SOLVED SFTP connects to 202 but not 222
How to reproduce:
I have the following sshd configuration:
- Use keys insteas of password
- Disable root login
- Change port to 202
- Allow only user 'drpaneas' to login
I am now able to SFTP into the server, by loading my private key to Filezilla and accessing the SSH port (that is 202).
According to https://docs.cloudron.io/apps/#ftp-access there is a docker container running an SFTP server where I should be able to connect using my Cloudron username/password at port
222. This is not happening though.
This is the container I think:
6cd9eeefdf5b cloudron/sftp:3.0.0 "/app/code/start.sh" 19 hours ago Up 2 minutes 0.0.0.0:222->22/tcp sftp
Is this normal?
So the sshd itself on the server is not related to the sftp service running to get ftp access into the app. They are separate. SFTP auth is based on username@appdomain + password and not with keys. Generally we try to provide a system where SSH into the server is really only needed to troubleshoot and fix things. The ftp service itself is for webdev use-case mostly and thus also uses a different auth to be able to let that be configured via the dashboard.
@drpaneas Does telnet to port 222 work? Replace
188.8.131.52with your Cloudron IP below. If it doesn't connect, then it indicates most likely some firewall issue. Do you have some Cloud firewall in front of your server? If so, you might have to unblock port 222.
$ telnet 184.108.40.206 222 Trying 220.127.116.11... Connected to 18.104.22.168. Escape character is '^]'. SSH-2.0-mod_sftp/0.9.9 4iOӤ�]N���R��Q��ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,rsa1024-sha1ssh-rsa�aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-ctr,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,3des-ctr,3des-cbc�aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-ctr,blowfish-cbc,cast128-cbc,arcfour256,arcfour128,3des-ctr,3des-cbcjhmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,email@example.com,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,firstname.lastname@example.org�email@example.com,zlib,none�firstname.lastname@example.org,zlib,noneO�
@girish yes telnet works and I get the same reply as yours
# lsof -i:222 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME docker-pr 20793 root 4u IPv6 369319 0t0 TCP *:222 (LISTEN)
# ps aux | grep 20793 root 20793 0.0 0.0 622784 3968 ? Sl 19:46 0:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 222 -container-ip 172.18.0.7 -container-port 22
@drpaneas Ah ok, I think what you were probably looking for is to understand if the SSH and SFTP are the same server. As @nebulon said, they are completely different. SSH can be on any port. SFTP is run on specific port 222 and doesn't use ssh keys and instead uses cloudron directory for authentication. If you don't use SFTP, you can simple firewall off that port.
@girish yup I got it now. all clear Thanks everyone