i have a breakthrough
http://forum.filezilla-project.org/v...3f743f6f6c25df
and for future concern, proftpd 1.3.1 and latest filezilla will not work ...
http://forum.filezilla-project.org/v...php?f=2&t=7688
hope it helps someone out there!
Yes, it's easy to use and really powerful
Yes, but i won't use it
No, the GUI has to be improved
i have a breakthrough
http://forum.filezilla-project.org/v...3f743f6f6c25df
and for future concern, proftpd 1.3.1 and latest filezilla will not work ...
http://forum.filezilla-project.org/v...php?f=2&t=7688
hope it helps someone out there!
Wow, well done, i wasn't aware of this.
So if i summarise, those using Karmic Koala which include proftpd 1.3.2-3 should not have this issue, good to know.
Thank you very much for your contribution, i will try to find a place for this in first post.
Hello everybody.
For those of you that are faced for the first time with the concept of secure ftp server, and got through the thread so far, i thought i will post a copy of my 'proftpd.conf' as it can be quite a handful
i have
ubuntu 9.10
proftpd 1.3.2-3
filezilla 3.2.8.1
i followed all the steps presented in this very good guide, and it's working! w00t
here it goes!
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
ServerName "your server name goes here"
ServerType standalone
DeferWelcome on
ServerIdent on "FTP Server ready."
DeferWelcome on
UseReverseDNS on
IdentLookups off
TimeoutLogin 20
RootLogin off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
TimeoutLogin 30
# It's better for debug to create log files
ExtendedLog /var/log/proftpd/ftp.log
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/syslog.log
DisplayLogin welcome.msg
DisplayChdir .message
ListOptions "-l"
DefaultRoot /home/FTP-shared
#IdentLookups off
#ServerIdent off
# Lock all the users in home directory, ***** really important *****
# DefaultRoot ~
RootLogin off
MaxLoginAttempts 3
UseFtpUsers off
DenyFilter \*.*/
# Allow to restart a download
AllowStoreRestart on
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off
# Uncomment this if you would use TLS module:
TLSEngine on
# Uncomment this if you would use quota module:
#Quotas on
# Uncomment this if you would use ratio module:
#Ratios on
# Port 21 is the standard FTP port.
Port 5555
MaxInstances 8
#MasqueradeAddress xxxxxxx.org
#MasqueradeAddress xx.xxx.xxx175
#PassivePorts 60000 60100
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "welcome to the SFTP Server"
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
# MaxInstances 10
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
AuthAliasOnly on
UserAlias ##yourfavoriteusername## userftp
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?pag...LSS-2004-10-02
# It is on by default.
#DelayEngine off
<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1
#TLSCipherSuite ALL:!ADH:!DES
#TLSVerifyClient on
TLSRequired on
TLSRenegotiate required off
#TLSOptions NoCertRequest
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key
# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>
enjoy
I can't get the service to run on any port. I've tried using 5555, 1980 and 21 but www.canyouseeme.org tells me the service is not running (I've opened the relevant ports in my router).
Any ideas?
make sure that your server runs in the first place, before anything else,
ps axf | grep proftpd
5087 pts/0 S+ 0:00 \_ grep proftpd
5071 ? Ss 0:00 proftpd: (accepting connections)
check config by using
#proftpd -td5
last line should be
#Syntax check complete.
Trying to set up the Proftpd server
bob2@bob-desktop:~$ locate .bashrcI am at the point of installing the tools. I have the script installed. When I put Proftptools in the command line it comes back with nothing. I ran a locate for the file and found /home/bob2/.bashrc to find a file to put it in as suggested by your instructions..
/etc/bash.bashrc
/etc/skel/.bashrc
/home/bob2/.bashrc
/usr/share/base-files/dot.bashrc
/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc
/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc
bob2@bob-desktop:~$ sudo cat /home/bob2/.bashrcI posted ProftpTools_dir=/home/username/ProftpTools-v1.0.2
export ProftpTools_dir at the bottom of the file
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history. See bash(1) for more options
# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi
# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
. /etc/bash_completion
fi
ProftpTools_dir=/home/username/ProftpTools-v1.0.2
export ProftpTools_dir
bob2@bob-desktop:~$
Maybe you just forgot to clocse your terminal and re-launch it so that the .bashrc is read again (with the update).
Anyway glad to see that some users use my old home made zenity script
EDIT: problem fixed
Last edited by tad1073; January 6th, 2010 at 05:19 AM.
| Corsair Carbide Series® 300R | Intel Core i5 650@3.20Ghz| OCZ-Vertex3 120 Gb SSD | Western Digital 640 Gb HDD | Western Digital 1 Tb HDD ||Gigabyte GeForce GTX 950 Extreme | Ubuntu 16.04 x86_64 | Windows 10 Pro |
I am having problems adding users.
Code:# To really apply changes reload proftpd after modifications. AllowOverwrite on AuthAliasOnly on # Choose here the user alias you want !!!! UserAlias thomas userftp UserAlias dale userftp UserAlias tommy userftp UserAlias linzi userftp ServerName "ThompsonFTP" ServerType standalone DeferWelcome on MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 100 TimeoutIdle 2200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" RequireValidShell off TimeoutLogin 20 RootLogin off # It's better for debug to create log files ;-) ExtendedLog /var/log/ftp.log TransferLog /var/log/xferlog SystemLog /var/log/syslog.log #DenyFilter \*.*/ # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me) UseFtpUsers off # Allow to restart a download AllowStoreRestart on # Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want) Port 1980 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 8 # Set the user and group that the server normally runs at. User nobody Group userftp # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 PersistentPasswd off MaxClients 8 MaxClientsPerHost 8 MaxClientsPerUser 8 MaxHostsPerUser 8 # Display a message after a successful login AccessGrantMsg "welcome !!!" # This message is displayed for each access good or not ServerIdent on "you're at home" # Set /home/FTP-shared directory as home directory DefaultRoot /media/FamilyFiles/FTPShares # Lock all the users in home directory, ***** really important ***** DefaultRoot ~ MaxLoginAttempts 5 #VALID LOGINS <Limit LOGIN> AllowUser userftp AllowUser dale AllowUser tommy AllowUser linzi DenyALL </Limit> <Directory /media/FamilyFiles/FTPShares> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> AllowUser userftp AllowUser dale AllowUser tommy AllowUser linzi DenyAll </Limit> </Directory> <Directory /media/FamilyFiles/FTPShares/download/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> AllowUser userftp AllowUser dale AllowUser tommy AllowUser linzi DenyAll </Limit> </Directory> <Directory /media/FamilyFiles/FTPShares/upload/> Umask 022 022 AllowOverwrite on <Limit READ RMD DELE> AllowUser userftp AllowUser dale AllowUser tommy AllowUser linzi DenyAll </Limit> <Limit STOR CWD MKD> AllowAll </Limit> </Directory>
| Corsair Carbide Series® 300R | Intel Core i5 650@3.20Ghz| OCZ-Vertex3 120 Gb SSD | Western Digital 640 Gb HDD | Western Digital 1 Tb HDD ||Gigabyte GeForce GTX 950 Extreme | Ubuntu 16.04 x86_64 | Windows 10 Pro |
You are making confusion between system user and alias names. What you allow in <Directory > section are system users not alias names.
Bookmarks