Of course, I forgot totally, I run debian 9, the latest one, as for ssh login, I use putty for the command line and it always ask me to add the key and to put the password, root must have a password so no one can touch my system (when I mean root pass I mean the same you use with virtualmin, created automatically by the system).
having some FTP issues here as well. Clean install on Ubuntu 16.04.3 with virtualmin installed via the scripts on the download page.
Setup server, installed SSL certs and tried to connect via SFTP/FTP - SFTP wont authorise and FTP no go - turned out proftp would not start due to TLD issue, added LoadModule mod_tls.c to line 5 of /etc/proftpd/conf.d/virtualmin.conf which resolved the proftpd not starting.
Still cannot sftp or ftp via WinSCP. still get auth fail over sftp and ftp connects but complains the public_html dir of the site does not exist (it does) and then crashes out.
I can however sftp in via master account and ssh key via WinSCP.
also looking at the system settings > features and plugins shows proftp with 0 domains. not sure if this is a cause for concern.
I have done no manual configuration on the config files other than to add in the LoadModule mod_tls.c mentioned above everything has been setup via the scripts and then via the web interface.
Any ideas? I need to setup another domain name on the server and ideally I need sftp/ftp sorted for that.
You can read it here . I am hoping it would help you somehow. I included example of sshd_config file, so basically no proftpd need it at all. You can download that page as it is self contained.
EDIT: ive just checked yat.pm for port 22 and its open, so you should defo be able to connect to sftp.
if you use sftp you dont need ftp at all - winscp sftp info ftps is not sftp and sftp is ssh. If your winscp crashes, have look at logs on your computer (not on server) to found out why or remove that program and use another one like filezilla…
The issues isn’t with WInSCP and it doesnt matter if i am trying to connect via ftp or sftp or ftps or ssh - the fact is I cannot connect via any of these using the domain user. Its almost like the create virtual server setup didn’t work as expected.
I CAN login via WinSCP using the root user.
I see… try log in as domain user via sftp in your winscp… is it working or?
@unborn - nope, using a domain user gives auth error over sftp and can log in via ftp but complains the /public_html dir on the server does not exist (but ssh on to server via root user and i can see it is indeed there)
- whats the error message you are getting when connecting as domain user? can you copy and paste exactly what it saying? thanks.
ps im on virtualmin irc channel… if you want chat about it in real time…
“Error changing directory to '/home//public_html’"
"/home//public_html: No such file or directory”
WinSCP then hangs on “trying to read remote directory” and finally the following error appears:
“Timeout detected. (data connection)
Could not retrieve directory listing
Error listing directory ‘/’.”
That is via ftp with TLS.
Trying to connect with SFTP using domain user and admin password produces:
“Disconnected: No Supported authentication methods available (server sent public key)”
"Authentication log (see session log for details):
Using username “*********”.
No i can understand this one, but I dont know why its sending public key when I should be able to log in with SSH on domain user (no ssh keys have been setup on the server for domain user)
ssh for root user have to be only via keys - I guess and hope that all linux distros adopted that. Root user should not be able to connect with password - yes there is an option for that but ssh keys brings ssh hacking attacks to zero… okay back to the issue… I think you should review your connection settings in your winscp mainly the bit ‘/home/serveruser/public_html’ - I would advice you remove that completely for the test and see if you can get in… if you dont want to remove that line I would double check those ’ marks on end and start - just remove them… so ‘/home/user/public_html’ would be /home/user/public_html. FTP uses separate accounts for that… - so check your passwords. SFTP uses domain user account passwords which can be totally different from ftp based accounts. basically - when you create domain it will ask you for administration password, which is what you actually use with sftp to connect…
password: - found this on your virtualmin (you looking for virtualmin tab > domain > edit virtual server and there on opened tab click on configurable settings… there click on key icon and it will show you the password… that is the password for ssh login.
EDIT: sorry but Ive stopped using ftp as I realised that even ftps was transmitted as plain text… encrypted via ssl but this was very slow… did not had patience back in 2010 so I would rather be quiet about traditional ftp, even if I know how to do it, its just very old and bad.
the server is pushing the /home/user/public_html to the FTP client so its not a connection sting issue - also the apostrophes are added as part of the error output of the ftp client…
Let me reiterate - This is NOT a client issue. Its a server issue.
However in the interest of ruling this out I installed Filezilla and tried to connect via that:
FileZilla output log:
Status: Connecting to ...:21…
Status: Connection established, waiting for welcome message…
Status: Initializing TLS…
Status: Verifying certificate…
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing…
Response: 257 “/” is the current directory
Command: TYPE I
Response: 200 Type set to I
Response: 227 Entering Passive Mode (46,101,61,8,148,84).
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
I also tried via sftp:
Command: open “autumndev@...” 22
Error: Disconnected: No supported authentication methods available (server sent: publickey)
Error: Could not connect to server
I also tested on a another virtual machine i have and still cannot connect.
So ignoring the ssh/sftp and only working with FTP - that is now three clients both having the same connection issue.
ah that makes things much clear
I also tried via sftp: Command: open “autumndev@…” 22 Error: Disconnected: No supported authentication methods available (server sent: publickey) Error: Could not connect to server
Basically what is happening your ssh server is asking for ssh key - if you dont have it then it will kick you off = means most secure way to connect - use ssh keys or change your ssh settings… The actual problem is on your computer not on server… I wrote small document how to do ssh keys login only which you may have set it up by person who set the server for you… .here: https://www.virtualmin.com/comment/782634#comment-782634 if you would read it, have look on sshd config file and reverse process ive described there… I think that is your issue.
Basically what is happening your ssh server asking for ssh key - if you dont have it then it will kick you off. use keys or change your ssh settings…
I know this… I have been using linux servers for a long time, i know how they work. What i dont get, and as i have stated previously… Virtualmin “create virtual server” process set this domain up - as part of this it set up the FTP server to allow the domain user to get access. However it seems to have broken the FTP user account as the domain user cannot log in (via any auth methods) at all.
So back to my questions:
- how can i fix this so that the domain user can log in via FTP?
- **It never asked for a public key for the domain user during setup**, so why is it trying to perform key authentication via sftp and not just password auth?
@autumndev - once again… i do not use ftp as its too easy to hack and attack with middle man attacks, even if I know how to fix this issue, I am about privacy and security so no ftp for me… only public files to download from others… if you need help with ftp I guess someone else could help you.
ftp should be removed from any server
as you said it never asked for public key before… or domain setup… - well, you said you have been using linux long time - so you do know how it works. It appears to me that you changed the ssh config file or someone else did it for you while setting up your server… whatever did happen and whoever set ssh to most secure way - done it in right way. Root password on debian linux is always only via ssh keys - no way to do password right after install… - you have to change your config file to be able too… if you did not changed it then someone else did… possibly your sysadmin… or perhaps update done this for you - great thing fella
once again, read the link ive posted to you and you can easy peasy get back to root = ssh keys only and all other users can do passwords - however to prevent hacking install fail2ban or something similar.
OK we are going round in circles - I am the only one who has used the server, I am the only one with access to server. It was a vanilla server. I installed virtualmin. i created virtual host. I have not edited any ssh config files.
If you are simply guessing then please don’t - I understand that that ssh keys are the way to go, however if during virtualmin server creation it doesn’t ask for the public key, how wold the user EVER get access?
So again if you do not have a solution and you have nothing constructive other than “this is the correct way” please don’t post telling me I have miss-configured something when I haven’t.
I am simply asking for help to get the server to work via FTP/SFTP with SSH access enabled for domain users. Something i thought should work out of the box and hasn’t for some reason.
Thanks for all the work Unborn, I will try it, however there is a huge issue here as autumndev is saying, both me and him we have installed virtualmin in a fresh environment and we’re both having trouble, my server was also vanilla, it was a standart debian install I’ve made in a kimsufi server, couldn’t be cleaner, I agree with autumndev we have a huge issue here, also altough not as experienced as both of you and by far not a specialist, but I can tell there’s something very wrong with the current building of virtualmin or webmin.
reply to your edited post… my lesson learned…
- i do not guess… ive told you even before - maybe some did edit this for you before hand… you know… some sys are actually capable…
- your comments - you seems to me that you unerstand however you dont - I will repeat about your question - as you said : I am simply asking for help to get the server to work via FTP/SFTP with SSH access enabled for domain users. Something i thought should work out of the box and hasn’t for some reason.
3 there is nothing like ftp/sftp - I told you this numerous times and ftp cannot be connected via ssh - its like you would like to add petrol to diesel car. It seems to me that you are trolling me out or you have not understand the english or something. I am muting you on my end. good luck. - no ftp/sftp exist… get this into your nut.
to be honest with standard install of debian and virtualmin, you would not need to touch any of those unless you want remove passwords from ssh… so - I think you are wrong in this… virtualmin guys does not anything bad nor you or me…
- you welcome ! take care matey
“I am muting you on my end. good luck. - no ftp/sftp exist… get this into your nut.”
SFTP is ftp via an SSH tunnel… so yeah it is a thing… and you can use it with or without an SSH key. Not sure why you keep bringing this up as its irrelevant.
The fact is that virtualmin should allow you to log in via FTP and SSH - neither are working for the domain user. Thus i assume that there is an issue with how virtualmin has setup the virtual server and its associated services.
Again no config files have changed either by the system or by me. its a vanila server with vanila virtualmin… I will purchase a support ticket and see if they can resolve the issue, I will post back here the results.
what is actually wrong with the people… you try to help them and and you are told to be muted… fuck the ftp and fuck the idiots who do not understand it! spend more then 12 hours on reply to someone who is completely dicsucker and incopetent … what is wrong with admin ops or mods to not stop this earlier…
EDIT: original post was changed to make it less offensive, but - for me, its done…i replied as I did and I am sticking behind it…
@ scott - you are an idiot, or you do not understand the english - good luck - you do not read it what did I said… so … good luck to you - all the freaking things you have asked are in this forums… sorry no spoon feeding out… have good day…