unable to connect to SFTP using Nginx One Click droplet

November 2, 2018 711 views
Nginx Ubuntu 18.04

I'm trying to connect via sftp to a one-click LEMP droplet, but after creating a superuser and granting ownership of the web directory, sftp login still fails for both root and my newly created superuser.

Here's what I've run to set up my user so far:
adduser logan
usermod -aG sudo logan
rsync --archive --chown=logan:logan ~/.ssh /home/logan

As far as permissions and groups go, I've done the following (domain.com as placeholder for my actual domain)

sudo chown www-data:www-data /var/www/domain.com
sudo chmod -R 775 /var/www/domain.com

I've been using the following docs:
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-18-04
https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-16-04
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04

Is there something else that needs to be done after starting the one-click droplet? I saw a help article that said I needed to change the root password first, but I'm using an SSH key for my root account (selected during droplet configuration).

Thanks in advance for any assistance.

3 comments
  • Try logging in with keys instead of password via SFTP. If you are able to SSH in with the keys then you should be able to SFTP as well. I'm using WinSCP on windows and it has the option to log`in via keys.

  • You could take a look at the ssh logs with cat /var/log/auth.log.

  • Sorry for not responding initially, I do appreciate your response. I think I abandoned the droplet and spaced that I had posted a question in regard to it.

    I am however running into this issue on a droplet that I have been running since before the droplet in the initial question. I'm usually able to login w/sftp without issues, but noticed that ceased a few days ago. My ssh keys have continued working for terminal connections, but sftp is obviously easier to edit files with.

    I checked the auth.log but it doesn't show any errors, or even failed authentication. Only shows other usernames that have been denied previously (rightfully so), and a log entry indicating that I ran the cat command.

    The error im getting back in CyberDuck is as follows:
    Exhausted available authentication methods. Please contact your web hosting service provider for assistance. Please contact your web hosting service

    I've tried logging in as my user and as root but both seem to be having the same issue. I'm continuing to research this myself, but are there any other logs i should check that anyone can suggest?

1 Answer
LoganC January 11, 2019
Accepted Answer

I figured out that I must have disabled PasswordAuthentication in the ssh config somehow.

  • Although I solved my initial question, can anyone tell me how I may be able to permit only a user other than root to access via sftp?

    *I've attempted entering a "Match" block, similar to this: *
    ...
    PasswordAuthentication no
    ...
    Match user sftpuser (sftpuser is placeholder for username)
    PasswordAuthentication yes

    After making this change though, when attempting to restart sshd I get the following error:
    "Job for ssh.service failed because the control process exited with error code.
    See "systemctl status ssh.service" and "journalctl -xe" for details."

    systemctl status ssh.service returns this...
    ssh.service - OpenBSD Secure Shell server
    Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Thu 2019-01-10 20:21:18 MST; 4s ago
    Process: 27840 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=0/SUCCESS)
    Process: 28100 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255)
    Main PID: 27840 (code=exited, status=0/SUCCESS)

    This is getting in deep for a noob such as myself. Any help is appreciated.

Have another answer? Share your knowledge.