FTP not working for any server except root

In Webmin check the log files for /var/log/message or /var/log/secure
by default erros are reported to System log, and I did see some come up there when I got a bad login at /var/log/secure.
https://doxfer.webmin.com/Webmin/System_Logs

Steve

So /var/log/secure is /var/log/auth.log on my server. In it there is this entry.

Jul 22 11:52:16 primary sshd[32232]: Accepted password for test@example.com from [MYIP] port [PORT] ssh2

Well the fact it accepting password, sounds like it not a authentication issue. Maybe go to protfd forums and search for solutions there. I use Centos and it works fine.
Steve

Alright thanks.

Edit: I’m not able to register there. Do you or someone else have an account there and let them know about this bug? The captcha doesn’t show up and it gives me an error about that. There’s no contact form or info.

If you’re using Firefox with strict security this could be the reason. Try disabling the “Enhanced Tracking Protection” (from the addressbar) or reduce its level (from the settings page).

I think I’ve found the reason. The test account does not have SSH access. (First row is the main user of the server, second row is test@example.com)
151

And SCP uses SSH so it makes sense if it’d give an error. There is no option in Virtualmin (that I can find) to select FTP and SSH login access so how do I do this?

If I use SFTP, Port 22 I get an error “Cannot initialize SFTP protocol. Is the host running an SFTP server?”

If SSH access is not possible/recommended, how would I enable SFTP on my setup?

I don’t recall ever coming across that option in Virtualmin. You may have to add the user to the SSH group, which would be by editing /etc/ssh/sshd_config to add an AllowUsers entry in CentOS. I have no idea how in Ubuntu.

There’s nothing terribly wrong with allowing SSH. Allowing password authentication is problematic; but even that can be done fairly safely if SSH is on a non-standard port AND strict rules regarding port-scanning and login failures are implemented at the firewall.

But don’t do the one unless you’re also willing to do the other. Using a non-standard port by itself isn’t very useful. You have to make it virtually impossible for a miscreant to stumble across the port and brute-force the password before getting locked out.

It helps if you set up login failure lockouts for all the commonly-abused service ports, including (and especially) services that don’t even exist on your server. For example, I always set up LFD to monitor 3389 (Windows RDP) on Linux servers just because it’s a popular target. If a miscreant or bot gets locked out of a non-existent service port, then I don’t have to worry about them accessing one that’s in use.

I do have fail2ban and other measures to protect the system but that’s not the topic of concern here. I first need the FTP to work. Right now it seems like virtualmin itself prevents ftp accounts from accessing the ftp services. Its not practical to edit config file everytime a user is created. Especially when user is created by a client who’s not a technical person and does not have permissions to edit config file.

I beleive I’m missing some configuration that is preventing access.

@Joe Could you look into it? Please read FTP not working for any server except root - #12 by Vipul.K

who use ftp those days? ftp is dangerous and stupid outside of your own home network… stay away from ftp outside of your home network…

1 Like

Where do I say I want to use FTP protocols? Are you a bot responding by keywords? I want to use SCP or SFTP. Even if I say FTP, I don’t mean the unsecure port 21 version. Because “who uses FTP those days?” If you can’t help kindly refrain from posting anything.

Well… the title of your post was " FTP not working for any server except root;" so I think one could be forgiven for thinking that you wanted to use FTP. I mean, if I complained that the corner store had no vanilla ice cream, one might reasonably conclude that I wanted vanilla ice cream, no?

Anyway… Try

Webmin -> Servers -> SSH Server -> Access Control

Richard

2 Likes

I clearly explained in the post I’m not using unsecured FTP on Port 21.

Anyways, everything is set to “All” on the page you mentioned.

Really? Because this is your first sentence:

And this is just after that:

So we all assumed, rightly so, that you were in fact trying to use FTP. You’ve flip flopped back and forth over what you were doing from post to post. That’s why people asked you why you’re even messing with FTP to begin with.

1 Like

Where did I say that I’m using unsecured FTP? When I say FTP, why do you all assume unsecured FTP even though I’ve mentioned in the first post

FTP in general is a very insecure way to go about doing things. That’s why most people no longer use it. That is the point everybody has made that you keep ignoring.

2 Likes

Because secure FTP is referred to as SFTP by… well, pretty much everyone except you.

Are PAM and Password Authentication enabled in /etc/ssh/sshd_config?

While you’re in there you may also want to change the default port to an unused one, and restart sshd.

Richard

2 Likes

I’ll change the port. But you’re looking in the wrong place. The FTP user created from webmin does not have SSH access as I showed before. Either I have to give him SSH access or enable SFTP server.

if I am b0t? let me laugh. thanks for your kind reply. I hope so others would be more helpful then me.

2 Likes

let make some obvious stuff out of the way…

SSH = SFTP and have nothing to do with FTP accounts…

secured FTP = FTPS not SFTP

those are two different things. People will assume only what one tell or ask them, no one can see other ones mind. I think question was already answered by two people here. have nice day.

edit to make it obvious, SSH is separate server from FTP server

1 Like

Thanks for telling me about the SFTP and FTPS thing. I didn’t know that. My program has options for SCP (currently using), SFTP and FTP.