Hello, I've been having a very strange issue ever since I installed and configured my Ubuntu 14.04/ISPConfig 3.1.10, namely - the main system user can connect via sFTP just fine. However, when I add a site-specific user, they get an error message "Authentication failed. Critical error Cannot connect to server". I've checked the pure-ftpd mysql.conf and logged in successfully to MySQL with the credentials there. Furthermore, I looked in the ispconfig table and all site-specific users are there, marked as active and so on. Could anyone help me figure out what's wrong with my configuration? Thank you!
You mix up SFTP with FTPS here. SFTP is not FTP and so you can not connect to it with an FTP user, SFTP is SSH. If you want to have a secure FTP login, then choose FTPS (FTP over TLS) in your FTP client.
Hi Til, Thanks for your reply. Indeed, I must have mixed the two. After opening Port 21 and connecting to it, now I get a request to accept the server certificate, but a different message: Code: Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing... Status: Server sent passive reply with unroutable address. Using server address instead. Command: MLSD Error: Connection timed out after 20 seconds of inactivity Error: Failed to retrieve directory listing Do you have any idea what could be wrong?
I made the changes described in that link, but the message remains the same. EDIT: OK, turns out ufw is not running. I tried enabling it and got the following: Code: ufw enable WARN: Duplicate profile 'Apache', using last found WARN: Duplicate profile 'Apache Secure', using last found WARN: Duplicate profile 'Apache Full', using last found Command may disrupt existing ssh connections. Proceed with operation (y|n)? y ERROR: problem running ufw-init iptables-restore: line 2 failed ----- iptables -L Chain INPUT (policy DROP) target prot opt source destination AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED AS0_ACCEPT all -- anywhere anywhere AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000 AS0_ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:915 AS0_ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:914 AS0_ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:917 AS0_ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:916 AS0_ACCEPT udp -- anywhere anywhere state NEW udp dpt:919 AS0_ACCEPT udp -- anywhere anywhere state NEW udp dpt:918 AS0_ACCEPT udp -- anywhere anywhere state NEW udp dpt:921 EDIT 2: Accidentally closed my ssh session and then was unable to connect. Luckly, I was on VPN and could remote connect on the local port. When I checked the ufw status, this is what I got: Code: ufw status WARN: Duplicate profile 'Apache', using last found WARN: Duplicate profile 'Apache Secure', using last found WARN: Duplicate profile 'Apache Full', using last found Status: active To Action From -- ------ ---- 20/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere 25/tcp ALLOW Anywhere 53/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 110/tcp ALLOW Anywhere 143/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 465/tcp ALLOW Anywhere 993/tcp ALLOW Anywhere 995/tcp ALLOW Anywhere 3306/tcp ALLOW Anywhere 8080/tcp ALLOW Anywhere 8081/tcp ALLOW Anywhere 10000/tcp ALLOW Anywhere 53/udp ALLOW Anywhere 3306/udp ALLOW Anywhere 10024 DENY Anywhere 943/tcp ALLOW Anywhere 943/udp ALLOW Anywhere 40110:40210/tcp ALLOW Anywhere 20/tcp (v6) ALLOW Anywhere (v6) 21/tcp (v6) ALLOW Anywhere (v6) 22/tcp (v6) ALLOW Anywhere (v6) 25/tcp (v6) ALLOW Anywhere (v6) 53/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 110/tcp (v6) ALLOW Anywhere (v6) 143/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) 465/tcp (v6) ALLOW Anywhere (v6) 993/tcp (v6) ALLOW Anywhere (v6) 995/tcp (v6) ALLOW Anywhere (v6) 3306/tcp (v6) ALLOW Anywhere (v6) 8080/tcp (v6) ALLOW Anywhere (v6) 8081/tcp (v6) ALLOW Anywhere (v6) 10000/tcp (v6) ALLOW Anywhere (v6) 53/udp (v6) ALLOW Anywhere (v6) 3306/udp (v6) ALLOW Anywhere (v6) 40110:40210/tcp (v6) ALLOW Anywhere (v6) For some reason (which now I remember was why I had stopped it in the first place), when the firewall is active, I can neither connect via SSH, nor does any of the web sites respond.
You might also want to set a passive IP: Code: echo "EXTERNAL_IP_HERE" > /etc/pure-ftpd/conf/ForcePassiveIP
Did that, but now I'm stuck at "retrieving directory listing" which timeouts. Syslog: https://pastebin.com/wHw8g44L FTP client log: Code: Status: Connecting to X.X.X.X:21... Status: Connection established, waiting for welcome message... Status: Initializing TLS... Status: Verifying certificate... Status: TLS connection established. Status: Logged in Status: Retrieving directory listing... Command: PWD Response: 257 "/" is your current location Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (X,X,X,X,156,240) Command: MLSD
Then you still have a passive ports problem. ensure that the same passive port range is defined in your firewall. the router firewall or any external firewall if you have one, and the ftp server.
