Facebook
Twitter
Does the user 'gv' have uid 10000 in both /etc/passwd and /var/www/vhosts/domain/etc/passwd?
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
SFTP on Plesk 10?
- Thread starter JP Kelly
- Start date
Does the user 'gv' have uid 10000 in both /etc/passwd and /var/www/vhosts/domain/etc/passwd?
Hostasaurus.Com, Yes.
/etc/passwd looks like: gv:x:10000:505::/var/www/vhosts/altrisinc.com/dev:/usr/local/psa/bin/chrootsh
/var/www/vhosts/altrisinc.com/etc/passwd looks like: gv:x:10000:505::/dev:/bin/bash
This is as per TSCADFX's blog post.
TSCADFX,
Just double checked, the subscription's SSH access is set to /bin/bash (chrooted)
Well everything looks correct. It's sometimes hard to diagnose things that aren't on your server because you don't have access to the machine, don't know what has been side-updated etc.
Can you try logging in with an SSH Terminal (i.e. Putty) with that username and password and see what happens? (To eliminate SCP issues)
Have you upgraded PAM outside of Plesk or have you had any PAM issues on this box?
Can you pastebin or post your /etc/ssh/sshd_config.
We're trying
Can you try logging in with an SSH Terminal (i.e. Putty) with that username and password and see what happens? (To eliminate SCP issues)
Have you upgraded PAM outside of Plesk or have you had any PAM issues on this box?
Can you pastebin or post your /etc/ssh/sshd_config.
We're trying
I know you guys are trying and really I do appreciate it!
I have an sshd_config and ssh_config file in /etc/ssh/
To log into the server, I've been using Terminal on my MacBook.
Just googled PAM (because I had no idea what it was). I don't think I've upgraded it or had any issues otherwise.
I have an sshd_config and ssh_config file in /etc/ssh/
To log into the server, I've been using Terminal on my MacBook.
Just googled PAM (because I had no idea what it was). I don't think I've upgraded it or had any issues otherwise.
Isaac,
I'm not asking you how you log into the server I'm asking if you can log into the server via SSH using the username gv? I'm also not asking if you can SFTP using the username gv. Using a SSH terminal can you log in? The same way you would with root.
Did you happen to add the user to /sbin/nologin on accident?
I'm not asking you how you log into the server I'm asking if you can log into the server via SSH using the username gv? I'm also not asking if you can SFTP using the username gv. Using a SSH terminal can you log in? The same way you would with root.
Did you happen to add the user to /sbin/nologin on accident?
Looking at the SSH logs (below) it appears that the server accepts the password, but then immediately disconnects user 'gv'. I also included the logs from root as well.
Here is the log when user 'gv' logs in.
The log when root logs in:
Here is the log when user 'gv' logs in.
Code:
ssh [email protected] -v
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/isaac/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 216.70.82.118 [216.70.82.118] port 22.
debug1: Connection established.
debug1: identity file /Users/isaac/.ssh/id_rsa type 1
debug1: identity file /Users/isaac/.ssh/id_rsa-cert type -1
debug1: identity file /Users/isaac/.ssh/id_dsa type -1
debug1: identity file /Users/isaac/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '216.70.82.118' is known and matches the RSA host key.
debug1: Found key in /Users/isaac/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/isaac/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /Users/isaac/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
[B]debug1: Authentication succeeded (password).[/B]
Authenticated to 216.70.82.118 ([216.70.82.118]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug 5 15:21:49 2013
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
[B]user with id=10000 and name=gv not found in chrooted passwd file
system error: No such file or directory[/B]
debug1: channel 0: free: client-session, nchannels 1
Connection to 216.70.82.118 closed.
Transferred: sent 2160, received 2152 bytes, in 2.1 seconds
Bytes per second: sent 1043.2, received 1039.4
debug1: Exit status 1The log when root logs in:
Code:
ssh [email protected] -v
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/isaac/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 216.70.82.118 [216.70.82.118] port 22.
debug1: Connection established.
debug1: identity file /Users/isaac/.ssh/id_rsa type 1
debug1: identity file /Users/isaac/.ssh/id_rsa-cert type -1
debug1: identity file /Users/isaac/.ssh/id_dsa type -1
debug1: identity file /Users/isaac/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '216.70.82.118' is known and matches the RSA host key.
debug1: Found key in /Users/isaac/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/isaac/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /Users/isaac/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
[B]debug1: Authentication succeeded (password).
[/B]Authenticated to 216.70.82.118 ([216.70.82.118]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug 5 14:22:46 2013
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 216.70.82.118 closed.
Transferred: sent 2384, received 3512 bytes, in 105.8 seconds
Bytes per second: sent 22.5, received 33.2
debug1: Exit status 0I know you guys are trying and really I do appreciate it!
I have an sshd_config and ssh_config file in /etc/ssh/
To log into the server, I've been using Terminal on my MacBook.
Just googled PAM (because I had no idea what it was). I don't think I've upgraded it or had any issues otherwise.
I have an sshd_config and ssh_config file in /etc/ssh/
To log into the server, I've been using Terminal on my MacBook.
Just googled PAM (because I had no idea what it was). I don't think I've upgraded it or had any issues otherwise.
It appears that user 'gv' can log in, only to be disconnected right after. Here are the logs for both gv and then root.
I took a look at /sbin/nologin but only saw gibberish.
Code:
ssh [email protected] -v
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/isaac/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 216.70.82.118 [216.70.82.118] port 22.
debug1: Connection established.
debug1: identity file /Users/isaac/.ssh/id_rsa type 1
debug1: identity file /Users/isaac/.ssh/id_rsa-cert type -1
debug1: identity file /Users/isaac/.ssh/id_dsa type -1
debug1: identity file /Users/isaac/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '216.70.82.118' is known and matches the RSA host key.
debug1: Found key in /Users/isaac/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/isaac/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /Users/isaac/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
[B]debug1: Authentication succeeded (password).
Authenticated to 216.70.82.118 ([216.70.82.118]:22).[/B]
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug 5 15:46:43 2013
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
[B]user with id=10000 and name=gv not found in chrooted passwd file
system error: No such file or directory[/B]
debug1: channel 0: free: client-session, nchannels 1
Connection to 216.70.82.118 closed.
Transferred: sent 2160, received 2184 bytes, in 1.1 seconds
Bytes per second: sent 2022.1, received 2044.6
debug1: Exit status 1
Code:
ssh [email protected] -v
OpenSSH_5.6p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /Users/isaac/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to 216.70.82.118 [216.70.82.118] port 22.
debug1: Connection established.
debug1: identity file /Users/isaac/.ssh/id_rsa type 1
debug1: identity file /Users/isaac/.ssh/id_rsa-cert type -1
debug1: identity file /Users/isaac/.ssh/id_dsa type -1
debug1: identity file /Users/isaac/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH_4*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '216.70.82.118' is known and matches the RSA host key.
debug1: Found key in /Users/isaac/.ssh/known_hosts:17
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/isaac/.ssh/id_rsa
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Trying private key: /Users/isaac/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
Authenticated to 216.70.82.118 ([216.70.82.118]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Mon Aug 5 15:27:53 2013
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Connection to 216.70.82.118 closed.
Transferred: sent 2512, received 3656 bytes, in 59.4 seconds
Bytes per second: sent 42.3, received 61.5
debug1: Exit status 0I took a look at /sbin/nologin but only saw gibberish.
The reason the client session is terminated is because it doesn't see that the userid is in the list allowing it to access the chrooted environment. This is by design and there's nothing in the debug that's surprising.
The question is why if you have added permissions for that userid to access the chrooted environment is it not allowing it to do so.
Without spending time on the server itself there's really nothing more that I can think of.
I would delete the user account, create another one, and test again. Make sure it has a different username.
The question is why if you have added permissions for that userid to access the chrooted environment is it not allowing it to do so.
Without spending time on the server itself there's really nothing more that I can think of.
I would delete the user account, create another one, and test again. Make sure it has a different username.
Many, many thanks to TSCADFX and Hostasaurus.Com for your time in helping me debug the issue. There seems to be some issue with the webspace I was trying to create an additional SFTP user for. The steps outlined work for the other webspaces I tried. Not exactly sure what is wrong.
Similar threads
Issue
ftp a sftp