Facebook
Twitter
UnS3eN
Basic Pleskian
So, I updated the server to plesk v17.8.11 last night. Ever since I can't connect to it over the FTP. More accurately, I can establish the connection, but can't get the directory listings as the connection then times out.
Filezilla log:
After poking around a bit I can see that the access is being denied because the user has no access to shell.
What's confusing me is that I had no issues connecting prior to the update without allowing access to SSH.
I the firewall is set to allow all on port 21.
Filezilla log:
Code:
Status: Resolving address of plesk.domain.tld
Status: Connecting to PLESK.SERVER.IP.ADDRESS:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/home/user" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (PLESK,SERVER,IP,ADDRESS,147,121).
Command: MLSD
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listingAfter poking around a bit I can see that the access is being denied because the user has no access to shell.
Code:
Sep 19 16:19:07 plesk proftpd: pam_unix(proftpd:session): session opened for user user by (uid=0)
Sep 19 16:19:17 plesk proftpd: pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Permission denied
Sep 19 16:19:17 plesk proftpd: pam_unix(proftpd:session): session closed for user userI the firewall is set to allow all on port 21.
Code:
# cat /etc/proftpd.conf
#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD"
#ServerType standalone
ServerType inetd
DefaultServer on
<Global>
DefaultRoot ~ psacln
AllowOverwrite on
# Prefer to put here directives allowed in server config and Global contexts.
# From http://www.proftpd.org/docs/howto/Vhost.html :
# "any configuration directives inside the "server config" section do not apply outside of the context."
DefaultTransferMode binary
UseFtpUsers on
TimesGMT off
SetEnv TZ :/etc/localtime
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Primary log file mest be outside of system logrotate province.
TransferLog /var/log/plesk/xferlog
# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd
AuthGroupFile /etc/group
IdentLookups off
<IfModule mod_tls.c>
# common settings for all virtual hosts
TLSEngine on
TLSRequired off
TLSLog /var/log/plesk/ftp_tls.log
TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
# As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
# that reuse the SSL session of the control connection, as a security measure.
# Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
TLSOptions NoSessionReuseRequired
</IfModule>
</Global>
# Port 21 is the standard FTP port.
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.
#Include directive should point to place where FTP Virtual Hosts configurations
#preserved
ScoreboardFile /var/run/proftpd/scoreboard
#Change default group for new files and directories in vhosts dir to psacln
<Directory /var/www/vhosts>
GroupOwner psacln
</Directory>
UseReverseDNS off
Include /etc/proftpd.d/*.conf
