Suddenly can't connect to ftp

Hello,

I did a sudo apt-get update && upgrade and didn’t connect to ftp in 4-5 days so I don’t know it if it linked, but I tried anything and now I can’t connect anymore to my ftp.

Does someone has a tips to regain access to my ftp?

Thanks in advance and have a very nice day

Hi @Sarah

Are you using proftpd or vsftpd? You can use this command to check it:

v-list-sys-config json | jq -r '.[]|.FTP_SYSTEM'

Check whether the service is up and running:

If using proftpd:

systemctl status proftpd --no-pager -l

If using vsftpd:

systemctl status vsftpd --no-pager -l

Also, check whether you have the right firewall rules and service is listening on port 21:

iptables -S | grep -E '21|12000'
lsof -Pn +c0 -i:21 -sTCP:LISTEN

Hey, thank you for your answer!

I use vsftpd

systemctl status vsftpd --no-pager -l

It is active (running)

It is correctly listening on port 21, for firewall, what should be the right rules? I have input tcp dport 21, input -s myserverip -j Accept, input tpc multiport, and some fail2ban

I would like to view the outputs.

What’s the error you get when trying to connect to your server using FTP?

Also, show the vsftpd conf:

cat /etc/vsftpd.conf

Check the user’s shell (replace YourUser with the actual user):

v-list-user YourUser json | jq -r '.[]|.SHELL'

If the shell is not nologin or rssh then change it to nologin.

v-change-user-shell YourUser nologin

If the user already had nologin or you just changed it, then execute this command:

v-add-user-sftp-jail YourUser

And try to login again with your user via FTP.

Error is “Error: Unable to establish connection to server”

Yes it was already nologin, and I tried to execute v-add-user-sftp-jail withmyuser but it failed, also I connect as root, not as my user, is it wrong? (it was working like that)

Vsftpd conf:

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=022
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
dual_log_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
ftpd_banner=Welcome! Please note that all activity is logged.
userlist_enable=NO
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
allow_writeable_chroot=NO
local_root=/srv/jail/%u
user_sub_token=%u
seccomp_sandbox=NO
pasv_enable=YES
pasv_promiscuous=YES
pasv_min_port=12000
pasv_max_port=12100
max_per_ip=10
max_clients=100
use_localtime=NO
utf8_filesystem=YES
ssl_enable=YES
allow_anon_ssl=NO
require_ssl_reuse=NO
ssl_ciphers=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
rsa_cert_file=/usr/local/hestia/ssl/certificate.crt
rsa_private_key_file=/usr/local/hestia/ssl/certificate.key

And all my firewall rules are:

	Action		Comment	Protocol	Port	IP Address

 ACCEPT	
PING	ICMP	0	0.0.0.0/0

 ACCEPT	
HESTIA	TCP	2083	0.0.0.0/0

 ACCEPT	
FTP	TCP	21,12000-12100	0.0.0.0/0

 ACCEPT	
WEB	TCP	80,443	0.0.0.0/0

 ACCEPT	
SSH	TCP	22	0.0.0.0/0

Thanks again :slight_smile:

Bur failed to connect to FTP using youruser or failed the command?

Yes, it is. By default root is not allowed to connect using FTP and it’s a security risk to allow it.

If this command shows root as output, then the root user is not allowed to use FTP.

grep '^root' /etc/ftpusers

You must use your own user to connect to your FTP server.

1 Like

One more thing: I see that you’re using port 2083 to access Hestia, so you might be using Cloudflare or another CDN.

Are you trying to access port 21 through a hostname that is proxied by the CDN? If so, try using the server’s public IP address instead, or use a hostname that points to your server but is not proxied by the CDN.

1 Like

Weirdly enough i had this issue with sftp but i could ssh into the server. I actually updated the sshd_config file with other settings from my other server and it worked again.

this was a brand new server install when i had the sftp issue.

2 Likes

Ohhh, all right, since the beginning I was only connecting through root

It worked with my user, though /home/web/ only shows my cp.website.com folder and not the other ones (that are showing under this user on my panel when I login from the web interface)

grep ‘^root’ /etc/ftpusers

It shown root yes

  • What elmo said is really “talking to me” when I did sudo apt update and upgrade, I remember something changed on my sshd config !

So I did some research and I saw that Subsystem sftp internal-sftp was changed to Subsytem sftp internal-sftp-server

I removed the -server part and it’s now working again!

1 Like

It turns out we were discussing FTP, when in fact we should have been focusing on SFTP, which is a completely different protocol. And that is a known bug that will be fixed in next Hestia release.

1 Like

@sahsanu i replaced the sshd conf file with another server/older, to make it work. Should i need to do anything else? The problem only existed on a newly installed server.

1 Like

This is a known issue, that 1 single change is all that is needed.
See this:

This change is a temporary fix for the issue. To resolve it permanently, you must replace v-add-sys-sftp-jail with the following code: