Ok so your saying the Alias which by the guide is userftp, is the account name you would use to connect to the FTP server. I thought that was the user. So whats the user then? hehe thanks so much for your help.
Yes, it's easy to use and really powerful
Yes, but i won't use it
No, the GUI has to be improved
First Cup of Ubuntu
Ok so your saying the Alias which by the guide is userftp, is the account name you would use to connect to the FTP server. I thought that was the user. So whats the user then? hehe thanks so much for your help.
5 Cups of Ubuntu
Read the guide again and you will find all what you are looking for... Goodluck
A Carafe of Ubuntu
Hello everyone,
Frodon, thanks for this superb HOW-TO. I had a bit of a tough time setting up the SFTP part but nevertheless I persevered and in the process even setup an SSH server! Although it took me the WHOLE of today, you won't believe how much else I could get done since I didn't have to google for this-and-that, fix this-and-that etc...
I'm VERY impressed with the calibre of dedication and committment that this forum possessess.
Cheerio1
First Cup of Ubuntu
I'm not sure if this should go in this thread, or in the ProFTPd through NAT thread. Either way, here goes:
Starting proftpd gives the following:
Where 123.456.789.101 is the external WAN IP, and 12345 is the port that I have fowarded on my router.Code:::dadantada01@dadantada3::/home/dadantada01:: $ sudo /etc/init.d/proftpd restart * Stopping ftp server proftpd [ ok ] * Starting ftp server proftpd - IPv6 getaddrinfo 'localhost.localdomain' error: Name or service not known localhost.localdomain - 127.0.0.1:12345 masquerading as 123.456.789.101
/etc/proftpd/proftpd.conf is as follows
When I connect remotely (to 123.456.789.101:12345, with user dadantada), I get the following spiel:Code:# # Includes required DSO modules. This is mandatory in proftpd 1.3 # Include /etc/proftpd/modules.conf # To really apply changes reload proftpd after modifications. AllowOverwrite on AuthAliasOnly on # Choose here the user alias you want !!!! UserAlias dadantada dadantadaftp ServerName "ftpdadantada" ServerType standalone DeferWelcome on MultilineRFC2228 on DefaultServer on ShowSymlinks off TimeoutNoTransfer 600 TimeoutStalled 100 TimeoutIdle 2200 DisplayFirstChdir .message ListOptions "-l" RequireValidShell off TimeoutLogin 20 RootLogin off # It's better for debug to create log files ;-) ExtendedLog /var/log/ftp.log TransferLog /var/log/xferlog SystemLog /var/log/syslog.log #DenyFilter \*.*/ # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me) UseFtpUsers off # Allow to restart a download AllowStoreRestart on # Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want) # Port 21 Port 12345 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 8 # Set the user and group that the server normally runs at. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 PersistentPasswd off MaxClients 8 MaxClientsPerHost 8 MaxClientsPerUser 8 MaxHostsPerUser 8 # Display a message after a successful login AccessGrantMsg "welcome !!!" # This message is displayed for each access good or not ServerIdent on "you're at home" # Set /home/ftp directory as home directory DefaultRoot /home/ftp # Lock all the users in home directory, ***** really important ***** DefaultRoot ~ MaxLoginAttempts 5 #VALID LOGINS <Limit LOGIN> AllowUser dadantadaftp DenyALL </Limit> <Directory /home/ftp> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory /home/ftp/download/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory /home/ftp/upload/*> Umask 022 022 AllowOverwrite on <Limit READ RMD DELE> DenyAll </Limit> <Limit STOR CWD MKD> AllowAll </Limit> </Directory> MasqueradeAddress 123.456.789.101 PassivePorts 12345 12345
Setting the FTP client to active means that I cannot connect at all. Is this a firewall issue, a mode issue or a local host issue?Code:Status: Connecting to 123.456.789.101:12345 ... Status: Connected with 123.456.789.101:12345. Waiting for welcome message... Response: 220 you're at home Command: USER dadantada Response: 331 Password required for dadantada. Command: PASS *************** Response: 230 welcome !!! Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: MDTM Response: REST STREAM Response: SIZE Response: 211 End Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is current directory. Command: TYPE A Response: 200 Type set to A Command: PASV Response: 227 Entering Passive Mode (123,456,789,101,231,26). Command: LIST Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Error: Could not retrieve directory listing Command: PWD Error: Timeout detected! Status: Waiting to retry... (5 retries left)
I should also point out that I only have ports 21 and 12345 available to use, as I am logging onto the machine via ssh, and cannot access the hardware firewall remotely.
Last edited by dadantada; February 17th, 2007 at 03:32 PM.
5 Cups of Ubuntu
Hi,
I still have the problem, that files I upload with an ftp-client are not readable and I get an "You don't have permission to access /test.html on this server." by accessing them by web.
I followed this instruction here (just disabled AliasLogin and used another username). Everything works really fine but I have to set the rights manually to the uploaded files.
Would be a great thing to get a hint or to find a solution!
Best regards
Stefan
Ubuntu French Roast
Don't really understand your problem, are you able to upload the files ? If yes then if you don't like the default rights of the files try to tweak the Umask line in your proftpd.conf and in your system it is the command which handle the efault rights of a created file.
5 Cups of Ubuntu
Hi,
yes, the upload is possible. But the file did not get the "read by others" propertyAnd - yes - I used the chmod 022 in the config file. But an hour ago I found the solution - I use GFTP as a client and there is the option:
"keep the filerights" (not sure how it is called in the actual english version - in german it is "Dateirechte beibehalten"). By disabling this function everything works perfectly.
So the information given by my FTP-Client overrides the FTP-Server settings. Interesting to know...
Thanks!
Stefan
Ubuntu French Roast
Glad that you found the solution and thanks for sharing it
5 Cups of Ubuntu
Just a little particle in a very, very big mosaic
Spilled the Beans
Originally Posted by ikkinu
1- Enable TLS/SSL encryption (FTPS)
The FTP file sharing protocol is an old protocol which was created when internet was still a secure place, therefore the default FTP protocol is not that secure.
For example the password and username for login are transmitted in plain text which obviously isn't secure.
That why, to fit the needs of our generation, encryption solutions were developed and one of them is TLS/SSH encryption.
This will encrypt the username and password and all the data you send, obviously to use it the FTP client must support SFTP protocol.
here are the steps to enable TLS/SSH encryption (FTPS):
Paste these commands in a terminal :HI all,Code:sudo apt-get install build-essential sudo apt-get install libssl-dev cd /etc sudo mkdir ftpcert cd ftpcert/ sudo openssl genrsa -des3 -out server.key 1024 sudo openssl req -new -key server.key -out server.csr sudo openssl genrsa -des3 -out ca.key 1024 sudo openssl req -new -x509 -days 365 -key ca.key -out ca.crt sudo wget *** sudo chmod +x sign.sh sudo ./sign.sh server.csr
when I type sudo ./sign.sh server.csr I get this error:
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryNameRINTABLE:'IL'
stateOrProvinceName
localityName
organizationName
organizationalUnitName
commonName
emailAddress :IA5STRING:'ikkinu@inventati.org'
Certificate is to be certified until Dec 5 19:24:50 2007 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 18 at 0 depth lookup:self signed certificate
/C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 7 at 0 depth lookup:certificate signature failure
12603:error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus:rsa_eay.c:645:
12603:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168:
Can anyone help me?
Thanks
I have the exact same problem, did anyone come up with a reliable fix for this problem?
It's aggrevating as hell.
And i don't feel like sitting and guessing up values and hoping for a miracle.
I've tried googling but it just made me more confused.
Would appriciate help in this matter.
Thanks.
Last edited by frodon; July 27th, 2010 at 10:25 AM. Reason: obsolete link
Posting Permissions
Adv Reply
Bookmarks