I have moved some domains to a new Debian 11.
After that sftp doesn’t work anymore.
FileZilla displays:
Status: Connecting to new-server.com:2222…
Status: Using username “domain.com”.
Status: Access denied
Error: Could not connect to server
Status: Waiting to retry…
Status: Connecting to new-server.com:2222…
Response: fzSftp started, protocol_version=11
Command: open “domain.com@new-server.com” 2222
Command: Trust new Hostkey: Once
Status: Using username “domain.com”.
Command: Pass: ********
Status: Access denied
Error: Could not connect to server
In the old server it shows:
Status: Connecting to old-server:2248…
Status: Using username “domain.com”.
Status: Connected to old-server.com
Status: Retrieving directory listing of “/public_html”…
Status: Listing directory /public_html
Status: Directory listing of “/public_html” successful
It applies to the same domain with the same password.
Thanks for any help.
Did you check the ftp logs to see if there is a error there that can help?
Maybe backup that domain and then delete it. Create new server for that domain and see if ftp works.
I’m thinking it maybe folder permissions. Unless you see the logs in VM its hard to say.
I have this situation as well … I don’t use filezilla, instead I use the command line so if I use
ssh <username>@<domain> -P <port>
no need to add -P option if your using port 22, the user logs in correctly, so we know the password is right and ssh is working
I then tried
sftp -P<port> <username@<domain>
and it fails this does not affect all users, some created since vmin 7 work others do not … so I guess there must be something in the way the domain is setup but to date I have looked in the ftp server setup & can find nothing away from standard …
This points at shell being not accepted by ProFTPd as one that is allowed to use FTP.
I don’t think anyone has compared shells between working users and non-working users…I believe that’s the next step.
We also probably need to see the actual log, not what the client sees. (ProFTPd logs to auth.log or secure, probably, but maybe also something in the journal.)
Mar 18 18:16:36 server systemd: pam_unix(systemd-user:session): session closed for user phporyx.com
Mar 18 18:16:50 server sshd[3806327]: Accepted keyboard-interactive/pam for joe-phporyx.co.uk from 31.48.132.51 port 53306 ssh2
Mar 18 18:16:50 server sshd[3806327]: pam_unix(sshd:session): session opened for user joe-phporyx.co.uk by (uid=0)
Mar 18 18:16:50 server systemd-logind[663]: New session 76209 of user joe@phporyx.co.uk.
Mar 18 18:16:50 server systemd: pam_unix(systemd-user:session): session opened for user joe@phporyx.co.uk by (uid=0)
Mar 18 18:16:51 server sshd[3806390]: Received disconnect from 31.48.132.51 port 53306:11: disconnected by user
Mar 18 18:16:51 server sshd[3806390]: Disconnected from user joe-phporyx.co.uk 31.48.132.51 port 53306
Mar 18 18:16:51 server sshd[3806327]: pam_unix(sshd:session): session closed for user joe-phporyx.co.uk
Mar 18 18:16:51 server systemd-logind[663]: Session 76209 logged out. Waiting for processes to exit.
Mar 18 18:16:51 server systemd-logind[663]: Removed session 76209.
for a good user
Mar 18 18:19:07 server sshd[3806955]: Authentication refused: bad ownership or modes for directory /home/jamie
Mar 18 18:19:13 server sshd[3806955]: Accepted keyboard-interactive/pam for jamie from 31.48.132.51 port 48826 ssh2
Mar 18 18:19:13 server sshd[3806955]: pam_unix(sshd:session): session opened for user jamie by (uid=0)
Mar 18 18:19:13 server systemd-logind[663]: New session 76218 of user jamie.
Mar 18 18:19:13 server systemd: pam_unix(systemd-user:session): session opened for user jamie by (uid=0)
Mar 18 18:19:17 server sshd[3807012]: Received disconnect from 31.48.132.51 port 48826:11: disconnected by user
Mar 18 18:19:17 server sshd[3807012]: Disconnected from user jamie 31.48.132.51 port 48826
Mar 18 18:19:17 server sshd[3806955]: pam_unix(sshd:session): session closed for user jamie
Mar 18 18:19:17 server systemd-logind[663]: Session 76218 logged out. Waiting for processes to exit.
Mar 18 18:19:17 server systemd-logind[663]: Removed session 76218
as you can see the good user is a very old style name, where the bad user is user@domain. but I doubt there is anything in that
N.B both logins were done via the same shell
What do you mean by “locked”? It’s a configuration option in ProFTPd, you can change it to whatever you want. We don’t “lock” anything. It’s your system, do whatever you want.
You just can’t use 22 because ssh lives there. (Which also supports sftp, but won’t respect the config option to lock users into their home, unless you’re also chrooting your users.)
If you’ve restarted the proftpd service, and also made sure firewalld is allowing that port, then it should work.
If not, check the logs for clues about why. If the problem persists, feel free to open a new topic about changing the ProFTPd sftp port. (New problem, new topic!)