Prior to Plesk 9.1 additional FTP accounts were impossible and for a short time after 9.1 they were only available in a windows environment. Well now they’re available in a Linux environment as well but they can be a little tricky especially when talking about SFTP in a chrooted environment.

The issue: When a user creates a new FTP account (and we call it FTP only because that’s what it’s labeled in the control panel) in their Plesk Control panel the user appears to be able to login via SFTP however they are immediately disconnected. FileZilla users will receive this message “Connection closed by server with exitcode 1”. If you attempt to access the server via putty the user account is authenticated and then the sessions is immediately disconnected.

The reason: When a new user is created Plesk modifies /etc/passwd and creates an entry that looks as follows:

demo:x:10004:2524::/var/www/vhosts/domain.com:/bin/false

As we can see the user is not given the proper permissions to access the chrooted environment.

The fix: Open up shell as root and go to /etc/ nano passwd and modify the above line to:

demo:x:10004:2524::/var/www/vhosts/domain.com:/usr/local/psa/bin/chrootsh

The last thing that we need to do is modify the passwd file within the domain itself. To do this to nano /var/www/vhost/domain.com/etc/passwd and modify the file to include the created user:

demo:x:10004:2524::/:/bin/bash

Save, restart sshd and you’re done.

Just to explain: the word demo in the lines above represents the user account that’s created in Plesk. For this example I’m using a user name of demo.

Some people have commented that they needed to set the permissions to 0666 on the below file in order to get this to work.

/var/www/vhosts/domain.tld/dev/null

On all of our machines this file is, by default, set to 0666 so I’m not sure why, on some servers, this is different.

The user is still able to remove the account from their Plesk Control Panel and by doing so it will remove the entry in /etc/passwd therefore preventing further SFTP access. The user account will still exist in the domain passwd file but because sshd uses the /etc/passwd file for authentication the user will never be able to authenticate.

If you found this article on FTP accounts in Plesk helpful please consider saying so below!