1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Enable FTP and SFTP? Or edit default domain to allow SFTP?

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by Matt Grant, Jul 7, 2011.

  1. Matt Grant

    Matt Grant Regular Pleskian

    20
    73%
    Joined:
    Aug 21, 2010
    Messages:
    108
    Likes Received:
    1
    I have a client with 31 domains on my server and I want when he creates a domain for it to be set to /usr/libexec/openssh/sftp-server instead of forbidden. I have changed every setting I can find to allow them to do it via control panel, but it always shows up as Forbidden and cannot be changed by the client's login account. I can edit the domain 's "Shell access to server with FTP user's credentials" as Admin. I created a template called Domain Template 2, but cannot seem to find a way to make the new domains he creates use that template. The drop down only shows Default Domain.

    Does any of this make sense? Can I just enable FTP and not use SFTP or use both?

    He is not going to be happy if he has to call me every time he creates a new domain to allow SFTP access.

    Thanks in advance!!!
     
  2. Matt Grant

    Matt Grant Regular Pleskian

    20
    73%
    Joined:
    Aug 21, 2010
    Messages:
    108
    Likes Received:
    1
    No one knows how to fix this?
     
  3. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    You can add /usr/libexec/openssh/sftp-server to /etc/shells to be able to give clients SFTP-only access, but if you want them to have FTP that is already built in and doesnt need anything other than setting up the user and a password on creating a hosted domain.
     
  4. Matt Grant

    Matt Grant Regular Pleskian

    20
    73%
    Joined:
    Aug 21, 2010
    Messages:
    108
    Likes Received:
    1
    Thank you for your reply...

    I already have "/usr/libexec/openssh/sftp-server" added to the /etc/shells file. SFTP works just fine when I create the domain through my admin login. The issue I am having is with Client login accounts. I created a client account and checked the box for the user to be able to allow shell access. But when the client logs in and creates a domain, it only shows Forbidden as seen in the screenshot below:

    [​IMG]

    I created a Domain Template called "Default Domain 2" and set the shell access to default to /usr/libexec/openssh/sftp-server, but when I login as the client and create a new domain, it does not give me the option to use the "Default Domain 2" template on the drop down. It only shows Default Domain template as a choice.

    Currently the client has to create the domain and then call me to get me to allows SFTP/Shell access via the admin login. Per your last reply, I cannot find any way to allow FTP access. I can only see a way to allow SFTP access. I have alot of clients that do not know what SFTP is and I have to explain to them almost every time. Is there a way to allow FTP access and SFTP access? If FTP access was allowed, then I would not have to allow shell access/SFTP and the above issue would be moot.

    Thanks in advance, I look forward to your knowledge on this issue...
     
  5. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    HI,

    From your screen shot if the user sets both a username and a password and saves, then it automatically enables FTP for the domain, even though it says disabled - the shell access is typically for SSH, something that I would recomend that you dont give clients access to.

    You shouldnt need to do anything to have ftp enabled or work, the client just creates their domain, sets a username and a password and then its allowed from that point on with out you having to do anything.

    Please let me know if I misunderstood what you are looking for.
     
  6. Matt Grant

    Matt Grant Regular Pleskian

    20
    73%
    Joined:
    Aug 21, 2010
    Messages:
    108
    Likes Received:
    1
    When I or my client adds a domain and creates the username/password and them saves everything and then try to use just standard FTP via Filezilla, this is what happens

    [​IMG]

    But as soon as I change the port to 22, it works.

    [​IMG]

    It is almost like FTP is completely disabled on the server. I have checked the server's firewall and the 1&1 firewall and port 21 is open on both. I have combed through every server setting and googled for days looking for a way to enable FTP and I cannot find an answer.

    You are my only hope... :)
     
  7. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    what happens if you try and establish an FTP session from the local machine through SSH? Does it accept the connection?
    Can you try and turn off all the firewalls and see if that changes anything?
    Can you make sure that the xinetd service is running?
     
  8. Matt Grant

    Matt Grant Regular Pleskian

    20
    73%
    Joined:
    Aug 21, 2010
    Messages:
    108
    Likes Received:
    1
    That is really weird, I can FTP via command line. I am going to add port 21 to the Plesk firewall, even though the default "FTP Server" is already allowed.

    [​IMG]

    Here is my 1&1 firewall settings.

    [​IMG]
     
  9. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    I would recomend to ditch both of them and use something like APF instead. You also probably only need one firewall, they could have rules that conflict with each other.

    Before messing arround with the rules though try turning them both off and flush and stop iptables and see if you can connect remotely - if you can then you know it is a firewall problem. Then turn on one, and try again, if no problem turn that one off and try the other one and repeat until you find the culprit.
     
  10. Matt Grant

    Matt Grant Regular Pleskian

    20
    73%
    Joined:
    Aug 21, 2010
    Messages:
    108
    Likes Received:
    1
    Ok, I fixed it. It was either the 1&1 firewall (I changed the remote port for 21 from 21 to Any) and I added a rule for port 21 in the Plesk firewall.

    Thank you for your guidance...
     
Loading...