Cant Access SFTP

My YunoHost server

Hardware: VPS bought online
YunoHost version: 11.1.17
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If your request is related to an app, specify its name and version: My_WebApp 1.0~ynh13

Description of my issue

Questions I have:

  • Do I have to change permissions by hand? Something like this: Give SFTP permission to edit an app | Yunohost Documentation ? Which I can do but rather not if it isnt absolutely neccessary.
  • Do I have to change config of SSH or could be something wrong with it? I looked at a lot of documentation about password authentication and public SSH keys but a bit afraid of touching any of it. Like this My_webapp | Yunohost Documentation
  • Is there a user “my-webapp” somewhere because there isnt a directory in /home or /home/ and also not in Yunohost web admin.
  • What am I missing?

I’m looking for a place to upload OPML files to have another app (FreshRSS) to dynamic populate its feeds based on OPML files I maintain seperatly. FreshRSS needs these OPML files to be in a public place. So I created a specific subdomain and installed a “My WebApp” to make this possible, which started this rabbithole (kind of). Suspecting I need other instances of “My WebApp” in the future, so better I fix this from the get-go.



Home directory of my_webapp user is: /var/www/my_webapp

About your SSH problem try to change the my_webapp user password:

  1. Login with SSH to the server as admin user.
  2. Change my_webapp user password:
sudo -s passwd my_webapp

Try now to login as my_webapp user with SSH or SFTP

Note: user is my_webapp not my-webapp

Thanks for taking time to help me out!

Changed the my_webapp password, with “sudo -s passwd my_webapp” and changed it to the same as given during install of My_WebApp.

Now SSH stays blank and SFTP just says: “Cant connect to server”.

Forgot to mention after install I changed the password also in the application config screen in de webadmin, when inlog with SFTP didnt work. Dont know if it should have been the same effect as this command?

Not sure if it provides more info but I SSH with my admin account and did this:
root@xxxxx:/# sudo su my_webapp

Gave this: “This account is currently not available.”

The user my_webapp have only access to SFTP (not SSH)…
Juste discovered this. But nothing to do with your problem I think.

One thing worked for me, is to uninstall my_webapp completely, and then make a fresh install with the same domain… After that it was possible to SFTP for my_webapp new user.

It was possible because my Webapp has only static HTML, no database, no dynamic content… In clear, nothing to backup.

You can also create for testing purpose a new fresh Webapp, and see if this user (if it’s the second one it’s my_webapp__2) can connect with SFTP.

Same result, wiped the ‘old’ one, installed fresh.
SFTP with admin-user works like a charm, SFTP with my_webapp …
“Cant connect to server” with FileZilla and WinSCP throws an error about “To big packet SFTP received” and “Cant initialise SFTP protocol” and the question if there is an SFTP service at the target machine.

Would it be a work around if:

  • I create a Yunohost user with permission on the app.
  • Grant read/write access to the corresponding folder?

And whats confusing to me:

  • I am a Yunohost user with admin rights.
  • I can (SSH and) SFTP happily.
  • But admins (group) cant be given SFTP permission.
  • I (as a user) can give myself SFTP permission, but I dont have it. At least in de web admin I dont.

Do I have SFTP permission, managed outside of Yunohost web admin?

I let Yunohost web admin run a diagnosis, log here:

But 2 things stand out:

In the Internet connectivity (ip) section:

[WARNING] DNS resolution seems to be working, but it looks like you’re using a custom /etc/resolv.conf.

  • The file /etc/resolv.conf should be a symlink to /etc/resolvconf/run/resolv.conf itself pointing to (dnsmasq). If you want to manually configure DNS resolvers, please edit /etc/resolv.dnsmasq.conf.

In the System configurations (regenconf) section:

[WARNING] Configuration file /etc/ssh/sshd_config appears to have been manually modified.

  • This is probably OK if you know what you’re doing! YunoHost will stop updating this file automatically… But beware that YunoHost upgrades could contain important recommended changes. If you want to, you can inspect the differences with ‘yunohost tools regen-conf ssh --dry-run --with-diff’ and force the reset to the recommended configuration with ‘yunohost tools regen-conf ssh --force’

[ERROR] The SSH configuration appears to have been manually modified, and is insecure because it contains no ‘AllowGroups’ or ‘AllowUsers’ directive to limit access to authorized users.

I dont know what caused this but do I have to ‘regen’ recommended configuration?
The ‘dry-run’ mentions @@ -1,124 +1,110 @@ which seems an indicator ho much characters would have to be added/removed?

Sometimes one thing let to another, meaning now I know the rigth keywords to search for. :wink:

I think this happened (saying no during initial YunoHost set up) in my case.

Custom web app sftp connection - Support apps - YunoHost Forum

Still a bit afraid to just do it, are there any riscs involved?

Took a deep breath after putting an offline backup.
Used “tools” instead of “service” tho as per SSH and command line | Yunohost Documentation

yunohost tools regen-conf ssh --force

After that removed old My Webapp, installed again fresh … Et voila SFTP works!!!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.