Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to login with site user via ssh key when ftp user is created #527

Open
ccMatrix opened this issue Sep 27, 2024 · 5 comments
Open

Unable to login with site user via ssh key when ftp user is created #527

ccMatrix opened this issue Sep 27, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@ccMatrix
Copy link

ccMatrix commented Sep 27, 2024
edited
Loading

CloudPanel version(s) affected

2.4.2

Description

When you create a ftp user for a site, you can no longer login with the ssh key of the site user.

How to reproduce

  1. Create a new site
  2. Add ssh key for login to the site user
  3. Test login via site-user name and ssh key using e.g. putty
  4. Create an ftp user via the CloudPanel UI
  5. Test login via site-user name and ssh key again
  6. Login fails with error that not authentication method could be found
  7. Delete the ftp user from the CloudPanel UI
  8. Login via site-user name and ssh key again
  9. You should be able to login again

Possible Solution

No response

Additional Context

No response
@cloudpanel-io cloudpanel-io added the bug Something isn't working label Oct 11, 2024
@mwportlukasiewicz
Copy link

Cannot login with ssh after creation a new ftp user in the same website.
Error log(auth.log): Authentication refused: bad ownership or modes for directory /home/xxx

@Noaber
Copy link

Noaber commented Nov 1, 2024

Same here, can not login with the site user. Removed the SSH from SSH/FTP but still no luck.
This went wrong for a SUBDOMAIN.DOMAIN.TLD. i had the same problem for the DOMAIN.TLD, however there was removing the ssh user from SSH/FTP enough.

@cmubo
Copy link

cmubo commented Nov 7, 2024
edited
Loading

Same thing has happened to me, I had to delete the site and recreate it to get it working again. But since I didn't realise it was caused by creating an FTP user, I've now ran into the same problem.

I can still create new sites and login to those with key authentication.

@cmubo
Copy link

cmubo commented Nov 7, 2024

Found these issues which had the same problem:
#129
#429

@cmubo
Copy link

cmubo commented Nov 7, 2024

Temporary solution by @ccMatrix via the discord server.

Try login via SSH as root and change the group writable flag of the site user home folder. chmod g-w /home/siteuser. Then your login via public key should work again. You could also try if that works in combination with an ftp user or if the ftp user then loses access to the site htdocs folder

Potential context for the problem again from @ccMatrix

My guess would be that the system checks the members of the group and if there is just one it treats it the same as not being group writable since no other user will have access.

Only when additional users are in the group the check becomes relevant and then it fails. Glad that it works and please do check and report back if everything works now.

Maybe this could be a fix @stefan.wieczorek can add to CloudPanel. It's possible that the useradd command sets the group writable flag and CloudPanel should/could change it back to only site user writable to fix the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ccMatrix @Noaber @cmubo @cloudpanel-io @mwportlukasiewicz