No more FTP and ssh service down

sjordi · January 29, 2025, 9:31pm

Hi,
For an unknown reason, all my FTP accesses (sftp) don’t work anymore.
So I checked around and in HestiaCP admin dashboard, if I click the Configure cog icon, it shows ssh as red. Since SFTP uses port 22 I guess that’s the reason why .
I can’t ssh either using a password. Actually, I have added an ssh key and that’s how I connect.
But I just don’t understand why I can’t ftp anymore.
Any idea what could be wrong?
Could an Ubuntu update have messed up with something?

HestiaCP v1.8.12
Thanks for any clue.

eris · January 29, 2025, 9:36pm

If Ssh is down you can’t use sftp …

So try to restart the service

sjordi · January 29, 2025, 9:52pm

Thanks,
I did that, it doesn’t do anything. Restart. Start.
Nothing in logs besides stating it’s started but remains red
Service started (Name: ssh).

Each time I try to sftp, I have a permission denied.
If I reset root password to something very basic, it still says the same thing, so it’s obviously not the credentials that are wrong.
In the firewall, port 22 is Accept for 0.0.0.0/0
If I replace that with a fixed IP, still no access

linkp · January 30, 2025, 4:15am

Default sshd configuration does not allow root login with password. Its best to not alter that restriction either, lest your HestiaCP server become a malicious zombie in short order.

Do you have a user with SFTP privileges?

Even when using a less privileged user than root, it is still advisable to require SSH keys for authentication whenever possible. If you haven’t worked with SSH keys this article offers guidance on issuing an ed25519 key.

https://statistics.berkeley.edu/computing/ssh-keys

Here is a deeper exploration of the topic that I found enjoyable to read.

sjordi · January 30, 2025, 4:11pm

Hi @linkp
Thanks for your input.
Yes, I do have a specific user for sftp but it doesn’t work either.
And there is no chance for it to work since the ssh service that manages port 22 is always down now, despite it says it correctly started when using the config restart button.
So that means nobody can ftp to my server anymore.

I do use ssh keys for passwordless login and that works. But I need to be able to ftp from any computer, that’s why I need to be able to login with credentials.
But Port22 being closed for I don’t know why… this is not working.
And I had no problems before, I have all my CI/CD and all my 11 websites published to my VPS through SFTP without ssh keys, only user/password.
Everything has stopped working. Very strange.

I checked on the VPS itself and I don’t use any kind of firewall protection on their side, I do everything through HestiaCP to make sure nothing gets messed up.

I’ll investigate further.

sahsanu · January 30, 2025, 4:56pm

Show the output of these commands:

sudo -i
systemctl restart sshd
systemctl status sshd --no-pager -l
grep -Ev '^$|^#' /etc/ssh/sshd_config
grep -Ev '^$|^#' /etc/ssh/sshd_config.d/*
iptables -S

sjordi · January 30, 2025, 5:40pm

Mmhhh…
Interesting: a restart shows this:
Failed to restart sshd.service: Unit sshd.service not found.
The other commands don’t work since sshd.service is not found.

If I look for it

find / -name sshd.service
/snap/core20/2379/etc/systemd/system/sshd.service
/snap/core20/2379/var/lib/systemd/deb-systemd-helper-enabled/sshd.service
/snap/core20/2434/etc/systemd/system/sshd.service
/snap/core20/2434/var/lib/systemd/deb-systemd-helper-enabled/sshd.service
/var/lib/systemd/deb-systemd-helper-enabled/sshd.service
/var/lib/docker/overlay2/diqb85vu58da1m4p5tqysw2g6/diff/etc/systemd/system/sshd.service
/var/lib/docker/overlay2/diqb85vu58da1m4p5tqysw2g6/diff/var/lib/systemd/deb-systemd-helper-enabled/sshd.service

So the symlink to the service may have disappeared.

I’ll try to uninstall
sudo apt purge openssh-server
and reinstall
sudo apt install openssh-server

I’ll post results here. Have no idea how sshd can just disappear…

sahsanu · January 30, 2025, 6:03pm

If you are using Ubuntu the service is ssh (sshd is for Debian)

sjordi · January 30, 2025, 9:20pm

I DMed the result file to you.
Thanks

sjordi · January 30, 2025, 9:54pm

Ok more on this.
I had ssh back to green and it’s working.
I checked ls -l /etc/systemd/system/multi-user.target.wants/ and there were no ssh.service symlink there, meaning disabled when rebooting.

So I ran sudo systemctl enable ssh.service which created the link and ran sudo systemctl daemon-reload to reload.

Now HestiaCP shows ssh as ON and running

But still no sftp access
A connection returns
subsystem request failed on channel 0 Connection closed.

Pulling my hair on this.
Steve

sahsanu · January 30, 2025, 10:06pm

Double check the sshd conf (/etc/ssh/sshd_config), Subsystem directive looks like this:

Subsystem sftp internal-sftp

I’ve no access to the link you shared via DM so I don’t know if you should modify any other directive.

sjordi · January 30, 2025, 10:25pm

There were no such line.
I added it but still face the same problem.
The only line was
#Subsystem sftp-server and is commented

sahsanu · January 30, 2025, 10:26pm

grep -Ev '^$|^#' /etc/ssh/sshd_config
grep -Ev '^$|^#' /etc/ssh/sshd_config.d/*

sjordi · January 30, 2025, 10:29pm

SOLVED

Ok, after enabling ssh.service and then adding your line to the sshd_config file, I noticed I set internal-server instead of internal-**sftp** which was matched further down for all sftp user connections.
It works now for all my SFTP connections.

Gee, thanks a lot for all your help.
But it’s still a mystery why the ssh.service was disabled and why ssh_config didn’t have the internal-sftp reference anymore.
Crazy.

But thanks to you, I’m back on my four legs!
Steve

sahsanu · January 30, 2025, 10:32pm

You are welcome

Looks like an upgrade of openssh-server package and an overwrite of the default conf.

system · March 1, 2025, 10:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.