SOLVED Updated to v66, problem with FTP

[MikeRichardson]

Updated from v64 to v66.

Using pure-FTPD, a stored FTP login no longer worked.

Switching to pro-FTPD, the login worked.

Switching back to pure-FTPD - login does not work.

The server has 5 IPv4 addresses. The login does not work (but did in v64), when using the dedicated IP of the account (xx.xx.xx.93). I have to use the server shared IP (xx.xx.xx.90).

Not sure if this is a bug or intentional behavior.

 

[Spork Schivago]

Hi!

Are there any logs you could share or maybe provide a little more information? When you say pure-FTPD, login does not work....do you mean you get the login screen where it asks for a username / password, and when you type it in, it gives you an access denied message? Or do you mean you cannot even connect to the ftp server when using pure-FTPD?

Thanks.

 

[cPanelMichael]

Hello,

Could you let us know the output to /var/log/messages when authentication fails? Also, can you confirm if you are you using the short-form username (e.g. ftpuser1), or the long-form username (e.g. [email protected])? In order to use the short-form FTP username (with the exception of the cPanel account username), the account must be assigned a dedicated IP address, and you have to use that dedicated IP address (or a domain name resolving to it) as the host in your FTP client. I tested this on a server running cPanel version 66 and it worked as expected.

Thank you.

 

[MikeRichardson]

Hi!

Are there any logs you could share or maybe provide a little more information? When you say pure-FTPD, login does not work....do you mean you get the login screen where it asks for a username / password, and when you type it in, it gives you an access denied message? Or do you mean you cannot even connect to the ftp server when using pure-FTPD?

Thanks.

The exact error is, "530 Login authentication failed". I can always connect either way.

Hello,

Could you let us know the output to /var/log/messages when authentication fails? Also, can you confirm if you are you using the short-form username (e.g. ftpuser1), or the long-form username (e.g. [email protected])? In order to use the short-form FTP username (with the exception of the cPanel account username), the account must be assigned a dedicated IP address, and you have to use that dedicated IP address (or a domain name resolving to it) as the host in your FTP client. I tested this on a server running cPanel version 66 and it worked as expected.

Thank you.

I am using the cPanel account username. (which is just "network")

The account uses the shared IP, but I have been logging into FTP for all these years, using a domain name that is actually on a dedicated IP. My guess is that the checking is a little more strict now in v66, but only when using pure-FTPD for some reason.

It might still be a bug though. This case might be related:

• Fixed case CPANEL-13096: Fix short-form authentication for PureFTPd and accounts w/ dedicated IP.

To recap, the account that I am logging into is on the shared IP, but for years I have actually been using one of the dedicated IPs in my FTP client to log in.

These are the credentials that worked until v66 (and still work, with pro-FTPD):

• Server: xx.xx.xx.93 (dedicated IP of account "revenue")
• Username: network (cPanel account username - uses shared IP xx.xx.xx.90)
• Password: cPanel password

As of v66, when using pure-FTPD I must use these credentials:

• Server: xx.xx.xx.90 (shared IP)
• Username: network (cPanel account username, uses shared IP)
• Password: cPanel password

Hopefully that clarifies it a bit. Let me know if this was intended or is some kind of regression. It had me a little worried, I thought maybe we'd been hacked or there was some kind of severe corruption since switching FTPD servers back and forth didn't clear it up. I would guess that having different behavior between the two servers is probably incorrect.

 

[MikeRichardson]

Can't seem to edit posts. The initial post was a little confusing. Hopefully I clarified it with the second post.

 

[cPanelMichael]

Hello,

The behavior you notice did change in cPanel version 66, however it is by-design. The case you referenced corrected the behavior so that authentication over the dedicated IP address is only possible for FTP accounts created under that dedicated IP address:

Fixed case CPANEL-13096: Fix short-form authentication for PureFTPd and accounts w/ dedicated IP.

This allows short-form authentication for virtual FTP accounts to work on accounts associated with the dedicated IP addresses. Here's a scenario where this is applicable:

cpuser1 > domain1.tld > Assigned Shared IP
cpuser2 > domain2.tld > Assigned Dedicated IP

Let's say you access cPanel for "cpuser2", browse to "FTP Accounts" and create a new FTP account with the following username:

[email protected]

With short-form authentication, there would be no way to distinguish "cpuser1" from "[email protected]" if the behavior you used in the past were allowed.

Thank you.

 

[Misiek]

Dear Support,
I cannot access via FTP to any of mine accounts, clients are making the same statements.
Main account is turned on :
Polecenie: USER takecom
Odpowiedź 331 User someuser OK. Password required
Polecenie: PASS **********
Odpowiedź 530 Login authentication failed

This started today I really do not know what is happening.

Seems like there is a bug from version 66 if You use host : mainhost.com instead of ftp.accounthost.com then You cannot login, but in al earlier version that worked so why the change now? Furtermore if client doesnt have a working domain there is now way for him to login to main account.

 

[cPanelMichael]

Hi @Misiek,

Check to ensure the IP address or domain name used as the FTP host in the FTP client resolves to the IP address associated with the cPanel account that's authenticating. You can use the IP address itself as the FTP host if there's no working domain name. The below case corrected the past behavior in cPanel 66 so that authentication over the dedicated IP address is only possible for FTP accounts created under that dedicated IP address:

Fixed case CPANEL-13096: Fix short-form authentication for PureFTPd and accounts w/ dedicated IP.

Thank you.