those two users:

v-rebuild-user YourUser

alferus · January 6, 2024, 6:27am

did not help(

sahsanu · January 6, 2024, 7:23am

Show the output of these commands (replace YourUser1 and YourUser2 by your actual users):

grep -riE 'allowuser|match\suser' /etc/ssh/
grep -iE '^YourUser1:|^YourUser2:' /etc/passwd
ls -la /home/YourUser1/.ssh/
ls -la /home/YourUser2/.ssh/

alferus · January 6, 2024, 10:57am

/etc/ssh/sshd_config:#Match User anoncvs
/etc/ssh/sshd_config:Match User sftp_dummy99,admin,uat_b24-14105_civ,uat_civ_achin,uat_sdn_sizovik,uat_kas_sizovik,uat_civ_sizovik,uat_civ_anti,uat_siemens,uat_alyans_tmp,uat_askaneli_front,uat_help_sushi,uat_civ_sushi,uat_crm-mp_sdn,uat_crm-mp_kas,uat_svs_indoor,uat_help,uat_webstripe_svs,uat_civ_everest,uat_admin_report,uat_svs,uat_civ_novo,uat_svs_api,uat_sdn_doors,uat_zni,uat_civ,uat_svs_promsnab,uat_module,uat_sdn,uat_wishcard,uat_ilya,uat_civ_prava,uat_civ_electro,uat_svs_crmindoor,uat_autoshina,uat_autoshina_civ,uat_vdi,rent_vdi
/etc/ssh/sshd_config.ucf-dist:#Match User anoncvs

dev:x:1003:1003:[email protected]:/home/dev:/bin/bash
uat:x:1004:1004:[email protected]:/home/uat:/bin/bash

total 28
drwx------   2 dev   dev   4096 Jan  5 13:59 .
drwxr-x--x+ 16 dev   dev   4096 Jan  5 13:46 ..
-rw-------   1 dev   dev    889 Jan  5 13:59 authorized_keys
-rw-------   1 admin admin 1052 Jan  5 13:59 hst-filemanager-key
-rw-------   1 dev   dev   1675 Feb 15  2023 id_rsa
-rw-r--r--   1 dev   dev    402 Feb 15  2023 id_rsa.pub
-rw-r--r--   1 dev   dev   1776 Nov  9 17:29 known_hosts

total 84
drwx------   2 uat   uat    4096 Jan  6 07:12 .
drwxr-x--x+ 19 root  root   4096 Jan  6 05:50 ..
-rw-------   1 uat   uat   30162 Jan  6 05:53 authorized_keys
-rw-r--r--   1 uat   uat     267 Apr 21  2023 config
-rw-------   1 admin admin  1052 Jan  6 05:53 hst-filemanager-key
-rw-------   1 uat   uat    1679 Apr 12  2023 id_rsa
-rw-r--r--   1 uat   uat     398 Apr 12  2023 id_rsa.pub
-rw-------   1 uat   uat    1679 Oct 18 12:50 id_rsa_sibcode
-rw-r--r--   1 uat   uat     402 Oct 18 12:50 id_rsa_sibcode.pub
-rw-r--r--   1 uat   uat    2460 Sep 26 11:53 known_hosts
-rw-r--r--   1 uat   uat    5462 Jun 22  2023 known_hosts.old
-rw-r--r--   1 uat   uat    6130 Aug  8 10:58 known_hosts.old2

sahsanu · January 6, 2024, 11:43am

Edit /etc/ssh/sshd_config and in Match User directive add both users; uat and dev:

Like this:

Match User sftp_dummy99,admin,uat_b24-14105_civ,uat_civ_achin,uat_sdn_sizovik,uat_kas_sizovik,uat_civ_sizovik,uat_civ_anti,uat_siemens,uat_alyans_tmp,uat_askaneli_front,uat_help_sushi,uat_civ_sushi,uat_crm-mp_sdn,uat_crm-mp_kas,uat_svs_indoor,uat_help,uat_webstripe_svs,uat_civ_everest,uat_admin_report,uat_svs,uat_civ_novo,uat_svs_api,uat_sdn_doors,uat_zni,uat_civ,uat_svs_promsnab,uat_module,uat_sdn,uat_wishcard,uat_ilya,uat_civ_prava,uat_civ_electro,uat_svs_crmindoor,uat_autoshina,uat_autoshina_civ,uat_vdi,rent_vdi,uat,dev

Once modified, restart ssh server and try again.

systemctl restart sshd

alferus · January 7, 2024, 7:02am

Same error. And there was no third user on the list - rent, although for some reason File Manager works with this user. I’ve added it to this list too.

eris · January 7, 2024, 7:59am

Check first /var/log/hestia/nginx-error.log

alferus · January 7, 2024, 8:29am

2024/01/07 12:01:14 [error] 3760#0: *19 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught League\Flysystem\Sftp\ConnectionErrorException: Could not login with username:
dev, host: 127.0.0.1 in /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php:244 
Stack trace:
#0 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(207): League\Flysystem\Sftp\SftpAdapter->login()
#1 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(650): League\Flysystem\Sftp\SftpAdapter->connect()
#2 /usr/local/hestia/web/fm/vendor/league/flysystem-sftp/src/SftpAdapter.php(360): League\Flysystem\Adapter\AbstractFtpAdapter->getConnection()
#3 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Adapter/AbstractFtpAdapter.php(338): League\Flysystem\Sftp\SftpAdapter->listDirectoryContents()
#4 /usr/local/hestia/web/fm/vendor/league/flysystem/src/Filesystem.php(272): League\Flysystem\Adapter\AbstractFtpAdapter->listContents()
#5 /usr/local/hestia/web/fm/backend/Services/Storage/Filesystem.php(199): League\Flysyste" while reading response header from upstream, client: myIP, server: _, 
request: "POST /fm/?r=/getdir HTTP/2.0", upstream: "fastcgi://unix:/run/hestia-php.sock:", host: "mydomain:8083", referrer: "https://mydomain:8083/fm/"

sahsanu · January 7, 2024, 8:39am

Try this with dev user:

Backup the contents of /home/dev/.ssh/ dir and after that, remove all the files inside it.

rm -f /home/dev/.ssh/*

Once done try again to use file manager with dev user.

alferus · January 7, 2024, 9:14am

This also didn’t help( Above I corrected the comment from the report nginx-error.log, I noticed that part of the text was cut off

sahsanu · January 7, 2024, 9:21am

That’s really weird.

Show the output of these commands:

grep -ri sftp /etc/ssh/
namei -mo /home/dev/.ssh/
getfacl /home/dev/

alferus · January 7, 2024, 10:10am

root@uat:~# grep -ri sftp /etc/ssh/
/etc/ssh/sshd_config:Subsystem sftp internal-sftp
/etc/ssh/sshd_config:# Hestia SFTP Chroot
/etc/ssh/sshd_config:Match User sftp_dummy99,admin,uat_b24-14105_civ,uat_civ_achin,uat_sdn_sizovik,uat_kas_sizovik,uat_civ_sizovik,uat_civ_anti,uat_siemens,uat_alyans_tmp,uat_askaneli_front,uat_help_sushi,uat_civ_sushi,uat_crm-mp_sdn,uat_crm-mp_kas,uat_svs_indoor,uat_help,uat_webstripe_svs,uat_civ_everest,uat_admin_report,uat_svs,uat_civ_novo,uat_svs_api,uat_sdn_doors,uat_zni,uat_civ,uat_svs_promsnab,uat_module,uat_sdn,uat_wishcard,uat_ilya,uat_civ_prava,uat_civ_electro,uat_svs_crmindoor,uat_autoshina,uat_autoshina_civ,uat_vdi,rent_vdi,uat,dev,rent
/etc/ssh/sshd_config:    ForceCommand internal-sftp
/etc/ssh/sshd_config.ucf-dist:Subsystem sftp    /usr/lib/openssh/sftp-server

root@uat:~# namei -mo /home/dev/.ssh/
f: /home/dev/.ssh/
 drwxr-xr-x root root /
 drwxr-xr-x root root home
 drwxr-x--x dev  dev  dev
 drwx------ dev  dev  .ssh

root@uat:~# getfacl /home/dev/
getfacl: Removing leading '/' from absolute path names
# file: home/dev/
# owner: dev
# group: dev
user::rwx
user:dev:r-x
group::r-x
group:hestia-users:---
mask::r-x
other::--x

sahsanu · January 7, 2024, 10:18am

You didn’t create dev user inside Hestia or you modified the home perms. sftp uses chroot and user’s home should be owned by root.

chown root:root /home/dev/

alferus · January 7, 2024, 10:37am

This command didn’t help. These users have been transferred from VestaCP. Can we compare a working user and a non-working user?

root@uat:~# namei -mo /home/dev/.ssh/
f: /home/dev/.ssh/
 drwxr-xr-x root root /
 drwxr-xr-x root root home
 drwxr-x--x root root dev
 drwx------ dev  dev  .ssh

root@uat:~# namei -mo /home/rent/.ssh/
f: /home/rent/.ssh/
 drwxr-xr-x root root /
 drwxr-xr-x root root home
 drwxr-x--x root root rent
 drwxr-xr-x rent rent .ssh

root@uat:~# ls -la /home/dev/.ssh/
total 16
drwx------   2 dev   dev   4096 Jan  7 11:53 .
drwxr-x--x+ 16 root  root  4096 Jan  5 13:46 ..
-rw-r--r--   1 dev   dev    319 Jan  7 11:53 authorized_keys
-rw-------   1 admin admin 1052 Jan  7 11:53 hst-filemanager-key

root@uat:~# ls -la /home/rent/.ssh/
total 16
drwxr-xr-x   2 rent  rent  4096 Jan  5 13:50 .
drwxr-x--x+ 14 root  root  4096 Jan  5 13:44 ..
-rw-r--r--   1 rent  rent   319 Jan  5 13:50 authorized_keys
-rw-------   1 admin admin 1052 Jan  5 13:50 hst-filemanager-key

Maybe this is the problem?
drwx------ dev dev .ssh

alferus · January 7, 2024, 10:50am

Wow, this helped

chmod 755 /home/dev/.ssh/

Now for user dev

root@uat:~# namei -mo /home/dev/.ssh/
f: /home/dev/.ssh/
 drwxr-xr-x root root /
 drwxr-xr-x root root home
 drwxr-x--x root root dev
 drwxr-xr-x dev  dev  .ssh

alferus · January 7, 2024, 10:51am

TY sahsanu and eris!

eris · January 7, 2024, 12:10pm

Yes that is the issue

alferus · January 26, 2024, 11:34am

One user has the same error again, where should I look? and how does it break itself?

root@uat:~# namei -mo /home/uat/.ssh/
f: /home/uat/.ssh/
 drwxr-xr-x root root /
 drwxr-xr-x root root home
 drwxr-x--x root root uat
 drwxr-xr-x uat  uat  .ssh

root@uat:~# ls -la /home/uat/.ssh/
total 84
drwxr-xr-x   2 uat   uat    4096 Jan 25 11:56 .
drwxr-x--x+ 19 root  root   4096 Jan 24 06:21 ..
-rw-r--r--   1 uat   uat   30949 Jan 25 11:56 authorized_keys
-rw-r--r--   1 uat   uat     267 Apr 21  2023 config
-rw-------   1 admin admin  1052 Jan  6 05:53 hst-filemanager-key
-rw-------   1 uat   uat    1679 Apr 12  2023 id_rsa
-rw-r--r--   1 uat   uat     398 Apr 12  2023 id_rsa.pub
-rw-------   1 uat   uat    1679 Oct 18 12:50 id_rsa_sibcode
-rw-r--r--   1 uat   uat     402 Oct 18 12:50 id_rsa_sibcode.pub
-rw-r--r--   1 uat   uat    2460 Sep 26 11:53 known_hosts
-rw-r--r--   1 uat   uat    5462 Jun 22  2023 known_hosts.old
-rw-r--r--   1 uat   uat    6130 Aug  8 10:58 known_hosts.old2

alferus · January 28, 2024, 5:28am

The logs /var/log/hestia/nginx-error.log showed the same authorization error. I restored it step by step:

v-rebuild-user MyUser

Edited /etc/ssh/sshd_config and in Match User directive added MyUser

rm -f /home/MyUser/.ssh/*

chown root:root /home/MyUser/

And it started working again, it’s not clear how it got corrupted… I think it was the last command that helped.