Plesk 12.x / Linux :: FTP / SFTP Is Not Working For Users In One Specific Domain But SSH Is
Apr 30, 2015
I am experiencing a weird issue after a Plesk upgrade (from 11 to 12, installed on Ubuntu 12.04).
FTP/SFTP is not working for all users in one specific domain. When using the latest Filezilla client, I receive the following error when I try to connect in SFTP with the main user of this domain
Error: Received unexpected end-of-file from SFTP server
Error: Could not connect to serverClick to expand...
My reseller have got one plan, where option "Gestion de l'accès au serveur via SSH" (Manage SSH access to server) is on "Peut autoriser l'accès uniquement à un environnement chrooté" (Can autorize access only in chrooted environment).
This plan contains only one subscription in which I would like to permit users to use sftp. If I go in the subscription, and then I click on "Customize subscription", I can see option "Gestion de l'accès au serveur via SSH" (Manage SSH access to server) is on "Peut autoriser l'accès uniquement à un environnement chrooté" (Can autorize access only in chrooted environment)...
=> So same than in the plan.
After that, when I click on subscription => WebSites and Domain => One domain => FTP Access and I choose a ftp user, I don't have any option to allow ssh access to the user.
Since the migration from Plesk 11.5 to Plesk 12.0 the "chrooted" SFTP accounts do not work anymore. Along with the Plesk migration we have changed the operating system too. We've migrated from CentOS 6 (x86_64) to CentOS 7 (x86_64).
When trying to connect using SFTP on the command line I get the following error message: debug1: Exit status 127...When using an SFTP client such as WinSCP I get logged out immediately without any message.
The OpenSSH configuration is saying: <...> Subsystem sftp /usr/libexec/openssh/sftp-server <...>
The mentioned binary from above does exist: ls -l /usr/libexec/openssh/sftp-server -rwxr-xr-x 1 root root 83984 2015-05-12 21:41:56 /usr/libexec/openssh/sftp-server
I have attached the debug output of the SFTP command (plesk_sftp_issue.txt).When I change the option "Access to the server over SSH" to "/bin/bash" the SFTP access works again. But when "chrooted" it stops working.
In plesk I have set the ssh rule to allow from source, deny others and added my IP. However, if I connect my PC to my work VPN, I can still login via ssh, even when I am on a different IP as the allowed IP
Currently i'm running a server with 12 customers on it. They all have their own domainnames and subscriptions. One of them wants to secure his site with SSL and also his mail traffic. Currently he is using the mail.hisdomain.com server for receiving/sending e-mail. I want to install a certificate so that domain is secured. How can i accomplish this?
When i look on the server there is only 1 PEM file for the whole server. If i'm going to install his KEY and CRT in that file than all my clients will use that certifcate right? Can i make it so that only his domain uses thoses certifcates? Plesk is configured to use Postfix with Courier.
A domain on my Plesk does not receive incoming emails from a specific external domain. Other domains on the same server are receiving correctly emails from the same external domain. DNS are configurated by the same way (external of Plesk). Can't see a bounce anywhere. External sender does not receive a bounce too...
So: - I've deleted the domain in Plesk and re-created it (just in case...). - I've added the external sender in spam whitelist (I've tried in user conf and in server wide conf) - When I send mail to a different address in the same server, I can see the mail in syslog and maillog (send or bounced) - When I send from this external f***** domain to my domain, I can't see anything in syslog and maillog
I'm using Plesk 11.5.50 CentOS 6.5 64bit with Qmail. I have installed a SSL certificate on mail server "mail.company.tld" and is running successfully with smtp/pop3/imap4 daemon. Every user agent uses "mail.company.tld" for smtp/pop3/imap4. The qmail name is "mail.company.tld" (file me). The server has about 300 domains and 1000 accounts.
Now we want to add a new SSL certificate, called "mail.newcompany.tld", and use it only for certain domains. I would like to know if is possible to use the new SSL "mail.newcompany.tld" for a specific mail domain without using the old SSL "mail.company.tld" that isn't expired yet. From Plesk Panel I haven't found a section for using the SSL for a specific mail domain.
we have a WHM account... we have different accounts on that...and for each account, there are add-on domains underneath that. (i hope you know what i mean)
and we set it up to use only SFTP to connect to server. no FTP.
after we have set it up that way, it seems that we can only connect to SFTP using 1 user/pass for each account... that is the same user/pass we use for Cpanel of each account.
say, i have Account A... under Account A, i have addon domains: A1.com, A2.com, A3.com... setting SFTP only on that server, all those addon domains of Account A, can only use 1 user/pass to login to SFTP which is the cpanel access also of Account A.
question is.... is this behavior correct??
how can we create a different user for each add-on domain?
Problem with FTP Users on Plesk 11 after updating from Plesk 10.
SO: Windows Server 2008 R2 Standard Edition Panel: Plesk for Windows 11.0.4
I noticed that users cannot FTP, when trying to connect they receive an error: 530 User cannot log in, home directory inaccessible.
Doing further investigation, I confirmed that only users created after upgrade have this issue, that created before upgrade works fine.
I already discovered that home directory is missing on IIS 7.5 FTP. Creating a symbolic link on NTFS using MKLINK command pointing to home folder and configuring permissions to user solved the problem.I think its a bug on Plesk Panel 11.0.4 as I can see same the same problem on two distinct servers after upgrading from Plesk 10 to 11.
I tried to run Plesk Reconfigurator utility with all options, without success.I can fix home directory by myself manually but it will be great if Plesk Panel handle this again.
I use Plesk 11.5.30 on my vServer. I created a new domain with a new web user and /bin/bash (chroot) setting. I can't login with a SFTP connection to this domain only normal FTP connection works. With existing users I don't have this problem.
domain : testing.com user : test@testing.com pass : 123456 port : 7256
& getting following error ##################### Status: Connecting to testing.com:7256... Response: fzSftp started Command: open "test@testing.com@testing.com" 7256 Command: Trust new Hostkey: Yes Command: Pass: ************ Error: Authentication failed. Error: Critical error Error: Could not connect to server #####################
note that we are able to get connected to the server with FTP using same username & password
i asked our data centre regarding this issue & they suggested to use root password , but we don't want to give root password to the client
I have the latest centos 7 and plesk 12 installed on a dedicated server and i wish to add a new IP to use on a specific website. However, when I am trying to add the IP in plesk i am getting the following error:
Code: Error: ifmng failed: sh: /sbin/ifconfig: No such file or directory /sbin/ifconfig 'eth0:1' '85.214.93.196' netmask '255.255.255.255' up exited with non-zero status 127
I have read somewhere on the forum that installing iptables can fix this but cents 7 is using the new firewald and i am wondering if in the future such a change will not affect the well being of the overall server.
Is there any solution to this problem or will there be a fix from Plesk in the near future ?
I'm trying to use spamfilter to block mail from specific address, adding this e-mail to spamfilter in mail account settings, but it doesn't work. In logs I see:
spamc[13430]: skipped message, greater than max message size (256000 bytes).
I have setup Nginx to serve static pages. I cache some pages and therefor they are static and should be served by Nginx. Now, how can i check if a specific page actual was served by Nginx and not Apache?
IP-Pair1 is supposed to host admin and customer access. = Plesk-admin-interface (lighhttpd?) on 80/443 instead of 8443 (ssh on 22, ftp ...)
IP-Pair2 is supposed to host visitor access. = Plesk webspaces (nginx/apache) on 80/443
So I want to stop nginx from grabbing ports 80/443 of IP-Pair1 and listen to IP-Pair2 addresses only. Then I want to set plesk-admin interface to listen to 80/443 on IP-Pair1 only.
I built the system on Centos 6.5 with plesk 12 with a range of ips. I then (after the fact) copied the IPs of the old server to the new and moved all the domains to their IP's. This way today we flipped the routes and all should work.
The problem is that the domains only work when putting :7080 behind them. It seems like the httpd is only listening on the old IP and not the new ones. How to make plesk/httpd listen with the new IP's on port 80"
httpd.conf
#Listen 12.34.56.78:80 Listen 7080
I added all the other IP's and tried changing ports under Listen but that does not work either. So changing the listening port does not work.
I have a plesk12 webhost linux. We are having an issue about horde webmail. Weird because one of the email user cannot open email coming from specific email address and this is the message:
Error Message: Error when communicating with the server and There has been no contact with the server for several minutes. The server may be temporarily unavailabe or network problems may be interrupting your session. You will not see any updates until the connection is restored.
Now upon checking to the error logs of httpd, I found the ff: [Tue Jul 14 16:53:09 2015] [warn] [client 202.X.X.X] mod_fcgid: stderr: PHP Fatal error: Class 'Math_BigInteger' not found in /usr/share/psa-pear/pear/php/Horde/Mapi.php on line 172, referer:http://webmail.domainsample.com/imp/dynamic.php?page=mailbox
When I create Mailbox for customer, spamassassin have status (default):
HTML: Status false The score that a message must receive to qualify as spam What to do with spam mail move Add the following text to the true beginning of subject of each message recognized as spam Modify spam mail subject text ***SPAM***
Black list ================================ Server-wide black list:
User's black list:
White list ================================ Server-wide white list:
User's white list:
But i want it:
HTML:
Status false The score that a message must 7 receive to qualify as spam What to do with spam mail text Add the following text to the true beginning of subject of each message recognized as spam Modify spam mail subject text ***SPAM***
Black list ================================ Server-wide black list:
User's black list:
White list ================================ Server-wide white list:
User's white list:
Not Move, it only text at "What to do with spam mail text"
Is it possible to query for a list of system users using the API RPC? I know it's possible with a MySQL query
Code: select id, login, account_id from sys_users order by login;
I've searched through the API RPC manual, but I don't see a way to do this. I always have to specify a filter, I can't find a way to just query for all users.
After some recents updates (currently running on: 12.0.18 Update #19) appeared a problem with connecting to FTP for passive mode users:
Connect ok! "/" is the current directory Get directory 227 Entering Passive Mode 550 Access is denied.
Server logs: /var/log/messages Oct 14 12:11:26 host xinetd[3692]: START: ftp pid=2709 from=::ffff:xxx.xxx.xxx.xxx Oct 14 12:11:26 host proftpd[2709]: processing configuration directory '/etc/proftpd.d' Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - FTP session opened.
But: /var/log/secure:
Oct 14 12:11:26 host proftpd: PAM unable to dlopen(/lib64/security/pam_stack.so): /lib64/security/pam_stack.so: cannot open shared object file: No such file or directory Oct 14 12:11:26 host proftpd: PAM adding faulty module: /lib64/security/pam_stack.so Oct 14 12:11:26 host proftpd: pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers Oct 14 12:11:26 host proftpd[2709]: yyy.yyy.yyy.yyy (xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]) - USER client: Login successful.
ad1: yes, i do have passive ports configured in /etc/proftpd.conf and FW is properly configured ad2: everything was fine until recent updates ad3: this is happening only for passive users only ad4: we are experiencing this issues across all Plesk instances [6x] on CentOS 6.5 with 12.0.18 Update #19
