sftp service is failing

sfeldkamp

Description

SFTP service is flashing orange in Services panel.

Steps to reproduce

Upgraded to Ubuntu 22 followed by Ubuntu 24 following the guides on the site.

Logs

sftp service log after a service restart

Dec 03 19:34:27 [GET] /healthcheck
Dec 03 19:34:27 2025-12-04 01:34:27,895 sftp proftpd[42]: LDAPServer: parsed URL 'ldap://172.18.0.1:3002/??sub' as 'ldap://172.18.0.1:3002/??sub'
Dec 03 19:34:27 2025-12-04 01:34:27,899 sftp proftpd[42]: fatal: SFTPHostKey: unable to use '/etc/ssh/ssh_host_rsa_key' as host key, as it is group- or world-accessible on line 76 of '/etc/proftpd/proftpd.conf'
Dec 03 19:34:27 2025-12-04 01:34:27,904 WARN exited: proftpd (exit status 1; not expected)
Dec 03 19:34:31 2025-12-04 01:34:31,258 INFO spawned: 'proftpd' with pid 46
Dec 03 19:34:31 2025-12-04 01:34:31,301 sftp proftpd[46]: LDAPServer: parsed URL 'ldap://172.18.0.1:3002/??sub' as 'ldap://172.18.0.1:3002/??sub'
Dec 03 19:34:31 2025-12-04 01:34:31,303 sftp proftpd[46]: fatal: SFTPHostKey: unable to use '/etc/ssh/ssh_host_rsa_key' as host key, as it is group- or world-accessible on line 76 of '/etc/proftpd/proftpd.conf'
Dec 03 19:34:31 2025-12-04 01:34:31,308 WARN exited: proftpd (exit status 1; not expected)
Dec 03 19:34:32 [GET] /healthcheck
Dec 03 19:34:32 2025-12-04 01:34:32,020 INFO gave up: proftpd entered FATAL state, too many start retries too quickly

Troubleshooting Already Performed

Have restarted host (Digital Ocean droplet).
Have rebooted Cloudron.
Have confirmed /etc/ssh/ssh_host_rsa_key permissions are 600 and owned by root

Have discovered that /etc/proftpd directory does not exist at all (making the error message mentioning line 76 particularly strange).

System Details

Generate Diagnostics Data

https://paste.cloudron.io/iyasudamap

Cloudron Version

9.0.13

Ubuntu Version

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04.3 LTS
Release:        24.04
Codename:       noble

Cloudron installation method

Manual with ./cloudron-setup

(I think. It was a very long time ago).

Output of cloudron-support --troubleshoot

Vendor: DigitalOcean Product: Droplet
Linux: 6.8.0-88-generic
Ubuntu: noble 24.04
Processor: DO-Regular
BIOS pc-i440fx-6.1  CPU @ 2.0GHz x 2
RAM: 4009880KB
Disk: /dev/vda1        14G
[OK]    node version is correct
[OK]    IPv6 is enabled in kernel. No public IPv6 address
[OK]    docker is running
[OK]    docker version is correct
[OK]    MySQL is running
[OK]    nginx is running
[OK]    dashboard cert is valid
[OK]    dashboard is reachable via loopback
[OK]    No pending database migrations
[OK]    Service 'mysql' is running and healthy
[OK]    Service 'postgresql' is running and healthy
[OK]    Service 'mongodb' is running and healthy
[OK]    Service 'mail' is running and healthy
[OK]    Service 'graphite' is running and healthy
[OK]    box v9.0.13 is running
[OK]    netplan is good
[OK]    DNS is resolving via systemd-resolved
[OK]    Dashboard is reachable via domain name
[OK]    Domain sethfeldkamp.com is valid and has not expired
[OK]    unbound is running```

nebulon

Not sure but are you referring to the ssh key file and the proftpd configs on the host system or within the sftp service container? The host system should not have any /etc/proftpd/ configs and the ssh key here is the one within the container.

You can access the container's filesystem by docker exec -ti sftp /bin/bash

Can you check the ssh key file permissions within that shell?