On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at Plesk 360 (formerly known as My Plesk) please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

SFTP is not available for additional FTP users

Follow

Comments

20 comments

  • Avatar
    Permanently Deleted User

    This method seems to work with Plesk 12.x on CentOS 6.5, but not anymore with Onyx on CentOS 7. The user can still logon but is not chrooted, it has acces to the whole vhost!

    0
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    Hello Tim,

    Changing the shell for an additional user to `/usr/libexec/openssh/sftp-server` only grants him the permission to connect over SFTP.

    That does not enable chrooted access and is not officially recommended.

    0
    Comment actions Permalink
  • Avatar
    Maik Vattersen

    Enable SFTP Login like below, let customers Browse the Filesystem.

    They are able to see other Domain and Systemfolders, but are unable to get into these Directories. BUT they can download Configs from /etc and other Paths!

    I didn't find a quick solution, to enable SFTP for Customers with chroot Environment. 

    0
    Comment actions Permalink
  • Avatar
    Taras Ermoshin

    Hi @Maik Vattersen !

    In Plesk, chrooted SFTP access is possible only for the subscription's system user.

    Additional FTP users of the subscription have the same UID as the system user, and because of that, the chrooted shell cannot be used for them, but only non-chrooted SFTP as described in this article.

    If you think SSH access for the additional FTP users is to be implemented in Plesk, feel free to create a feature request (or vote for an existing one) on the UserVoice portal. If a request gets many votes, it will be considered for implementing.

    As for not accessing files of other subscriptions and accessing configuration files in /etc and other locations, this behavior is expected - subscription directories have permissions 710 (drwx--x---), and the majority of the /etc subdirectories have the read permission for other users.

    0
    Comment actions Permalink
  • Avatar
    Serverfarm

    that bash script it doesn't work anymore, can you update?

    0
    Comment actions Permalink
  • Avatar
    Pavel Rozental

    Hello Serverfarm, 

    Thank you for the notice. Script was updated.

    0
    Comment actions Permalink
  • Avatar
    Digital Sparks Srl

    Hello, this bash script on my server produce only this operation: 

    # ./213912005_clone_shell.sh sdm3

    changing sdm3 shell from /sbin/nologin to /bin/false

    After this operation, the test has the same error: Received unexpected end-of-file from SFTP server.

    how can i solve?

    Thanks you all!

     

     

     

    0
    Comment actions Permalink
  • Hi Digital Sparks Srl,

    Please check first if the main FTP user has chroot shell in Domains > example.com > Web Hosting Access > Access to the server over SSH.

    I've just tested the script and works fine on my CentOS 7.

    Connection to example.com... Please wait.
    Connected to example.com.
    Starting SSH authentication...
    Trying SSH authentication GSSAPI_WITH_MIC...
    SSH GSSAPI_WITH_MIC authentication failed.
    SSH PUBLICKEY authentication failed.
    SSH PUBLICKEYAGENT authentication failed.
    Trying SSH authentication PASSWORD...
    SSH authentication success!
    SFTP connection started.
    SFTP session started!
    Opening directory /...
    Open directory command received
    Directory content listed

    0
    Comment actions Permalink
  • Avatar
    Digital Sparks Srl

    Hi, thanks! Now works but the user view ALL directory...Is possible to limit access to the only folder assigned?

    0
    Comment actions Permalink
  • Hi Digital Sparks Srl,

    Just put a directory home which is not /, for example: /httpdocs. The user with home /httpdocs won't be able to get on / or /logs, only /httpdocs/WhateverHere.

    Additional info here.

    0
    Comment actions Permalink
  • Avatar
    Digital Sparks Srl

    Hi Francisco, I did this procedure, inserting the directory (example "partecip").

    But from filezilla client the user can also navigate in other folders of the same level and / or previous ones. I would like to limit to the only and exclusive folder "partecip"

    Thanks for your consideration 

    0
    Comment actions Permalink
  • Hi Digital Sparks Srl,

    Then, please open a support request here, so that it's investigated properly since I couldn't reproduce the behavior you describe in my test env.

    0
    Comment actions Permalink
  • Avatar
    ignacio correia

    You need to mention that the service needs to be restarted don't you?

    0
    Comment actions Permalink
  • Avatar
    Yulia Plokhotnikova

    @ignacio correia,

    The script does not actually make configuration changes in the SFTP service. What it does is changing shell for a user with 'usermod -s' command that does not require any service restart.

    1
    Comment actions Permalink
  • Avatar
    ignacio correia

    I need to do this to all users FTPS? I have increased access to SFTP only. could this bug please be considered as a priority to be fixed?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello ignacio correia,

    > I need to do this to all users FTPS?

    If you'll be able to specify all FTP users while the 1st run of the script that would be sufficient.

    > could this bug please be considered as a priority to be fixed?

    As SFTP protocol is different from FTP(S) this is considered as a new functionality to be added. Feel free to vote for this functionality. Top-rated suggestions are implemented faster.

    0
    Comment actions Permalink
  • Avatar
    Michael M. (Edited )

    Hi guys,

     

    i try to set up SFTP SFTP Backup Accuount but get 

    Error: Failed to list the directory "/" at sftp://domain.com: cURL error (1): Protocol "sftp" not supported or disabled in libcurl
    Search for related Knowledge Base articles

    Search Link aims me to empty page.

    So what do i do in this case?

     

    0
    Comment actions Permalink
  • Avatar
    Robert Asilbekov

    @Michael M. SFTP Backup extension does not work on Plesk with Ubuntu 16 and 18 as well as with Debian 8 and 9. As Plesk is using Curl package that shipped by your OS vendor. So, please ensure that you have curl version with sftp support.

    0
    Comment actions Permalink
  • Avatar
    Michael M.

    @Robert Asilbekov

    Thanks!

    Sо it there a way to add a curl with SFTP support to these OS? Maybe install it additionally, but how? I'am bun in Linux... 

    0
    Comment actions Permalink
  • Avatar
    Robert Asilbekov

    @Michael M. It is better to do a dist upgrade on your "deb" OS. You may refer to the article How to perform dist-upgrade procedure on Linux server with Plesk?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request