Is SFTP supported by VestaCP by default? Topic is solved

Questions regarding the FTP Server
vsFTPd, ProFTPd
baijianpeng
Posts: 289
Joined: Tue Dec 22, 2015 2:06 pm

Is SFTP supported by VestaCP by default?

Postby baijianpeng » Mon Mar 27, 2017 3:19 am

When I use FileZilla to connect via FTP to my VestaCP server, I noticed that there is also a "SFTP" option in FileZilla's "site manager".

Well, after some googling, I know that SFTP is safer than FTP.

Then, how can I use SFTP to connect to my server? Is it supported by VestaCP by default? Or do I need some special settings?

Do I need to buy the "SFTP Chroot" plugin from VestaCP team to enable SFTP? If I don't care which folder the SFTP will login in( I am the only user on this VPS), do I still need to buy that plugin to enjoy SFTP?

Thank you.

skamasle
Collaborator
Posts: 360
Joined: Mon Feb 29, 2016 6:36 pm

Re: Is SFTP supported by VestaCP by default?

Postby skamasle » Tue Mar 28, 2017 1:41 pm

SFTP es supported by default in default user vesta ( admin ) and any new vesta user

But not in aditional FTP accounts

baijianpeng
Posts: 289
Joined: Tue Dec 22, 2015 2:06 pm

Re: Is SFTP supported by VestaCP by default?

Postby baijianpeng » Tue Mar 28, 2017 2:20 pm

Thank you skamasle. Do I need to enable or set something else?

Or it is so simple: just use the VestaCP default "admin" user and his password to fill in the corresponding fields in FileZilla?

Thank you.

baijianpeng
Posts: 289
Joined: Tue Dec 22, 2015 2:06 pm

Re: Is SFTP supported by VestaCP by default?

Postby baijianpeng » Tue Mar 28, 2017 2:27 pm

Ok, I did a test:

When I use the default user "admin" which was created AUTOMATICALLY by VestaCP during its insllation, I just fill in this username and his password (which was also generated by VestaCP automatically) into Fizilla and choose "SFTP". Then I successfully connected to my sever !

However, in next test, I used another user, which was created by me on VestaCP GUI panel, to connect via SFTP, but failed.

Filezilla returned following error message:

Received unexpected end-of-file from SFTP server


Why a new user in VestaCP can not use SFTP?

Thank you.

skamasle
Collaborator
Posts: 360
Joined: Mon Feb 29, 2016 6:36 pm

Re: Is SFTP supported by VestaCP by default?

Postby skamasle » Tue Mar 28, 2017 7:43 pm

Turn on bash as shell for that user.

I not remember but I think shell is disabled by default

baijianpeng
Posts: 289
Joined: Tue Dec 22, 2015 2:06 pm

Re: Is SFTP supported by VestaCP by default?  Topic is solved

Postby baijianpeng » Tue Mar 28, 2017 11:33 pm

hi skamasle, you solved this problem, thank you!

You know, I am almost a layman of Linux, so I searched and found how to change the shell for that user. I will post the process here to help other newbie users:

1. First, check the new user created by VestaCP if he has shell permission:

Code: Select all

root@mail:~# grep NAEWUSERNAME /etc/passwd
NAEWUSERNAME:x:1001:1001:joomlagate@gmail.com:/home/NAEWUSERNAME:/usr/sbin/nologin
NAEWUSERNAME_ftp:x:1001:1001::/home/NAEWUSERNAME/web/joomlagate.com:/sbin/nologin


From the result, we can see that the new user (I use "NAEWUSERNAME" to replace the real username) has no shell permission (nologin). This is why he can not login to server via SFTP.

The second line of the result is for the "additional FTP account" (username: NAEWUSERNAME_ftp), we don't need to grant this account a shell.

2. Grant the bash as a shell for this user:

Code: Select all

root@mail:~# usermod -s /bin/bash NAEWUSERNAME


This command will allow the user "NAEWUSERNAME" to use /bin/bash as his shell.

3. Check again if this user has got a shell permission:

Code: Select all

root@mail:~# grep NAEWUSERNAME /etc/passwd
NAEWUSERNAME:x:1001:1001:joomlagate@gmail.com:/home/NAEWUSERNAME:/bin/bash
NAEWUSERNAME_ftp:x:1001:1001::/home/NAEWUSERNAME/web/joomlagate.com:/sbin/nologin


Well, you can see that the result changed: now it is not "nologin", but "/bin/bash" in the first line.

Then I tested in Filezilla, wow, now "NAEWUSERNAME" can connect to server via SFTP instantly!

Thank you @skamasle!

skamasle
Collaborator
Posts: 360
Joined: Mon Feb 29, 2016 6:36 pm

Re: Is SFTP supported by VestaCP by default?

Postby skamasle » Thu Mar 30, 2017 12:58 pm

You can change shell form vesta gui

baijianpeng
Posts: 289
Joined: Tue Dec 22, 2015 2:06 pm

Re: Is SFTP supported by VestaCP by default?

Postby baijianpeng » Thu Mar 30, 2017 1:07 pm

Oh, yeah, I did not notice that. Your solution is better !

Thank you.

UMonte
Posts: 2
Joined: Sun Jul 02, 2017 5:43 pm

Re: Is SFTP supported by VestaCP by default?

Postby UMonte » Sun Jul 02, 2017 5:50 pm

baijianpeng wrote:Ok, I did a test:

When I use the default user "admin" which was created AUTOMATICALLY by VestaCP during its insllation, I just fill in this username and his password (which was also generated by VestaCP automatically) into Fizilla and choose "SFTP". Then I successfully connected to my sever !

However, in next test, I used another user, which was created by me on VestaCP GUI panel, to connect via SFTP, but failed.

Filezilla returned following error message:

Received unexpected end-of-file from SFTP server


Why a new user in VestaCP can not use SFTP?

Thank you.


Hi baijianpeng!
I'm having exactly the same problem. For new users, no SFTP. So, following instructions here, I used vesta guid to change it: I logged in as admin, clicked on EDIT user, and changed the option under SSH (bash, nologin, sh) - I changed to bash.
It worked, I was able to login in with SFTP. However - and this is the PROBLEM - I could see all the folders and files since /root, and not only the ones under that specific user (conf/mail/tmp/web). How does one solve that?
Thanks,
Ulisses

skamasle
Collaborator
Posts: 360
Joined: Mon Feb 29, 2016 6:36 pm

Re: Is SFTP supported by VestaCP by default?

Postby skamasle » Fri Jul 07, 2017 1:49 pm

By default this is not supported

So if you add new ftp user is just a new ftp user not SFTP user, if you modify something in unsopported way and not works as aspected you cant fixed in easy way yet.

If you want fix some security isues with sftp maybe you need buy a extension to add some protection with chroot


Return to “FTP Server”



Who is online

Users browsing this forum: No registered users and 3 guests