Difference between revisions of "FTP"

Connecting

Once these have been set and they have propagated you will be able to connect with the server IP address as the hostname, username and the password. The best way to connect via FTP is via a client such as Filezilla. You will need to use the port 21. Check ports 20 and 21 are not blocked using:

netstat -ant | grep LISTEN
iptables -A INPUT -p tcp --dport <port> -j ACCEPT 

tcp6 for IPv6. Alternate syntax in between tcp and --dport: -d 0/0 -s 0/0

If they are blocked these can be allowed through Virtuozzo.

Display accounts

To show FTP accounts in MySQL via SSH:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`
use psa

Below command applies to SSH and Command Prompt:

SELECT login AS FTP_USER,password AS FTP_PASS,home AS DOMAIN_ROOT,accounts.id,sys_users.account_id FROM accounts, sys_users WHERE accounts.id=sys_users.account_id;

Change account password in SSH

To change the username you log into FTP with if Plesk does not let you to change it go to:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`
use psa
show tables;
select * from sys_users
select * from accounts;
update sys_users set login = 'inserthere' where id = 'X'

Change FTP password in Plesk 9

Main Menu - Domains > Click the Domain > Website - Web Hosting Settings > Account Preferences

Change FTP password in Plesk 10

Hosting Services - Domains (or Subscriptions) > Open in Control Panel (or Manage Hosting) > Websites and Domains tab > FTP Access

DNS Records required

To FTP over a domain name you may need these records:

@ A ServerIPaddress
Astrix A ServerIPaddress
ftp CNAME www
www A ServerIPaddress

Dreamweaver for FTP/SFTP

File upload goes to 0kb

If you get the following error when uploading via FTP and the file is 0kb once done:

Disk Quota exceeded error

And you have a Plesk 10.4.4 server, apply the latest Micro Updates using the auto-installer/upgrade section, guide here.

FTP Logs

/opt/psa/var/log/xferlog (or /usr/local/var/log/xferlog
/var/www/vhosts/DomainName/statistics/logs/xferlog
/var/log/secure
/var/log/syslog
/var/log/daemon.log

Always check iptables for DROP rules.

FTP over TLS

If you get the following message in an FTP client or Telnet test:

550 SSL/TLS required on the control channel

Do the following:

• Download Filezilla from here: http://filezilla-project.org/download.php?type=client
• Install it to your PC and run it, then go to:
• File > Site Manager
• New Site, call it something like "My FTP"
• Use the following settings:

- Host: IP address
- Encryption: Require explicit over TLS
- Logon Type: Normal
- Username: username
- Password: password

• Click OK
• Then next to the button underneath File, click the drop down menu arrow and select "My FTP"

FTP Timeout

If clients are disconnected from FTP by a timeout, and if the server is using Pro FTP or xinetd super server for FTP the configuration files are located in /etc/proftpd.conf and /etc/xinetd.conf and should be able to configured with TimeoutNoTransfer 1200

Notes

/usr/sbin/proftpd

"Socket operation on non-socket" , change config according to this.

Failed binding to ::, port 21: Address already in use

Check the ServerType directive to ensure you are configured correctly in /etc/proftpd.conf:

Change standalone to inetd

#ServerType standalone
ServerType inetd

Permissions

If you cannot upload files to the server you will need to check the user:group the folder you are uploading to has. Normally needs ftpuser:psacln for files and ftpuser:psaserv for folders (or just httpdocs).

To allow FTP access to files outside the home directory via chroot: http://www.ducea.com/2006/07/27/allowing-ftp-access-to-files-outside-the-home-directory-chroot/ .

ProFTPd to use TLS/SSL

Setting up FTP

Before you can upload anything to a Plesk server, you will need to add a domain. This can be done in Plesk 10 by pressing Subscriptions down the left-hand side, then Add New Subscription. Fill in the required fields and press OK. The username and password you entered here is the username and password you need to use on an FTP client.

Filezilla Network Configuration

SFTP

SFTP accesses FTP over a Secure Shell, therefore using Port 22. Your server will do this by default if you have SSH access. In Filezilla just use port 22 or sftp://VPS_IP

netstat -ant | grep LISTEN
/etc/init.d/ssh start
/etc/init.d/sshd start
iptables -L

If it is not listening on 0.0.0.0:22, SSH is not started. Use IPTables to check that all connections are allowed including port 22.

If you cannot access the server via SFTP, go into Plesk > Domains > (Plesk 10 - Control Panel > Websites and Domains) > Web Hosting Access and allow the FTP user Shell access, as SFTP uses port 22 so it needs this ability. If Plesk is not allowing you to set it and keeps reverting do: vim /etc/passwd and set the users to /bin/bash

If the following error message is in /var/log/syslog: "init: Failed to spawn ssh pre-start process: unable to set oom adjustment: Operation not permitted" do:

vim /etc/init/ssh.conf
#oom never
:wq
/etc/init.d/ssh start

https://www.intovps.com/client/knowledgebase.php?action=displayarticle&id=16

If you change the default SSH port from 22, when you want to sftp you need to put in the host field sftp:// before the IP address. Otherwise you may get the error message:

Response:	SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
Error:	Cannot establish FTP connection to an SFTP server. Please select proper protocol.
Error:	Critical error
Error:	Could not connect to server

An example of an SFTP server that can run alongside MSFTP server is SiverSHielD SFTP server. This can allow Dreamweaver to upload directly.

Note: A symlink may appear as a directory in FTP/SFTP.

Chroot SFTP

HTML page for the link above.

groupadd chrootsftpusers

For internal use without a password:

useradd -g chrootsftpusers -d /homedirectory -s /sbin/nologin username

For external use with a password:

useradd -g chrootsftpusers -d /homedirectory -s /bin/bash username
passwd username

Then:

grep username /etc/passwd
vim /etc/ssh/sshd_config

Set the following in the file:

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem       sftp    internal-sftp

Match Group chrootsftpusers
        ChrootDirectory /sftp/username
        ForceCommand internal-sftp

grep sftp /etc/ssh/sshd_config
chown username:chrootsftpusers /var/www/d
ls -ld /homedirectory
service sshd restart

Timeouts

General timeouts:

vim /etc/ssh/ssh_config
ClientAliveInterval 60

Connection timed out:

Error:  Connection timed out
Error:	File transfer failed after transferring 183,599,104 bytes in 130 seconds

Test with SCP and see if you get the same error. If you get this error in Filezilla:

disconnected from server
Error:	Connection timed out
Error:	File transfer failed after transferring bytes in seconds when file complete

Edit > Settings > Connection - Set "Timeout in seconds" to 200 or over the limit of what it errors with.

Then Add it in File > Site Manager and set "Maximum number of connections" to 1 in the Transfer Settings tab

Also see these links: 1, 2

SSH FTP command

Telnet test

telnet ipaddress port

user username pass password

Notes

• Active vs Passive FTP

• Setting up FTP accounts in Plesk (Needs Plesk 9.5.4!)

• Create FTP accounts to go to certain directory

• Windows FTP is handled through IIS under Default FTP site. Of note is that IP's may be blocked here. Also the FTP Publishing Service via Virtuozzo System Services can be started too.

• If in Windows 2008 task manager via RDP you setup scheduled tasks but they only seem to upload empty files the scripts/batch files normally need to be an open directory such as cgi-bin, httpdocs or public_html and if you get:

425 Unable to build data connection: Connection timed out disconnect

A Plesk and Windows Firewall may have locked it down so try to add the passive dynamic port range into Windows Firewall to allow MS DOS FTP command to send and receive.

Windows FTPS

ftps-data  989/tcp ftp protocol, data, over TLS/SSL
ftps-data  989/udp ftp protocol, data, over TLS/SSL
ftps	   990/tcp ftp protocol, control, over TLS/SSL
ftps	   990/udp ftp protocol, control, over TLS/SSL

Versus the usual:

ftp-data 20/tcp File Transfer [Default Data]
ftp-data 20/udp File Transfer [Default Data]
ftp      21/tcp File Transfer [Control]
ftp      21/udp File Transfer [Control]

Using Plesk:

Server > IP Address > click on IP > Tick FTP over SSL

Manually:

IIS by default should allow FTPS (FTP over SSL). You normally get an SSL first to do this.

You need to also make sure you:

• allow Inbound connections in Windows Firewall in the Public Profile
• the IP has an SSL assigned to it
• right click the site in IIS and Add FTP Publishing, from here you can select the SSL certificate you want to use (probably the domain itself) and define the port (likely 990). A guide to this is here: http://www.iis.net/learn/publish/using-the-ftp-service/adding-ftp-publishing-to-a-web-site-in-iis-7

You'll need to setup an FTP user and grant it ownership on the virtual directory for the website - this user's credentials will be used to login to the FTPS.

You will then connect with ftpes://ipaddressofthewebsite

Username
Password
FTPS port

On a Plesk box if you can telnet to port 21, but cannot connect to FTP with the correct credentials, and get the following errors:

331 Password required for username.
PASS ***************
530 User cannot log in, home directory inaccessible.

331 Password required for username.
PASS *****************
530 User cannot log in.

Check the permissions for each user in the Security tab for the FTP user's home directory, ensure the domain is associated to the right IP in Plesk and DNS pointing to the server, ensure there is not an issue with Firewall trying to connect to internal IPs, check Plesk quota's/subscription limits and finally you can try to run the following commands to rebuild the IIS/Plesk FTP configuration:

\Plesk\admin\bin>ftpmng.exe --remove-all
\Plesk\admin\bin>ftpmng.exe --reconfigure-all