Hello,
I did a sudo apt-get update && upgrade and didn’t connect to ftp in 4-5 days so I don’t know it if it linked, but I tried anything and now I can’t connect anymore to my ftp.
Does someone has a tips to regain access to my ftp?
Thanks in advance and have a very nice day
Hi @Sarah
Are you using proftpd or vsftpd? You can use this command to check it:
v-list-sys-config json | jq -r '.[]|.FTP_SYSTEM'
Check whether the service is up and running:
If using proftpd:
systemctl status proftpd --no-pager -l
If using vsftpd:
systemctl status vsftpd --no-pager -l
Also, check whether you have the right firewall rules and service is listening on port 21:
iptables -S | grep -E '21|12000'
lsof -Pn +c0 -i:21 -sTCP:LISTEN
Hey, thank you for your answer!
I use vsftpd
systemctl status vsftpd --no-pager -l
It is active (running)
It is correctly listening on port 21, for firewall, what should be the right rules? I have input tcp dport 21, input -s myserverip -j Accept, input tpc multiport, and some fail2ban
I would like to view the outputs.
What’s the error you get when trying to connect to your server using FTP?
Also, show the vsftpd conf:
cat /etc/vsftpd.conf
Check the user’s shell (replace YourUser with the actual user):
v-list-user YourUser json | jq -r '.[]|.SHELL'
If the shell is not nologin or rssh then change it to nologin.
v-change-user-shell YourUser nologin
If the user already had nologin or you just changed it, then execute this command:
v-add-user-sftp-jail YourUser
And try to login again with your user via FTP.
Error is “Error: Unable to establish connection to server”
Yes it was already nologin, and I tried to execute v-add-user-sftp-jail withmyuser but it failed, also I connect as root, not as my user, is it wrong? (it was working like that)
Vsftpd conf:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=022
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
dual_log_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
ftpd_banner=Welcome! Please note that all activity is logged.
userlist_enable=NO
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
allow_writeable_chroot=NO
local_root=/srv/jail/%u
user_sub_token=%u
seccomp_sandbox=NO
pasv_enable=YES
pasv_promiscuous=YES
pasv_min_port=12000
pasv_max_port=12100
max_per_ip=10
max_clients=100
use_localtime=NO
utf8_filesystem=YES
ssl_enable=YES
allow_anon_ssl=NO
require_ssl_reuse=NO
ssl_ciphers=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
rsa_private_key_file=/usr/local/hestia/ssl/certificate.key
And all my firewall rules are:
Action Comment Protocol Port IP Address
ACCEPT
PING ICMP 0 0.0.0.0/0
ACCEPT
HESTIA TCP 2083 0.0.0.0/0
ACCEPT
FTP TCP 21,12000-12100 0.0.0.0/0
ACCEPT
WEB TCP 80,443 0.0.0.0/0
ACCEPT
SSH TCP 22 0.0.0.0/0
Thanks again 
Bur failed to connect to FTP using youruser or failed the command?
Yes, it is. By default root is not allowed to connect using FTP and it’s a security risk to allow it.
If this command shows root as output, then the root user is not allowed to use FTP.
grep '^root' /etc/ftpusers
You must use your own user to connect to your FTP server.
One more thing: I see that you’re using port 2083 to access Hestia, so you might be using Cloudflare or another CDN.
Are you trying to access port 21 through a hostname that is proxied by the CDN? If so, try using the server’s public IP address instead, or use a hostname that points to your server but is not proxied by the CDN.
Weirdly enough i had this issue with sftp but i could ssh into the server. I actually updated the sshd_config file with other settings from my other server and it worked again.
this was a brand new server install when i had the sftp issue.
Ohhh, all right, since the beginning I was only connecting through root
It worked with my user, though /home/web/ only shows my cp.website.com folder and not the other ones (that are showing under this user on my panel when I login from the web interface)
grep ‘^root’ /etc/ftpusers
It shown root yes
So I did some research and I saw that Subsystem sftp internal-sftp was changed to Subsytem sftp internal-sftp-server
I removed the -server part and it’s now working again!
It turns out we were discussing FTP, when in fact we should have been focusing on SFTP, which is a completely different protocol. And that is a known bug that will be fixed in next Hestia release.
@sahsanu i replaced the sshd conf file with another server/older, to make it work. Should i need to do anything else? The problem only existed on a newly installed server.
This is a known issue, that 1 single change is all that is needed.
See this:
This change is a temporary fix for the issue. To resolve it permanently, you must replace v-add-sys-sftp-jail with the following code: