admin created by default env settings cant login via ssh

ghost commented 2 years ago

my docker command is : docker run --name some-sftpgo -p 7070:8080 -p 2022:2022 \ -e SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN=1 \ -e SFTPGO_DEFAULT_ADMIN_USERNAME=admin \ -e SFTPGO_DEFAULT_ADMIN_PASSWORD=123456\ -dit "drakkan/sftpgo:v2.3.5-alpine" this is my log from docker started:

{"level":"info","time":"2022-10-13T17:42:52.542","sender":"service","message":"starting SFTPGo 2.3.5-b65fc0bd-2022-09-17T15:19:27Z +metrics +azblob +gcs +s3 +bolt +mysql +pgsql +sqlite +portable, config dir: ., config file: , log max size: 10 log max backups: 5 log max age: 28 log verbose: true, log compress: false, log utc time: false, load data from: \"\""} {"level":"debug","time":"2022-10-13T17:42:52.592","sender":"config","message":"config file used: '\"/etc/sftpgo/sftpgo.json\"', config loaded: {Common:{IdleTimeout:15 UploadMode:0 Actions:{ExecuteOn:[] ExecuteSync:[] Hook:} SetstatMode:0 TempPath: ProxyProtocol:0 ProxyAllowed:[] StartupHook: PostConnectHook: PostDisconnectHook: DataRetentionHook: MaxTotalConnections:0 MaxPerHostConnections:20 WhiteListFile: DefenderConfig:{Enabled:false Driver:memory BanTime:30 BanTimeIncrement:50 Threshold:15 ScoreInvalid:2 ScoreValid:1 ScoreLimitExceeded:3 ObservationTime:30 EntriesSoftLimit:100 EntriesHardLimit:150 SafeListFile: BlockListFile: SafeList:[] BlockList:[]} RateLimitersConfig:[{Average:0 Period:1000 Burst:1 Type:2 Protocols:[SSH FTP DAV HTTP] AllowList:[] GenerateDefenderEvents:false EntriesSoftLimit:100 EntriesHardLimit:150}] idleTimeoutAsDuration:0 idleLoginTimeout:0 defender: whitelist:} ACME:{Email: KeyType:4096 CertsPath:certs CAEndpoint:https://acme-v02.api.letsencrypt.org/directory Domains:[] RenewDays:30 HTTP01Challenge:{Port:80 WebRoot: ProxyHeader:} TLSALPN01Challenge:{Port:0} accountConfigPath: accountKeyPath: lockPath: tempDir:} SFTPD:{Banner:SFTPGo_2.3.5 Bindings:[{Address: Port:2022 ApplyProxyConfig:true}] MaxAuthTries:0 HostKeys:[] HostCertificates:[] HostKeyAlgorithms:[] KexAlgorithms:[] Ciphers:[] MACs:[] TrustedUserCAKeys:[] RevokedUserCertsFile: LoginBannerFile: EnabledSSHCommands:[md5sum sha1sum sha256sum cd pwd scp] KeyboardInteractiveAuthentication:false KeyboardInteractiveHook: PasswordAuthentication:true FolderPrefix: certChecker: parsedUserCAKeys:[]} FTPD:{Bindings:[{Address: Port:0 ApplyProxyConfig:true TLSMode:0 CertificateFile: CertificateKeyFile: MinTLSVersion:12 ForcePassiveIP: PassiveIPOverrides:[] ClientAuthType:0 TLSCipherSuites:[] PassiveConnectionsSecurity:0 ActiveConnectionsSecurity:0 Debug:false ciphers:[]}] Banner:SFTPGo 2.3.5 ready BannerFile: CertificateFile: CertificateKeyFile: CACertificates:[] CARevocationLists:[] ActiveTransfersPortNon20:true DisableActiveMode:false EnableSite:false HASHSupport:0 CombineSupport:0 PassivePortRange:{Start:50000 End:50100}} WebDAVD:{Bindings:[{Address: Port:0 EnableHTTPS:false CertificateFile: CertificateKeyFile: MinTLSVersion:12 ClientAuthType:0 TLSCipherSuites:[] Prefix: ProxyAllowed:[] ClientIPProxyHeader: ClientIPHeaderDepth:0 allowHeadersFrom:[]}] CertificateFile: CertificateKeyFile: CACertificates:[] CARevocationLists:[] Cors:{AllowedOrigins:[] AllowedMethods:[] AllowedHeaders:[] ExposedHeaders:[] AllowCredentials:false Enabled:false MaxAge:0} Cache:{Users:{ExpirationTime:0 MaxSize:50} MimeTypes:{Enabled:true MaxSize:1000}}} ProviderConf:{Driver:sqlite Name:sftpgo.db Host: Port:0 Username: Password: SSLMode:0 RootCert: ClientCert: ClientKey: ConnectionString: SQLTablesPrefix: TrackQuota:2 PoolSize:0 UsersBaseDir:/srv/sftpgo/data Actions:{ExecuteOn:[] ExecuteFor:[] Hook:} ExternalAuthHook: ExternalAuthScope:0 CredentialsPath:credentials PreLoginHook: PostLoginHook: PostLoginScope:0 CheckPasswordHook: CheckPasswordScope:0 UpdateMode:0 PasswordHashing:{BcryptOptions:{Cost:10} Argon2Options:{Memory:65536 Iterations:1 Parallelism:2} Algo:bcrypt} PasswordValidation:{Admins:{MinEntropy:0} Users:{MinEntropy:0}} PasswordCaching:true DelayedQuotaUpdate:0 CreateDefaultAdmin:true NamingRules:1 IsShared:0 BackupsPath:/srv/sftpgo/backups AutoBackup:{Enabled:true Hour:0 DayOfWeek:*}} HTTPDConfig:{Bindings:[{Address: Port:8080 EnableWebAdmin:true EnableWebClient:true EnabledLoginMethods:0 EnableHTTPS:false CertificateFile: CertificateKeyFile: MinTLSVersion:12 ClientAuthType:0 TLSCipherSuites:[] ProxyAllowed:[] ClientIPProxyHeader: ClientIPHeaderDepth:0 HideLoginURL:0 RenderOpenAPI:true WebClientIntegrations:[] OIDC:{ClientID: ClientSecret: ConfigURL: RedirectBaseURL: UsernameField: RoleField: ImplicitRoles:false Scopes:[openid profile email] CustomFields:[] Debug:false provider: verifier: providerLogoutURL: oauth2Config:} Security:{Enabled:false AllowedHosts:[] AllowedHostsAreRegex:false HostsProxyHeaders:[] HTTPSRedirect:false HTTPSHost: HTTPSProxyHeaders:[] STSSeconds:0 STSIncludeSubdomains:false STSPreload:false ContentTypeNosniff:false ContentSecurityPolicy: PermissionsPolicy: CrossOriginOpenerPolicy: ExpectCTHeader: proxyHeaders:[]} Branding:{WebAdmin:{Name: ShortName: LogoPath: LoginImagePath: FaviconPath: DisclaimerName: DisclaimerPath: DefaultCSS: ExtraCSS:[]} WebClient:{Name: ShortName: LogoPath: LoginImagePath: FaviconPath: DisclaimerName: DisclaimerPath: DefaultCSS: ExtraCSS:[]}} allowHeadersFrom:[]}] TemplatesPath:templates StaticFilesPath:static OpenAPIPath:openapi WebRoot: CertificateFile: CertificateKeyFile: CACertificates:[] CARevocationLists:[] SigningPassphrase: TokenValidation:0 MaxUploadFileSize:1048576000 Cors:{AllowedOrigins:[] AllowedMethods:[] AllowedHeaders:[] ExposedHeaders:[] AllowCredentials:false Enabled:false MaxAge:0} Setup:{InstallationCode: InstallationCodeHint:Installation code} HideSupportLink:false} HTTPConfig:{Timeout:20 RetryWaitMin:2 RetryWaitMax:30 RetryMax:3 CACertificates:[] Certificates:[] SkipTLSVerify:false Headers:[] customTransport: tlsConfig:} CommandConfig:{Timeout:30 Env:[] Commands:[]} KMSConfig:{Secrets:{URL: MasterKeyPath: MasterKeyString: masterKey:}} MFAConfig:{TOTP:[{Name:Default Issuer:SFTPGo Algo:sha1 algo:0}]} TelemetryConfig:{BindPort:0 BindAddress:127.0.0.1 EnableProfiler:false AuthUserFile: CertificateFile: CertificateKeyFile: TLSCipherSuites:[] MinTLSVersion:12} PluginsConfig:[] SMTPConfig:{Host: Port:25 From: User: Password: AuthType:0 Encryption:0 Domain: TemplatesPath:templates}}"} {"level":"info","time":"2022-10-13T17:42:52.594","sender":"common","message":"using memory transfer checker"} {"level":"info","time":"2022-10-13T17:42:52.594","sender":"kms","message":"secret provider registered for scheme: \"builtin\", encrypted status: \"AES-256-GCM\""} {"level":"info","time":"2022-10-13T17:42:52.594","sender":"kms","message":"secret provider registered for scheme: \"local\", encrypted status: \"Secretbox\""} {"level":"debug","time":"2022-10-13T17:42:52.595","sender":"plugins","message":"initialize"} {"level":"debug","time":"2022-10-13T17:42:52.595","sender":"smtp","message":"configuration disabled, email capabilities will not be available"} {"level":"debug","time":"2022-10-13T17:42:52.596","sender":"dataprovider_sqlite","message":"sqlite database handle created, connection string: \"file:sftpgo.db?cache=shared&_foreign_keys=1\""} {"level":"error","time":"2022-10-13T17:42:52.622","sender":"dataprovider_sqlite","message":"error preparing database query \"SELECT version from schema_version LIMIT 1\": no such table: schema_version"} {"level":"info","time":"2022-10-13T17:42:52.623","sender":"dataprovider_sqlite","message":"creating initial database schema, version 15"} {"level":"error","time":"2022-10-13T17:42:52.624","sender":"dataprovider_sqlite","message":"error preparing database query \"SELECT version from schema_version LIMIT 1\": no such table: schema_version"} {"level":"info","time":"2022-10-13T17:42:52.663","sender":"dataprovider_sqlite","message":"updating database version: 15 -> 16"} {"level":"info","time":"2022-10-13T17:42:52.679","sender":"dataprovider_sqlite","message":"updating database version: 16 -> 17"} {"level":"info","time":"2022-10-13T17:42:52.701","sender":"dataprovider_sqlite","message":"updating database version: 17 -> 18"} {"level":"info","time":"2022-10-13T17:42:52.706","sender":"dataprovider_sqlite","message":"updating database version: 18 -> 19"} {"level":"debug","time":"2022-10-13T17:42:52.713","sender":"dataprovider_sqlite","message":"no admins found, try to create the default one"} {"level":"debug","time":"2022-10-13T17:42:52.845","sender":"dataprovider_sqlite","message":"delayed quota update loop started, wait time: 0s"} {"level":"debug","time":"2022-10-13T17:42:52.845","sender":"dataprovider_sqlite","message":"delayed quota update loop ended, wait time: 0s"} {"level":"info","time":"2022-10-13T17:42:52.846","sender":"acme","message":"no domains configured, acme disabled"} {"level":"info","time":"2022-10-13T17:42:52.851","sender":"service","message":"FTP server not started, disabled in config file"} {"level":"info","time":"2022-10-13T17:42:52.851","sender":"service","message":"WebDAV server not started, disabled in config file"} {"level":"info","time":"2022-10-13T17:42:52.851","sender":"service","message":"telemetry server not started, disabled in config file"} {"level":"info","time":"2022-10-13T17:42:52.853","sender":"service","message":"initializing SFTP server with config {Banner:SFTPGo_2.3.5 Bindings:[{Address: Port:2022 ApplyProxyConfig:true}] MaxAuthTries:0 HostKeys:[] HostCertificates:[] HostKeyAlgorithms:[] KexAlgorithms:[] Ciphers:[] MACs:[] TrustedUserCAKeys:[] RevokedUserCertsFile: LoginBannerFile: EnabledSSHCommands:[md5sum sha1sum sha256sum cd pwd scp] KeyboardInteractiveAuthentication:false KeyboardInteractiveHook: PasswordAuthentication:true FolderPrefix: certChecker: parsedUserCAKeys:[]}"} {"level":"info","time":"2022-10-13T17:42:52.852","sender":"httpd","message":"initializing HTTP server with config {Bindings:[{Address: Port:8080 EnableWebAdmin:true EnableWebClient:true EnabledLoginMethods:0 EnableHTTPS:false CertificateFile: CertificateKeyFile: MinTLSVersion:12 ClientAuthType:0 TLSCipherSuites:[] ProxyAllowed:[] ClientIPProxyHeader: ClientIPHeaderDepth:0 HideLoginURL:0 RenderOpenAPI:true WebClientIntegrations:[] OIDC:{ClientID: ClientSecret: ConfigURL: RedirectBaseURL: UsernameField: RoleField: ImplicitRoles:false Scopes:[openid profile email] CustomFields:[] Debug:false provider: verifier: providerLogoutURL: oauth2Config:} Security:{Enabled:false AllowedHosts:[] AllowedHostsAreRegex:false HostsProxyHeaders:[] HTTPSRedirect:false HTTPSHost: HTTPSProxyHeaders:[] STSSeconds:0 STSIncludeSubdomains:false STSPreload:false ContentTypeNosniff:false ContentSecurityPolicy: PermissionsPolicy: CrossOriginOpenerPolicy: ExpectCTHeader: proxyHeaders:[]} Branding:{WebAdmin:{Name: ShortName: LogoPath: LoginImagePath: FaviconPath: DisclaimerName: DisclaimerPath: DefaultCSS: ExtraCSS:[]} WebClient:{Name: ShortName: LogoPath: LoginImagePath: FaviconPath: DisclaimerName: DisclaimerPath: DefaultCSS: ExtraCSS:[]}} allowHeadersFrom:[]}] TemplatesPath:templates StaticFilesPath:static OpenAPIPath:openapi WebRoot: CertificateFile: CertificateKeyFile: CACertificates:[] CARevocationLists:[] SigningPassphrase: TokenValidation:0 MaxUploadFileSize:1048576000 Cors:{AllowedOrigins:[] AllowedMethods:[] AllowedHeaders:[] ExposedHeaders:[] AllowCredentials:false Enabled:false MaxAge:0} Setup:{InstallationCode: InstallationCodeHint:Installation code} HideSupportLink:false}"} {"level":"info","time":"2022-10-13T17:42:52.854","sender":"httpd","message":"using memory reset code manager"} {"level":"info","time":"2022-10-13T17:42:52.854","sender":"httpd","message":"using memory OIDC manager"} {"level":"info","time":"2022-10-13T17:42:52.855","sender":"sftpd","message":"No host keys configured and \"id_rsa\" does not exist; try to create a new host key"} {"level":"debug","time":"2022-10-13T17:42:52.855","sender":"util","message":"found share data path for name \"static\": \"/usr/share/sftpgo/static\""} {"level":"debug","time":"2022-10-13T17:42:52.855","sender":"util","message":"found share data path for name \"templates\": \"/usr/share/sftpgo/templates\""} {"level":"debug","time":"2022-10-13T17:42:52.856","sender":"util","message":"found share data path for name \"openapi\": \"/usr/share/sftpgo/openapi\""} {"level":"info","time":"2022-10-13T17:42:53.003","sender":"httpd","message":"server listener registered, address: [::]:8080 TLS enabled: false"} {"level":"info","time":"2022-10-13T17:42:58.798","sender":"sftpd","message":"No host keys configured and \"id_ecdsa\" does not exist; try to create a new host key"} {"level":"info","time":"2022-10-13T17:42:58.803","sender":"sftpd","message":"No host keys configured and \"id_ed25519\" does not exist; try to create a new host key"} {"level":"info","time":"2022-10-13T17:42:58.812","sender":"sftpd","message":"Loading private host key \"id_rsa\""} {"level":"info","time":"2022-10-13T17:42:58.817","sender":"sftpd","message":"Host key \"id_rsa\" loaded, type \"ssh-rsa\", fingerprint \"SHA256:/kwpnBm2X603f6BNSuuDTinK4fqdFd2Bq4v19U2U6kc\""} {"level":"info","time":"2022-10-13T17:42:58.818","sender":"sftpd","message":"Loading private host key \"id_ecdsa\""} {"level":"info","time":"2022-10-13T17:42:58.819","sender":"sftpd","message":"Host key \"id_ecdsa\" loaded, type \"ecdsa-sha2-nistp256\", fingerprint \"SHA256:hpXWZ+GKUWTBc7/S5f1Ayi2hzSZHm0AGL0SOHlQSpto\""} {"level":"info","time":"2022-10-13T17:42:58.819","sender":"sftpd","message":"Loading private host key \"id_ed25519\""} {"level":"info","time":"2022-10-13T17:42:58.819","sender":"sftpd","message":"Host key \"id_ed25519\" loaded, type \"ssh-ed25519\", fingerprint \"SHA256:UFGW1stkyMsu34lC2KZQtpJImkqtOZEuk6KGoMt8UMU\""} {"level":"debug","time":"2022-10-13T17:42:58.820","sender":"sftpd","message":"enabled SSH commands [md5sum sha1sum sha256sum cd pwd scp]"} {"level":"info","time":"2022-10-13T17:42:58.821","sender":"sftpd","message":"server listener registered, address: [::]:2022"}

then I use sftp -P 2022 admin@localhost typed password 123456 , it says permission denied ,try again . container logs says :

{"level":"warn","time":"2022-10-13T17:44:14.755","sender":"dataprovider_sqlite","message":"error authenticating user \"admin\": not found: sql: no rows in result set"} {"level":"debug","time":"2022-10-13T17:44:14.756","sender":"connection_failed","client_ip":"172.17.0.1","username":"admin","login_type":"publickey","protocol":"SSH","error":"not found: sql: no rows in result set"} {"level":"warn","time":"2022-10-13T17:44:18.663","sender":"dataprovider_sqlite","message":"error authenticating user \"admin\": not found: sql: no rows in result set"} {"level":"debug","time":"2022-10-13T17:44:18.664","sender":"connection_failed","client_ip":"172.17.0.1","username":"admin","login_type":"password","protocol":"SSH","error":"not found: sql: no rows in result set"} {"level":"debug","time":"2022-10-13T17:44:19.922","sender":"sftpd","message":"failed to accept an incoming connection: [ssh: no auth passed yet, Authentication error: could not validate public key credentials: not found: sql: no rows in result set, Authentication error: could not validate password credentials: not found: sql: no rows in result set]"}

then I go to web ui : http://localhost:7070/web/admin/login , I can login in by admin:123456.

after log in , I created an user (or admin ) account , then sftp -P 2022 user@localhost can log in and put or get file .

And if I use rest api to create user by this step :

get bearer token using admin 123456
create account by api/v2/users
this account also can login on web ui : http://localhost:7070/web/client/login
but sftp -P 2022 user@localhost says permission denied .

drakkan commented 2 years ago

admins can login to the web admin UI and create users. Users can login with enabled protocols (SFTP,FTP,WebDAV etc..), please read the getting started guide and check your logs to understand why you get a permission denied error

Dowwie commented 1 year ago

@drakkan I found this issue thread by attempting the same admin login flow as the user who raised this issue. I am looking for a fully automated setup with sftpgo so that it may be used for integration testing. The way that you describe a solution to the problem here makes it seem that a user has to log into a web admin dashboard to create a user, and the new user logs into the admin dashboard to enable protocols. This unfortunately makes sftpgo far more difficult to automate for setup.

drakkan commented 1 year ago

@Dowwie please don't mix things up. Admins login to WebAdmin UI and create users, users can login via SSH/FTP etc.

A default admin can be auto-created by defining env vars. If you want to create admins, users, groups etc. you can load initial data. So you can fully automate your setup. Please read the support policy and don't ask for step-by-step support. Thank you

Dowwie commented 1 year ago

For anyone else who finds this thread and is looking for step-by-step, you may find the following useful.

First, set three environment variables:

SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN=true
SFTPGO_DEFAULT_ADMIN_USERNAME=admin
SFTPGO_DEFAULT_ADMIN_PASSWORD=password

When you start the sftpgo server with these env vars set, you want to create an access token as the admin and then use it to create users. Here's an example. You'll still have to familiarize yourself with the config variables and env vars beyond the scope of this working example (as of this comment).


BASE_URL="localhost:8080/api/v2"

TOKEN_URL="http://admin:password@${BASE_URL}/token"

RESPONSE=$(curl -s --show-error ${TOKEN_URL})

TOKEN=$(
  echo ${RESPONSE} \
  | jq ".access_token" \
  | sed 's/^"\(.*\)"$/\1/'
)

curl --request POST \
  --url ${BASE_URL}/users \
  --header "Authorization: Bearer ${TOKEN}" \
  --header "Content-Type: application/json; charset=utf-8" \
  --data '{
  "id": 1,
  "status": 1,
  "username": "ftp_user",
  "email": "user@sftpgorules.com,
  "description": "our ftp user",
  "password": "myvoiceismypassport",
  "public_keys": [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIicEc0BRKRjehOp+OLRguWL7ntujkITtI7VYU70xbqG john@doe.com"
  ],
  "permissions": {
    "/": [
      "*"
    ]
  }
}'

for more information about this REST api endpoint and the others: https://sftpgo.stoplight.io/docs/sftpgo/d9755a1cfd67c-add-user

drakkan / sftpgo

admin created by default env settings cant login via ssh #1021