[SOLVED] SFTP no longer works for ISPConfig users

After updating Debian (now 9.13) and ISPConfig (now 3.2.8p1) shell-users defined in "Sites" can no longer access using SFTP.
For example, Filezilla connect then raise error: "Could not connect to server".

Expand: Filezilla - Full debug trace

12:41:18 Status: Disconnected from server
12:41:18 Trace: CControlSocket:: DoClose(66)
12:41:18 Trace: CControlSocket::ResetOperation(66)
12:41:18 Trace: CFileZillaEnginePrivate::ResetOperation(66)
12:41:18 Trace: CControlSocket:: DoClose(66)
12:41:18 Trace: CControlSocket::ResetOperation(66)
12:41:18 Trace: CFileZillaEnginePrivate::ResetOperation(66)
12:41:18 Trace: CControlSocket:: DoClose(66)
12:41:18 Trace: CControlSocket::ResetOperation(66)
12:41:18 Trace: CFileZillaEnginePrivate::ResetOperation(66)
12:41:18 Trace: CFileZillaEnginePrivate::ResetOperation(0)
12:41:19 Trace: CControlSocket::SendNextCommand()
12:41:19 Trace: CSftpConnectOpData::Send() in state 0
12:41:19 Status: Connecting to xx.xx.xx.24:2222...
12:41:19 Trace: Going to execute C:\Program Files\FileZilla Pro\fzsftp.exe
12:41:19 Response: fzSftp started, protocol_version=11
12:41:19 Trace: CSftpConnectOpData:: ParseResponse() in state 0
12:41:19 Trace: CControlSocket::SendNextCommand()
12:41:19 Trace: CSftpConnectOpData::Send() in state 3
12:41:19 Command: open "[email protected].24" 2222
12:41:19 Trace: Looking up host "xx.xx.xx.24" for SSH connection
12:41:19 Trace: Connecting to xx.xx.xx.24 port 2222
12:41:19 Trace: We claim version: SSH-2.0-FileZilla_3.60.1
12:41:19 Trace: Connected to xx.xx.xx.24
12:41:19 Trace: Remote version: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
12:41:19 Trace: Using SSH protocol version 2
12:41:19 Trace: Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
12:41:19 Trace: Server also has ecdsa-sha2-nistp256/rsa-sha2-512/rsa-sha2-256/ssh-rsa host keys, but we don't know any of them
12:41:19 Trace: Host key fingerprint is:
12:41:19 Trace: ssh-ed25519 255 SHA256:nGH23CB/bhpD7NurYYMKsjDjiOOVHYLlSS5ckv6zzd0
12:41:19 Trace: Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
12:41:19 Trace: Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
12:41:19 Trace: Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
12:41:19 Trace: Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
12:41:19 Status: Using username "c13u2".
12:41:19 Command: Pass: ************
12:41:19 Trace: Sent password
12:41:19 Trace: Access granted
12:41:19 Trace: Opening main session channel
12:41:19 Trace: Opened main channel
12:41:19 Trace: Started a shell/command
12:41:19 Status: Connected to xx.xx.xx.24
12:41:19 Trace: Session sent command exit status 127
12:41:19 Trace: Got eof from child process
12:41:19 Trace: CControlSocket:: DoClose(64)
12:41:19 Trace: CControlSocket::ResetOperation(66)
12:41:19 Trace: CSftpConnectOpData::Reset(66) in state 3
12:41:19 Error: Could not connect to server
12:41:19 Trace: CFileZillaEnginePrivate::ResetOperation(66)
12:41:19 Status: Waiting to retry...
12:41:24 Trace: CControlSocket:: DoClose(66)
12:41:24 Trace: CControlSocket::ResetOperation(66)
12:41:24 Trace: CFileZillaEnginePrivate::ResetOperation(66)
12:41:24 Trace: CControlSocket:: DoClose(66)
12:41:24 Trace: CControlSocket::ResetOperation(66)
12:41:24 Trace: CFileZillaEnginePrivate::ResetOperation(66)
12:41:24 Trace: CControlSocket::SendNextCommand()
12:41:24 Trace: CSftpConnectOpData::Send() in state 0
12:41:24 Status: Connecting to xx.xx.xx.24:2222...
12:41:24 Trace: Going to execute C:\Program Files\FileZilla Pro\fzsftp.exe
12:41:24 Response: fzSftp started, protocol_version=11
12:41:24 Trace: CSftpConnectOpData:: ParseResponse() in state 0
12:41:24 Trace: CControlSocket::SendNextCommand()
12:41:24 Trace: CSftpConnectOpData::Send() in state 3
12:41:24 Command: open "[email protected].24" 2222
12:41:24 Trace: Looking up host "xx.xx.xx.24" for SSH connection
12:41:24 Trace: Connecting to xx.xx.xx.24 port 2222
12:41:24 Trace: We claim version: SSH-2.0-FileZilla_3.60.1
12:41:24 Trace: Connected to xx.xx.xx.24
12:41:24 Trace: Remote version: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
12:41:24 Trace: Using SSH protocol version 2
12:41:25 Trace: Doing ECDH key exchange with curve Curve25519 and hash SHA-256 (unaccelerated)
12:41:25 Trace: Server also has ecdsa-sha2-nistp256/rsa-sha2-512/rsa-sha2-256/ssh-rsa host keys, but we don't know any of them
12:41:25 Trace: Host key fingerprint is:
12:41:25 Trace: ssh-ed25519 255 SHA256:nGH23CB/bhpD7NurYYMKsjDjiOOVHYLlSS5ckv6zzd0
12:41:25 Trace: Initialised AES-256 SDCTR (AES-NI accelerated) outbound encryption
12:41:25 Trace: Initialised HMAC-SHA-256 (unaccelerated) outbound MAC algorithm
12:41:25 Trace: Initialised AES-256 SDCTR (AES-NI accelerated) inbound encryption
12:41:25 Trace: Initialised HMAC-SHA-256 (unaccelerated) inbound MAC algorithm
12:41:25 Status: Using username "c13u2".
12:41:25 Command: Pass: ************
12:41:25 Trace: Sent password
12:41:25 Trace: Access granted
12:41:25 Trace: Opening main session channel
12:41:25 Trace: Opened main channel
12:41:25 Trace: Started a shell/command
12:41:25 Status: Connected to xx.xx.xx.24
12:41:25 Trace: Session sent command exit status 127
12:41:25 Trace: Got eof from child process
12:41:25 Trace: CControlSocket:: DoClose(64)
12:41:25 Trace: CControlSocket::ResetOperation(66)
12:41:25 Trace: CSftpConnectOpData::Reset(66) in state 3
12:41:25 Error: Could not connect to server
12:41:25 Trace: CFileZillaEnginePrivate::ResetOperation(66)

Also using Bivise SSH Client it connects (authenticates) but cannot start SFTP session.

Expand: Bitvise SSH CLient trace

14:30:53.083 Current date: 2022-07-26
14:30:53.083 Started a new SSH connection.
14:30:53.084 Connecting to SSH server xx.xx.xx.24:2222.
14:30:53.085 Connection established.
14:30:53.100 Server version: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
14:30:53.100 First key exchange started. Cryptographic provider: Windows CNG (x86) with additions
14:30:53.121 Received host key from the server. Algorithm: RSA/sha2-512, size: 2048 bits, SHA-256 fingerprint: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.
14:30:53.138 First key exchange completed using diffie-hellman-group14-sha1 (group 14, 2048-bit). Connection encryption: aes256-ctr, integrity: hmac-sha2-256, compression: none.
14:30:53.157 Attempting password authentication.
14:30:53.157 Authentication completed.
14:30:53.157 Extension "no-flow-control" disabled.
14:30:53.277 Synchronizing with server's host keys.
14:30:53.277 Host key synchronization completed without saving or erasing any keys. Number of keys received: 4, rejected: 1.
14:30:57.970 Opened session channel 0.
14:30:57.970 SFTP channel opened.
14:30:57.985 SFTP channel: SFTP request accepted.
14:30:57.985 SFTP channel: EOF received.
14:30:57.985 SFTP channel closed by server.
14:30:57.985 Closed channel 0.

In /var/log/syslog I only see:
Jul 26 14:50:47 qx1 systemd[1]: Started Session 451 of user web13.
Jul 26 14:50:52 qx1 systemd[1]: Started Session 452 of user web13.

In /etc/passwd ISPConfig users are like:
web13:x:5010:5005::/var/www/clients/client1/web13/./home/web13:/usr/sbin/jk_chrootsh
c13u2:x:5010:5005::/var/www/clients/client1/web13/./home/c13u2:/usr/sbin/jk_chrootsh

Non ISPConfig users can connect via SSH and open SFTP session without problems.

Thanks for any help.

 

I updated from Debian 8.11 to 9.13.

Can I consider the update guide from 10 to 11 also valid from 8 to 9?

Thanks.

 

Solved with:

Code:

jk_update -j /var/www/clients/client1/web13

Now I can open SFTP session.
However I got these errors:
removing deprecated file /var/www/clients/client1/web13/usr/share/vim/addons/doc
ERROR: failed to remove deprecated file /var/www/clients/client1/web13/usr/share/vim/addons/doc
removing deprecated file /var/www/clients/client1/web13/usr/share/vim/vim74
ERROR: failed to remove deprecated file /var/www/clients/client1/web13/usr/share/vim/vim74
ERROR: while scannign dir /var/www/clients/client1/web13/opt/: No such file or directory
Should I do anything else or can I ignore them?