Additonal FTP Accounts - input_userauth_request: invalid user

[expertis]

Last year, after upgrading to Cpanel 11.24.4 from a fairly old version, I could no longer access FTP accounts that had been previously setup under a specific domain. Before the upgrade this user had multiple FTP accounts that worked perfectly. After the upgrade we can recreate and delete these accounts all day long and nothing works. I have also restricted FTP to SFTP which works perfectly on the default domain FTP user. All other accounts don't work and return the following error in /var/log/secure;

Apr 20 17:50:30 serv1 sshd[28186]: Invalid user [email protected] from ::ffff:71.117.232.229
Apr 20 17:50:30 serv1 sshd[28187]: input_userauth_request: invalid user [email protected]
Apr 20 17:50:33 serv1 sshd[28186]: Failed password for invalid user [email protected] from ::ffff:192.168.0.1 port 2430 ssh2
Apr 20 17:50:33 serv1 sshd[28187]: Received disconnect from ::ffff:192.168.0.1: 12: User authentication failed.

You'll notice the mention of port 2430 in the errors above. However, that is not the port used for SFTP on this server. Is that the problem? If yes, why would that port be different from the one I have manually set in CuteFTP?

These FTP users have been setup using CPanel > FTP Accounts. I have also tried changing FTP servers in WHM, it is back to Pure-FTPD right now.

Any help or direction would be appreciated.

Thanks.

 

[cPanelDavidG]

Last year, after upgrading to Cpanel 11.24.4 from a fairly old version, I could no longer access FTP accounts that had been previously setup under a specific domain. Before the upgrade this user had multiple FTP accounts that worked perfectly. After the upgrade we can recreate and delete these accounts all day long and nothing works. I have also restricted FTP to SFTP which works perfectly on the default domain FTP user. All other accounts don't work and return the following error in /var/log/secure;

Apr 20 17:50:30 serv1 sshd[28186]: Invalid user [email protected] from ::ffff:71.117.232.229
Apr 20 17:50:30 serv1 sshd[28187]: input_userauth_request: invalid user [email protected]
Apr 20 17:50:33 serv1 sshd[28186]: Failed password for invalid user [email protected] from ::ffff:192.168.0.1 port 2430 ssh2
Apr 20 17:50:33 serv1 sshd[28187]: Received disconnect from ::ffff:192.168.0.1: 12: User authentication failed.

You'll notice the mention of port 2430 in the errors above. However, that is not the port used for SFTP on this server. Is that the problem? If yes, why would that port be different from the one I have manually set in CuteFTP?

These FTP users have been setup using CPanel > FTP Accounts. I have also tried changing FTP servers in WHM, it is back to Pure-FTPD right now.

Any help or direction would be appreciated.

Thanks.

I recommend letting our technical analysts take a look at your server: http://tickets.cPanel.net/submit - be sure to mention the migration from an old version of cPanel as that could be useful for our technical analysts to consider when examining your server.

 

[expertis]

My server is at ServerBeach, so I assume I will have to go through them for support?

I also appears that I was misunderstanding SFTP and making an assumption that the FTP Accounts still worked when FTP is disabled. According to a poster on the ServerBeach forums, these FTP Accounts will not work when SFTP is the method being used.

Is this accurate? If yes, what are you to do if you need to create 2 FTP-like accounts where users can dump files to a specific directory on the server?

Thanks in advance.

 

[cPanelDavidG]

My server is at ServerBeach, so I assume I will have to go through them for support?

I also appears that I was misunderstanding SFTP and making an assumption that the FTP Accounts still worked when FTP is disabled. According to a poster on the ServerBeach forums, these FTP Accounts will not work when SFTP is the method being used.

Is this accurate? If yes, what are you to do if you need to create 2 FTP-like accounts where users can dump files to a specific directory on the server?

Thanks in advance.

If your server is with ServerBeach, I recommend contacting them as they could get faster answers from our technical analysts.

SFTP (File transfer over SSH) does not rely upon the FTP service. However, regular FTP and FTPS (FTP via SSL/TLS) both depend on the FTP service being functional.

SFTP is only available to the cPanel user. FTP sub-users need to use FTP or FTPS.

If you don't like FTP, you could create WebDisk users and grant access to the server that way. WebDisk users can be granted access to a specific directory and can upload files to that specific directory.

 

[expertis]

Thank you for the clear explanation! I will use the WebDisk scenario from this point forward along with SFTP.

Regards.

 

[mambovince]

Hi,
I admit in getting very confused about this topic.
Can't seem to find a definitive answer.

First I read this:
FTPS on cPanel server - Web Hosting Talk - The largest, most influential web hosting community on the Internet

In cPanel 11, shell access does not need to be enabled to be able to use SFTP.

I thought great, that's what I need for my users.
Now this:

SFTP is only available to the cPanel user. FTP sub-users need to use FTP or FTPS.

So now hoping a kind cPanel expert can give a difinitive answer of if and how we can enable SFTP for users without giving full SSH?

many thanks,

- Vince

 

[expertis]

SFTP Access

I join you in being extremely confused on this topic. We locked down a server to only allow SFTP access. Unfortunately, this causes other problems. The big one that got me was when FTP is disabled on the cPanel server in favor of SFTP, the FTP User accounts can't work with SFTP. It would be really nice if cPanel hid the FTP User accounts or stated they were disabled if they can no longer be used.

According to cPanel and my testing, when using SFTP, you can only allow the main user account (per hosting account) login and transfer files via SFTP. This eliminates the ability to have different FTP users. I have resorted to trying to use the Web Drives, which works, but is a pain. I have a client right now that can't even use a web drive, because of their strict firewall rules.

Sorry, I haven't even attempted to figure out what's required, allowed and any quirks as it relates to FTPS.

 

[cPanelDavidG]

I join you in being extremely confused on this topic. We locked down a server to only allow SFTP access. Unfortunately, this causes other problems. The big one that got me was when FTP is disabled on the cPanel server in favor of SFTP, the FTP User accounts can't work with SFTP. It would be really nice if cPanel hid the FTP User accounts or stated they were disabled if they can no longer be used.

According to cPanel and my testing, when using SFTP, you can only allow the main user account (per hosting account) login and transfer files via SFTP. This eliminates the ability to have different FTP users. I have resorted to trying to use the Web Drives, which works, but is a pain. I have a client right now that can't even use a web drive, because of their strict firewall rules.

Sorry, I haven't even attempted to figure out what's required, allowed and any quirks as it relates to FTPS.

It sounds like you manually disabled FTP. Why not re-enable FTP to allow your additional FTP users to use FTPS? FTPS encrypts the user credentials - but unlike SFTP, FTPS does not encrypt the file contents as they are transferred.