• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SFTP on Plesk 10?

Both TSCADFX and Hostasaurus.Com thanks so much for your insight.

I noticed the local etc/group file did not match the /etc/group, so I updated that and restarted ssh. Still no dice.

Setting the shell in /etc/passwd to /bin/bash allows the user to log in but they're able to view/edit beyond their assigned home directory. The /usr/local/psa/bin/chrootsh shell still gives the "user with id=10000 and name=gv not found in chrooted passwd file" error message.

Thoughts guys? Again thanks so much for your time!

Does the user 'gv' have uid 10000 in both /etc/passwd and /var/www/vhosts/domain/etc/passwd?
 
Isaac,

Just to double check you do have the follow set correctly right?

In the Service Plan on the Hosting Parameters tab
SSH access to the server shell under the subscription's system user chose "/bin/bash (chrooted)"
 
Does the user 'gv' have uid 10000 in both /etc/passwd and /var/www/vhosts/domain/etc/passwd?
Hostasaurus.Com, Yes.

/etc/passwd looks like: gv:x:10000:505::/var/www/vhosts/altrisinc.com/dev:/usr/local/psa/bin/chrootsh
/var/www/vhosts/altrisinc.com/etc/passwd looks like: gv:x:10000:505::/dev:/bin/bash

This is as per TSCADFX's blog post.


TSCADFX,
Just double checked, the subscription's SSH access is set to /bin/bash (chrooted)
 
Well everything looks correct. It's sometimes hard to diagnose things that aren't on your server because you don't have access to the machine, don't know what has been side-updated etc.

Can you try logging in with an SSH Terminal (i.e. Putty) with that username and password and see what happens? (To eliminate SCP issues)

Have you upgraded PAM outside of Plesk or have you had any PAM issues on this box?

Can you pastebin or post your /etc/ssh/sshd_config.

We're trying :(
 
I know you guys are trying and really I do appreciate it! :)

I have an sshd_config and ssh_config file in /etc/ssh/

To log into the server, I've been using Terminal on my MacBook.

Just googled PAM (because I had no idea what it was). I don't think I've upgraded it or had any issues otherwise.
 
Isaac,

I'm not asking you how you log into the server I'm asking if you can log into the server via SSH using the username gv? I'm also not asking if you can SFTP using the username gv. Using a SSH terminal can you log in? The same way you would with root.

Did you happen to add the user to /sbin/nologin on accident?
 
Looking at the SSH logs (below) it appears that the server accepts the password, but then immediately disconnects user 'gv'. I also included the logs from root as well.

Here is the log when user 'gv' logs in.
Code:
ssh [email protected] -v
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/isaac/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 216.70.82.118 [216.70.82.118] port 22.
debug1: Connection established.
debug1: identity file /Users/isaac/.ssh/id_rsa type 1
debug1: identity file /Users/isaac/.ssh/id_rsa-cert type -1
debug1: identity file /Users/isaac/.ssh/id_dsa type -1
debug1: identity file /Users/isaac/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '216.70.82.118' is known and matches the RSA host key.
debug1: Found key in /Users/isaac/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/isaac/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /Users/isaac/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password: 
[B]debug1: Authentication succeeded (password).[/B]
Authenticated to 216.70.82.118 ([216.70.82.118]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug  5 15:21:49 2013
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
[B]user with id=10000 and name=gv not found in chrooted passwd file
system error: No such file or directory[/B]
debug1: channel 0: free: client-session, nchannels 1
Connection to 216.70.82.118 closed.
Transferred: sent 2160, received 2152 bytes, in 2.1 seconds
Bytes per second: sent 1043.2, received 1039.4
debug1: Exit status 1

The log when root logs in:
Code:
ssh [email protected] -v
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/isaac/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 216.70.82.118 [216.70.82.118] port 22.
debug1: Connection established.
debug1: identity file /Users/isaac/.ssh/id_rsa type 1
debug1: identity file /Users/isaac/.ssh/id_rsa-cert type -1
debug1: identity file /Users/isaac/.ssh/id_dsa type -1
debug1: identity file /Users/isaac/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '216.70.82.118' is known and matches the RSA host key.
debug1: Found key in /Users/isaac/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/isaac/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /Users/isaac/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password: 
[B]debug1: Authentication succeeded (password).
[/B]Authenticated to 216.70.82.118 ([216.70.82.118]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug  5 14:22:46 2013
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 216.70.82.118 closed.
Transferred: sent 2384, received 3512 bytes, in 105.8 seconds
Bytes per second: sent 22.5, received 33.2
debug1: Exit status 0
 
I know you guys are trying and really I do appreciate it! :)

I have an sshd_config and ssh_config file in /etc/ssh/

To log into the server, I've been using Terminal on my MacBook.

Just googled PAM (because I had no idea what it was). I don't think I've upgraded it or had any issues otherwise.
 
It appears that user 'gv' can log in, only to be disconnected right after. Here are the logs for both gv and then root.

Code:
ssh [email protected] -v
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/isaac/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 216.70.82.118 [216.70.82.118] port 22.
debug1: Connection established.
debug1: identity file /Users/isaac/.ssh/id_rsa type 1
debug1: identity file /Users/isaac/.ssh/id_rsa-cert type -1
debug1: identity file /Users/isaac/.ssh/id_dsa type -1
debug1: identity file /Users/isaac/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '216.70.82.118' is known and matches the RSA host key.
debug1: Found key in /Users/isaac/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/isaac/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /Users/isaac/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password: 
[B]debug1: Authentication succeeded (password).
Authenticated to 216.70.82.118 ([216.70.82.118]:22).[/B]
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug  5 15:46:43 2013
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
[B]user with id=10000 and name=gv not found in chrooted passwd file
system error: No such file or directory[/B]
debug1: channel 0: free: client-session, nchannels 1
Connection to 216.70.82.118 closed.
Transferred: sent 2160, received 2184 bytes, in 1.1 seconds
Bytes per second: sent 2022.1, received 2044.6
debug1: Exit status 1

Code:
ssh [email protected] -v
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/isaac/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 216.70.82.118 [216.70.82.118] port 22.
debug1: Connection established.
debug1: identity file /Users/isaac/.ssh/id_rsa type 1
debug1: identity file /Users/isaac/.ssh/id_rsa-cert type -1
debug1: identity file /Users/isaac/.ssh/id_dsa type -1
debug1: identity file /Users/isaac/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '216.70.82.118' is known and matches the RSA host key.
debug1: Found key in /Users/isaac/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/isaac/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /Users/isaac/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password: 
debug1: Authentication succeeded (password).
Authenticated to 216.70.82.118 ([216.70.82.118]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug  5 15:27:53 2013
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 216.70.82.118 closed.
Transferred: sent 2512, received 3656 bytes, in 59.4 seconds
Bytes per second: sent 42.3, received 61.5
debug1: Exit status 0

I took a look at /sbin/nologin but only saw gibberish.
 
The reason the client session is terminated is because it doesn't see that the userid is in the list allowing it to access the chrooted environment. This is by design and there's nothing in the debug that's surprising.

The question is why if you have added permissions for that userid to access the chrooted environment is it not allowing it to do so.

Without spending time on the server itself there's really nothing more that I can think of.

I would delete the user account, create another one, and test again. Make sure it has a different username.
 
Many, many thanks to TSCADFX and Hostasaurus.Com for your time in helping me debug the issue. There seems to be some issue with the webspace I was trying to create an additional SFTP user for. The steps outlined work for the other webspaces I tried. Not exactly sure what is wrong.
 
Glad it worked for you! The only thing I can think of is the old webspace was upgraded through various versions of plesk and something got messed up along the way.
 
Back
Top