SFTP does not work: Cannot initialize SFTP protocol

Virtualmin
1
SYSTEM INFORMATION
OS type and version Ubuntu 20.4
Webmin version 2.105
Virtualmin version 7.9

Good day all. I’m not able to login to my servers via FTP program (using WinSCP). I created an FTP only user on my server: ftp@domain.com

Here are the details I’m using to login

Protocol: SFTP
Host: IP address of server
Port: 22
Username: ftp@domain.com
Password: mypassword

Error: “Cannot initialize SFTP protocol. Is the host running an SFTP server?”

systemctl status proftpd shows active(running) status.

Please help.

2

Try port 2222

image
image1119×666 99.5 KB

3

I have 2 virtualmin servers running Ubuntu and the above mentioned does not exist. but default Ubuntu does have this file

image
image637×706 17 KB

never touched it from install time, however if you change the ssh port from 22 to something else the sftp will also change to that port

4

Thanks Port 2222 worked.

I have another problem. I created an account for a sub-server. When I logged in I started at the right directory which was /home/topserver/domains/subserver/public_html/ but I can press back and go into all other subservers in domains/ directory and also can access the files in topserver/public_html/. How do I prevent this?

5

Not sure what going on there, I never touched it either as I don’t use ftp. But I can’t connect sftp on port 22 only ftp. If I use sftp I have to use 2222.
I just notice that a differentt conf file
mine is virtualmin.conf in the proftp directory.

6

Yeah not sure unless you can configure jailkit to do it, beyond my knowledge.

7

@Joe @Ilia Can you guys shed some light on this? Is this the intended behavior or something wrong with my setup? Looks like a security hole.

8

Could you summarize what’s wrong?

9

If you create an ftp only account on a sub-server account, it can access all the files of other sub-servers and its top level server. It can also view all the folder names of other top level servers (/home/*) but can’t access the files in them.

10

Port 22 is ssh, it is a connection to the openssh server. If you want ssh to be jailed, you’d need to use Jailkit jails (and understand the implications), as ssh does not have a jail feature built-in.

Port 2222 is FTP over ssh, it is a connection to ProFTPd. It defaults to using the chroot feature of ProFTPd in a Virtualmin system, as far as I recall. You can configure that.

1 Like
11

This worked perfectly Servers > ProFTPD Server > Files and Directories. Change the option of “Limit user to directories” from “None” to “Home directory”. Now ftp user can’t travel up from public_html.

If this is desirable to Virtualmin staff, I would advice that this should be the default option.

1 Like
12

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.

13

It is the default option. I’m not sure what’s going on on your system, but that’s how it gets configured during Virtualmin installation.