View Poll Results: Do you think that gproftpd is useful ?

Voters
872. You may not vote on this poll
  • Yes, it's easy to use and really powerful

    473 54.24%
  • Yes, but i won't use it

    136 15.60%
  • No, the GUI has to be improved

    263 30.16%
Page 119 of 123 FirstFirst ... 1969109117118119120121 ... LastLast
Results 1,181 to 1,190 of 1225

Thread: HOWTO : Create a FTP server with user access (proftpd)

  1. #1181
    Join Date
    Mar 2010
    Beans
    5
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Red face FTPES won't work

    Hi all,
    I've encountered 1 flaw.
    I can connect using FTP but not FTPES.

    All I get from FileZilla Client was
    Resolving address of ftp.xxxx.com
    17:38:02 Status: Connecting to xxxx:21...
    17:38:02 Status: Connection established, waiting for welcome message...
    17:38:12 Response: 220 Test FTP
    17:48:09 Command: AUTH TLS
    17:48:10 Response: 234 AUTH TLS successful
    17:48:10 Status: Initializing TLS...
    17:48:30 Error: GnuTLS error -9: A TLS packet with unexpected length was received.
    17:48:30 Status: Server did not properly shut down TLS connection
    17:48:30 Error: Could not connect to server
    Then I've checked on my tls.log.
    It's as follows
    Dec 29 17:47:58 mod_tls/2.2.2[14786]: error loading TLSRSACertificateFile '/etc/ftpcert/server.csr':
    (1) error:0906D06C:PEM routines:PEM_read_bio:no start line
    (2) error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
    Dec 29 17:48:08 mod_tls/2.2.2[14786]: TLS/TLS-C requested, starting TLS handshake
    Dec 29 17:48:34 mod_tls/2.2.2[14795]: error loading TLSRSACertificateFile '/etc/ftpcert/server.csr':
    (1) error:0906D06C:PEM routines:PEM_read_bio:no start line
    (2) error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
    and as for my proftpd config, it's as follows:
    # To really apply changes reload proftpd after modifications.
    AllowOverwrite on
    AuthAliasOnly on

    Include /etc/proftpd/modules.conf

    # Choose here the user alias you want
    UserAlias test xxx1

    ServerName "Test FTP"
    ServerType standalone
    DisplayLogin welcome.msg
    DeferWelcome on
    UseIPv6 off

    MultilineRFC2228 on
    DefaultServer on
    ShowSymlinks off

    TimeoutNoTransfer 600
    TimeoutStalled 100
    TimeoutIdle 2200

    DisplayChdir .message
    ListOptions "-l"

    RequireValidShell off

    TimeoutLogin 20

    RootLogin off

    # It's better for debug to create log files
    ExtendedLog /var/log/ftp.log
    TransferLog /var/log/xferlog
    SystemLog /var/log/syslog.log

    #DenyFilter \*.*/

    # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
    UseFtpUsers off

    # Allow to restart a download
    AllowStoreRestart on

    # Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
    Port 21

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 8

    # Set the user and group that the server normally runs at.
    User nobody
    Group nogroup

    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask 022 022

    PersistentPasswd off

    MaxClients 8
    MaxClientsPerHost 8
    MaxClientsPerUser 5
    MaxHostsPerUser 8

    # Display a message after a successful login
    AccessGrantMsg "xxx"

    # This message is displayed for each access good or not
    ServerIdent on "xxx"

    # Lock all the users in home directory, ***** really important *****
    DefaultRoot ~

    MaxLoginAttempts 5

    # Bar use of SITE CHMOD by default
    <Limit SITE_CHMOD>
    DenyAll
    </Limit>

    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?pag...LSS-2004-10-02
    # It is on by default.
    <IfModule mod_delay.c>
    DelayEngine on
    </IfModule>

    # Be warned: use of this directive impacts CPU average load!
    # Uncomment this if you like to see progress and transfer rate with ftpwho
    # in downloads. That is not needed for uploads rates.
    UseSendFile on

    <IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/tls.log
    TLSProtocol SSLv23 TLSv1

    # Are clients required to use FTP over TLS when talking to this server?
    TLSRequired on

    # Server's certificate
    TLSRSACertificateFile /etc/ftpcert/server.csr
    TLSRSACertificateKeyFile /etc/ftpcert/server.key

    # CA the server trusts
    TLSCACertificateFile /etc/ftpcert/ca.crt

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient off

    # Allow SSL/TLS renegotiations when the client requests them, but
    # do not force the renegotations. Some clients do not support
    # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
    # clients will close the data connection, or there will be a timeout
    # on an idle data connection.
    TLSRenegotiate none

    </IfModule>

    #VALID LOGINS
    <Limit LOGIN>
    AllowUser userftp
    AllowUser xxx1
    DenyALL
    </Limit>

    #
    <Directory /home/FTP-xxx/xxx1/>
    Umask 022 022
    AllowOverwrite on
    <Limit ALL>
    Order Allow,Deny
    AllowUser xxx1
    Deny ALL
    </Limit>
    </Directory>

    #<Directory /home/FTP-xxx>
    #Umask 022 022
    #AllowOverwrite off
    # <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
    # DenyAll
    # </Limit>
    #</Directory>
    any idea what's going on?
    Last edited by CurtBruno; December 29th, 2010 at 10:42 PM.

  2. #1182
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: FTPES won't work

    I woud try to re-generate the certificate in that case.

  3. #1183
    Join Date
    Mar 2010
    Beans
    5
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: FTPES won't work

    hmm, I'm using a non self-signed cert (cert signed by CA) also, I've solved it by changing from
    TLSRSACertificateFile /etc/ftpcert/server.csr
    to
    TLSRSACertificateFile /etc/ftpcert/server.crt
    but, connecting via LAN does work for me but not when I connect from WAN.
    I get the following error on FileZilla while testing on WAN.
    Resolving address of ftp.xxxx.com
    Status: Connecting to xxxx:21...
    Status: Connection established, waiting for welcome message...
    Response: 220 Test Server
    Command: AUTH TLS
    Response: 234 AUTH TLS successful
    Status: Initializing TLS...
    Error: GnuTLS error -73: ASN1 parser: Error in TAG.
    Error: Could not connect to server
    and in tls.log it's as follows:
    Dec 30 06:04:59 mod_tls/2.2.2[3860]: TLS/TLS-C requested, starting TLS handshake
    Dec 30 06:05:01 mod_tls/2.2.2[3860]: unable to accept TLS connection: received EOF that violates protocol
    Dec 30 06:05:01 mod_tls/2.2.2[3860]: TLS/TLS-C negotiation failed on control channel
    also, another issue... sorry for the trouble!

    I can't seems to get implicit ftp over ssl/tls to work.
    I get the following error on FileZilla as follows
    06:07:53 Status: Connecting to xxx:990...
    06:07:54 Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".
    tried in LAN and WAN with LAN (private address) and WAN (ftp.xxx.com) and also tried using FileZilla in server itself (127.0.0.1), i get connection refused by server.
    I've disabled the firewall and restarted the server but i still get the same error.

    any idea, sir?
    Last edited by CurtBruno; December 29th, 2010 at 11:14 PM.

  4. #1184
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: FTPES won't work

    Quote Originally Posted by CurtBruno View Post
    connecting via LAN does work for me but not when I connect from WAN.
    When i read this i think about network issue as if it works on LAN then it means the FTP server is ok.

    So if it works on LAN i would exclude any FTP server issue, it is more likely home network issue be home network issue (router, firewall, switch, ...).

  5. #1185
    Join Date
    Mar 2010
    Beans
    5
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: FTPES won't work

    hmm, but what about the implicit ssl issue? tried turning off all firewalls on server and tested using filezilla on the machine itself (127.0.0.1) also doesn't work.
    i get
    06:07:53 Status: Connecting to xxx:990...
    06:07:54 Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".

  6. #1186
    Join Date
    Jan 2011
    Beans
    2

    Re: HOWTO : Create a FTP server with user access (proftpd)

    hya i m doing FTP server but my problem is the same i removed inetd to standalone and Rootlogin off
    my problem is this i do that bla bla bla and then it says

    root@ubuntu:/home/xubuntuforservers# sudo /etc/init.d/proftpd restart
    ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration.
    root@ubuntu:/home/xubuntuforservers#


    whata ???

    My CFG

    # # /etc/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # ServerName "FTP Server" Serverident on "FTP" ServerType standalone DeferWelcome off TimesGMT off MultilineRFC2228 on #DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ AllowForeignAddress on AllowRetrieveRestart on # Uncomment this if you are using NIS or LDAP to retrieve passwords: #PersistentPasswd off # Uncomment this if you would use TLS module: #TLSEngine on # Uncomment this if you would use quota module: #Quotas on # Uncomment this if you would use ratio module: #Ratios on # Port 21 is the standard FTP port. Port 21 SocketBindTight on PassivePorts 11000 20000 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on AllowForeignAddress on AllowRetrieveRestart on AllowStoreRestart on # Speed up the server, no DNS lookups, just plain ip's. Turn off when being hax0r3d. UseReverseDNS off IdentLookups off DefaultRoot ~ ExtendedLog /var/log/proftpd.all ALL # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?pag...LSS-2004-10-02 # It is on by default. DelayEngine off <Anonymous ~ftp> User ftp Group nogroup UserAlias anonymous ftp DirFakeUser on ftp DirFakeGroup on ftp RequireValidShell off MaxClients 10 DisplayLogin welcome.msg DisplayFirstChdir .message AccessGrantMsg "Anonymous access granted for user %u connecting." MaxClientsPerHost 1 <Directory> #DenyAll TransferRate RETR 50 <Limit WRITE> DenyAll </Limit> </Directory>



    HELPP!!! xD i m n00b xD

  7. #1187
    Join Date
    Feb 2008
    Beans
    43

    Re: HOWTO : Create a FTP server with user access (proftpd)

    I just setup the FTP server. I can't connect to it.
    Could someone please help me figure out what I did wrong?

    I tried to turn debugging on:
    proftpd -nd5
    - notice: unable to bind to Unix domain socket at '/var/run/proftpd/test.sock': Permission denied
    - mod_ctrls/0.9.4: binding ctrls socket to '/var/run/proftpd/proftpd.sock'
    - notice: unable to listen to local socket: Address already in use
    - parsing '/etc/proftpd/proftpd.conf' configuration
    - parsing '/etc/proftpd/modules.conf' configuration
    - mod_tls/2.1.1: using OpenSSL 0.9.8e 23 Feb 2007
    - Fatal: SystemLog: unable to redirect logging to '/var/log/syslog.log': Permission denied on line 37 of '/etc/proftpd/proftpd.conf'

    Code:
    #
    # Includes required DSO modules. This is mandatory in proftpd 1.3
    #
    Include	/etc/proftpd/modules.conf
    
    # To really apply changes reload proftpd after modifications.
    AllowOverwrite on
    AuthAliasOnly on
    
    # Choose here the user alias you want !!!!
    UserAlias docfxit userftp
    
    ServerName			"UbuntuAsterisk"
    ServerType 			standalone
    DeferWelcome			on
    
    MultilineRFC2228 on
    DefaultServer			on
    ShowSymlinks			off
    
    TimeoutNoTransfer 600
    TimeoutStalled 100
    TimeoutIdle 2200
    
    DisplayFirstChdir               .message
    ListOptions                	"-l"
    
    RequireValidShell 		off
    
    TimeoutLogin 20
    
    RootLogin 			off
    
    # It's better for debug to create log files ;-)
    ExtendedLog 			/var/log/ftp.log
    TransferLog 			/var/log/xferlog
    SystemLog			/var/log/syslog.log
    
    #DenyFilter			\*.*/
    
    # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
    UseFtpUsers off
    
    # Allow to restart a download
    AllowStoreRestart		on
    
    # Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
    Port				a different # I chose
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 8
    
    # Set the user and group that the server normally runs at.
    User                  userftp
    Group                 nogroup
    
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask				022	022
    
    PersistentPasswd		off
    
    MaxClients 8
    MaxClientsPerHost 8
    MaxClientsPerUser 8
    MaxHostsPerUser 8
    
    # Display a message after a successful login
    AccessGrantMsg "welcome !!!"
    # This message is displayed for each access good or not
    ServerIdent                  on       "you're at home"
    
    # Set /home/FTP-shared directory as home directory
    DefaultRoot /var/spool/asterisk/monitor
    
    # Lock all the users in home directory, ***** really important *****
    DefaultRoot ~
    
    MaxLoginAttempts    5
    
    #VALID LOGINS
    <Limit LOGIN>
    AllowUser userftp
    DenyALL
    </Limit>
    
    <Directory /var/spool/asterisk/monitor>
    Umask 022 022
    AllowOverwrite off
    	<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
    	DenyAll
    	</Limit>
    </Directory>
    
    <Directory /home/docfxit/Dnload/*>
    #Download
    Umask 022 022
    AllowOverwrite off
    	<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
    	DenyAll
    	</Limit>
    </Directory>
    
    <Directory> /home/docfxit/Dnload/>
    #Upload
    Umask 022 022
    AllowOverwrite on
    	<Limit READ RMD DELE>
          	DenyAll
        	</Limit>
    
        	<Limit STOR CWD MKD>
          	AllowAll
        	</Limit>
    </Directory>
    I'm trying to connect with:
    port # a different # I chose
    user userftp
    Transfer Mode: Binary,
    No Passive Mode

    I have followed the instructions at the beginning of this thread.

    Thank you,

    Docfxit

  8. #1188
    Join Date
    Aug 2010
    Beans
    14

    Re: HOWTO : Create a FTP server with user access (proftpd)

    Hey people,
    I'm kinda noob in network stuff, so please bear with me.
    I did as it was said in the first post (nice tutorial by the way, tnx a lot)
    now i can connect to the ftp network with the administrator user-pass and access the whole file system.
    but as userftp, i can't.
    ( i use Places > connect to server > FTP with login)

    thanx in advance

  9. #1189
    Join Date
    Jan 2010
    Location
    russian east border
    Beans
    60
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO : Create a FTP server with user access (proftpd)

    good stuff thanks...workin on my ftp :]
    Unix is user-friendly. It's just very selective about who its friends are.
    The box said 'Required Windows 7 or better'. So, I installed Ubuntu.
    Fatal Error: Found MS-Windows System -> Repartitioning Disk for Linux...

  10. #1190
    Join Date
    May 2006
    Location
    Milwaukee,WI
    Beans
    6,280
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: HOWTO : Create a FTP server with user access (proftpd)

    i created SMF forums on my home server and needed FTP to be able to run install script. I made a symlink in /var/www/ called forums which points to /home/FTP-shared/upload/forum and I want it to be open to do whatever useftp user needs to do to it. It wouldn't let me download files from that folder but it would let me upload them. So I made some changes to the config but not sure if it's optimal settings. Here's what the folders settings are

    <Directory /home/FTP-shared/upload>
    Umask 022 022
    AllowOverwrite on
    <Limit ALL>
    Order Allow,Deny
    AllowUser userftp
    Deny ALL
    </Limit>

    <Limit MKD STOR DELE XMKD RNRF RNEF RNTO RMD XRMD READ>
    AllowAll
    </Limit>
    </Directory>
    are those ok?

Page 119 of 123 FirstFirst ... 1969109117118119120121 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •