Problem with Connection

Discussion in 'General' started by plusQ, Apr 24, 2017.

  1. plusQ

    plusQ New Member HowtoForge Supporter

    Hi,

    I have a problem to connect via SFTP to the ISPConfig Server.

    My old installation works fine. Now I made a new installation with the lastest version of ISPConfig(3.1.2)


    I work with Netbeans, and alway connected to my projects vias SFTP connection

    I can not connect anymore. There is this error message:
    I can connect to my old server, so that must be something with the new one.

    My Installation is made with the "Perfect Server Tutorial 8.4 Debian Apache" and is running in a KVM. My old version is running in an OpenVZ Container.

    Can anybody help?

    It must be something with "jailtkit", because when I set "Chroot Shell" to none... it works
     
    Last edited: Apr 24, 2017
  2. Jesse Norell

    Jesse Norell Well-Known Member

    You need to have 'sftp' listed under System > Server Config > {server} > Jailkit > Jailkit chroot app sections. You can try adding that and set chroot shell to none and back, and/or resync shell users, but I don't know offhand the jailkit environment is updated with new app sections if it already exists. If not, just add it manually:
    Code:
    jk_init -j /var/www/clients/client#/web#/ sftp
     
  3. plusQ

    plusQ New Member HowtoForge Supporter

    Hi, thanks for you help, but this one does not help.
    I tried to paste "/usr/sbin/sftp" into the chroot-app next to "/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php"
    • Made a new SSH-User
    • service jailkit restart
    and after that doesn't work I paste
    an got this:
     
  4. Jesse Norell

    Jesse Norell Well-Known Member

    That is the sftp client, not the server. Put 'sftp' under 'Jailkit chroot app sections' (and if you want, you could edit /etc/jailkit/jk_init.ini and verify there is an [sftp] section).
     
  5. plusQ

    plusQ New Member HowtoForge Supporter

    was under 'Jailkit chroot app by default.

    /etc/jailkit/jk_init.ini
     
  6. Jesse Norell

    Jesse Norell Well-Known Member

    That looks exactly like what I have (also debian jessie), and it's working (I just tested to confirm). Check logs for errors/indications of the problem? You might run jk_update to make sure all binaries/libraries are in tact:
    Code:
    jk_update --jail /var/www/clients/client5/web17/
     
  7. Jesse Norell

    Jesse Norell Well-Known Member

    One other thought, maybe test a command-line sftp client and see if that works, ie. it's not something in the netbeans config.
     
  8. plusQ

    plusQ New Member HowtoForge Supporter

    I tried Filezilla as FTP-Programm

    The connection with FTP runs perfect

    SFTP can not log in - > "Received unexpected end-of-file from SFTP server"

    I can log in via SSH - without problems

    And when I change "jailkit" to "none" - I can log in via SFTP

    maybe something happed in the new 3.1 Version of ISPC. My other server is running with 3.0.5.4p9
    I am installing some new servers at the moment one with 3.0.5.4p9 and one with 3.1 to see what happens
     
  9. Jesse Norell

    Jesse Norell Well-Known Member

    One other thing you could check is what program is run for sftp, and make sure that is in your jail. The default for debian 8 is:
    Code:
    # grep -i sftp /etc/ssh/sshd_config
    Subsystem sftp /usr/lib/openssh/sftp-server
    
    which is part of the [sftp] section in my jk_init.ini (as it is in yours above).
     
    Last edited: Apr 26, 2017
  10. plusQ

    plusQ New Member HowtoForge Supporter

    I get the same back
     
  11. Jesse Norell

    Jesse Norell Well-Known Member

    Any error in the logs?

    Maybe try attaching to sshd with strace and see if you can track down any problems for such a connection.
     
  12. plusQ

    plusQ New Member HowtoForge Supporter

    /var/log/messages:
    here I have lot's of this... hole time... (I don't know what that is, too)
    /var/log/auth.log:
    in all other logs, I didn't see anything...
     
  13. Jesse Norell

    Jesse Norell Well-Known Member

    SSH to that environment and ensure you can run /usr/lib/openssh/sftp-server; I don't know valid commands offhand, but it should just sit there, expecting input, rather than give an error.

    Do you have selinux or similar running?
     

Share This Page