By default only the main user of a domain can SFTP into a domain. Plesk does allow to add FTP users, but for some reason not for access over encrypted SSH.
How to fix
To allow an additional FTP user to access the site you need to manually define what they can do directly on the server.
- Create an additional FTP user in Plesk > Domains > domain.tld > FTP Access.
- Set the user’s Home directory to:
/(with a subpath the chroot won’t work). - Open a SSH session to your server.
sudo nano /etc/passwd- Find the line that starts with the username you wish the change. It is most likely at the bottom.
The line is formatted like this:
username:x:10016:1003::/var/www/vhosts/domain.tld:/bin/falseusername– the name of the FTP user10016– the system user ID (UID)1003– the system group ID (GID)/var/www/vhosts/domain.tld– the path assigned to the FTP user, leave it like that/bin/false– the problem, login is blocked
Carefully change it to tell SSH that a chroot (jail) should be started for the user:
username:x:10016:1003::/var/www/vhosts/domain.tld:/usr/local/psa/bin/chrootshSave the file (ctrl x and then hit y and enter to confirm). Now open the domain’s /etc/passwd file that is read when the chroot session is started:
nano /var/www/vhosts/domain.tld/etc/passwdAt the bottom add a line like this:
username:x:10016:1003::/:/bin/bashusername– the FTP user10016– the user ID (UID) from earlier1003– the group ID (GID) from earlier/– the home path of the user, relative to the domain path/bin/bash– the normal Bash shell
And done! Login using SFTP should now be working, but remember you need to do this for each new additional FTP user.
Troubleshooting
To debug login issues, closely follow the secure and messages log files while doing the login. Hit ctrl c right after the (failed) login to end the log stream.
tail -Fn 0 /var/log/secure /var/log/messages
Leave a Reply