sftp service is failing

Success! Thank you!

It won't let me change it.

root@sftp:/etc/ssh# chmod 600 ssh_host_rsa_key
chmod: changing permissions of 'ssh_host_rsa_key': Read-only file system
root@sftp:/etc/ssh# sudo chmod 600 ssh_host_rsa_key
chmod: changing permissions of 'ssh_host_rsa_key': Read-only file system

Should I try updating this 600 and see if that allows the key to be used?

Ah yeah, it was the host system. It is 644 for the sftp service container and owned by cloudron.

root@my:~# docker exec -ti sftp /bin/bash
root@sftp:/app/code# ls -l /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 cloudron cloudron 1679 Dec  4 01:01 /etc/ssh/ssh_host_rsa_key
root@sftp:/app/code# stat -c "%n %a" /etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key 644

Description

SFTP service is flashing orange in Services panel.

Steps to reproduce

Upgraded to Ubuntu 22 followed by Ubuntu 24 following the guides on the site.

Logs

sftp service log after a service restart

Dec 03 19:34:27 [GET] /healthcheck
Dec 03 19:34:27 2025-12-04 01:34:27,895 sftp proftpd[42]: LDAPServer: parsed URL 'ldap://172.18.0.1:3002/??sub' as 'ldap://172.18.0.1:3002/??sub'
Dec 03 19:34:27 2025-12-04 01:34:27,899 sftp proftpd[42]: fatal: SFTPHostKey: unable to use '/etc/ssh/ssh_host_rsa_key' as host key, as it is group- or world-accessible on line 76 of '/etc/proftpd/proftpd.conf'
Dec 03 19:34:27 2025-12-04 01:34:27,904 WARN exited: proftpd (exit status 1; not expected)
Dec 03 19:34:31 2025-12-04 01:34:31,258 INFO spawned: 'proftpd' with pid 46
Dec 03 19:34:31 2025-12-04 01:34:31,301 sftp proftpd[46]: LDAPServer: parsed URL 'ldap://172.18.0.1:3002/??sub' as 'ldap://172.18.0.1:3002/??sub'
Dec 03 19:34:31 2025-12-04 01:34:31,303 sftp proftpd[46]: fatal: SFTPHostKey: unable to use '/etc/ssh/ssh_host_rsa_key' as host key, as it is group- or world-accessible on line 76 of '/etc/proftpd/proftpd.conf'
Dec 03 19:34:31 2025-12-04 01:34:31,308 WARN exited: proftpd (exit status 1; not expected)
Dec 03 19:34:32 [GET] /healthcheck
Dec 03 19:34:32 2025-12-04 01:34:32,020 INFO gave up: proftpd entered FATAL state, too many start retries too quickly

Troubleshooting Already Performed

Have restarted host (Digital Ocean droplet).
Have rebooted Cloudron.
Have confirmed /etc/ssh/ssh_host_rsa_key permissions are 600 and owned by root

Have discovered that /etc/proftpd directory does not exist at all (making the error message mentioning line 76 particularly strange).

System Details

Generate Diagnostics Data

https://paste.cloudron.io/iyasudamap

Cloudron Version

9.0.13

Ubuntu Version

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04.3 LTS
Release:        24.04
Codename:       noble

Cloudron installation method

Manual with ./cloudron-setup

(I think. It was a very long time ago).

Output of cloudron-support --troubleshoot

Vendor: DigitalOcean Product: Droplet
Linux: 6.8.0-88-generic
Ubuntu: noble 24.04
Processor: DO-Regular
BIOS pc-i440fx-6.1  CPU @ 2.0GHz x 2
RAM: 4009880KB
Disk: /dev/vda1        14G
[OK]    node version is correct
[OK]    IPv6 is enabled in kernel. No public IPv6 address
[OK]    docker is running
[OK]    docker version is correct
[OK]    MySQL is running
[OK]    nginx is running
[OK]    dashboard cert is valid
[OK]    dashboard is reachable via loopback
[OK]    No pending database migrations
[OK]    Service 'mysql' is running and healthy
[OK]    Service 'postgresql' is running and healthy
[OK]    Service 'mongodb' is running and healthy
[OK]    Service 'mail' is running and healthy
[OK]    Service 'graphite' is running and healthy
[OK]    box v9.0.13 is running
[OK]    netplan is good
[OK]    DNS is resolving via systemd-resolved
[OK]    Dashboard is reachable via domain name
[OK]    Domain sethfeldkamp.com is valid and has not expired
[OK]    unbound is running```

For what it's worth, the terms of service have been updated. Not that it matters. As with everything on the internet, it's buyer beware and use at your own risk. For my part I'm comfortable with the underlying protocol and the role Bluesky (a public-benefit company) is playing in developing it and the reference implementations for it.

They have released a PDS (docker image) that will federate with their sandbox network. Federation with the production network will come after a period of time.

https://github.com/bluesky-social/pds

Federation still depends on three services hosted by Bluesky. Eventually it should be possible to consume these ATProto services from other providers, but for now Bluesky is the only one offering them.

SMTP-Mailer is configured automatically and working for me when I send the test email. However, a number of Contact Form plugins that were advertised as working with SMTP-Mailer weren't actually sending an email. Some failed silently, and some helpfully showed an error to the user.

I did finally find one. Completely free. I'm not connected to them in any way. Just leaving this here in case anyone else runs into the same problem.

https://wordpress.org/plugins/simple-basic-contact-form/

@sfeldkamp

Well, I tried the digital oceans ones and they didn't work either. Maybe I will have to create a new server and restore backups instead.

https://docs.cloudron.io/guides/upgrade-ubuntu-18/

https://www.digitalocean.com/community/tutorials/how-to-upgrade-to-ubuntu-18-04

These are different. Which should I follow? I've tried the cloudron guide a couple of times with no luck. Is it safe to upgrade following the digitalocean guide (I am hosted on digital ocean).

@girish

oh, man. My bad for not reading the docs on that one. Thanks for the help.

@nebulon said in Gitea - Package Updates:

Full changelog

https://github.com/go-gitea/gitea/pull/13058

This change in 1.13.0 broke my repo by causing my existing git hook to fail. Git Hooks tab is now hidden by default.
I can't successfully push to origin because the hook fails.

I updated run/gitea/app.ini manually to restore it by adding

[custom]
DISABLE_GIT_HOOKS = false

However, this is not durable for a restart. I was depending on the Git Hooks feature of Gitea to push to mirror my repository to the GitHub Pages app repo to publish it.

Is it possible to default this value to true instead in the app? Or otherwise provide a way to toggle it that will be durable across versions and installs?