Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - chayunwang

Pages: [1]
1
I finally make my proftpd.conf work for ftp/sftp.  I only add DefaultAddress following proftpd faq and change VirtualHost from dns name to IP address:

root@icisftpdev:/icinet/appl/proftpd/etc:> diff proftpd.conf /tmp/proftpd.conf
18a19
  ====> /tmp/proftpd.conf is the original one from 1.3.5 but is not  working under 1.3.6rc2 until I add DefaultAddress and change name to ip address

> # set to 0 with "socketbindtight" above to keep it from binding to all IPs
24a26
>
33c35,38
< AllowOverwrite                on
---
> # Normally, we want files to be overwriteable.
> #<Directory />
>       AllowOverwrite          on
> #</Directory>
35,37c40,43
<
<   DefaultAddress 192.168.2.16
<   Port 21
---
> # Use a VirtualHost to handle complexes logins, the rest will fall through
> # to system authentication.  FTP must be turned off in inetd for this to work.
>       # jail the user in their home dir
>       Port            21
67a74
>       
69c76
<   <IfModule mod_sftp.c>
---
> <IfModule mod_sftp.c>
71a79
>  <VirtualHost icisftpdev.ici.org>
73,76c81,82
<     <VirtualHost 192.168.2.16>
<       # The SFTP configuration
<       Port 22
<       SFTPEngine on
---
>         SFTPEngine on
>         Port 22
85a92,95
>
> #       <IfModule mod_sftp_ldap.c>
> #          SFTPAuthorizedUserKeys ldap:
> #       </IfModule>
133a144,145
>  </VirtualHost>
> </IfModule>
135,136d146
<     </VirtualHost>
<   </IfModule>

2
mod_sftp / Re: SSH Re-key breaks connection
« on: January 07, 2017, 10:55:54 pm »
I finally make my proftpd.conf work for ftp/sftp.  I only add DefaultAddress following proftpd faq and change VirtualHost from dns name to IP address:

root@icisftpdev:/icinet/appl/proftpd/etc:> diff proftpd.conf /tmp/proftpd.conf
18a19
  ====> /tmp/proftpd.conf is the original one from 1.3.5 but is not  working under 1.3.6rc2 until I add DefaultAddress and change name to ip address

> # set to 0 with "socketbindtight" above to keep it from binding to all IPs
24a26
>
33c35,38
< AllowOverwrite                on
---
> # Normally, we want files to be overwriteable.
> #<Directory />
>       AllowOverwrite          on
> #</Directory>
35,37c40,43
<
<   DefaultAddress 192.168.2.16
<   Port 21
---
> # Use a VirtualHost to handle complexes logins, the rest will fall through
> # to system authentication.  FTP must be turned off in inetd for this to work.
>       # jail the user in their home dir
>       Port            21
67a74
>       
69c76
<   <IfModule mod_sftp.c>
---
> <IfModule mod_sftp.c>
71a79
>  <VirtualHost icisftpdev.ici.org>
73,76c81,82
<     <VirtualHost 192.168.2.16>
<       # The SFTP configuration
<       Port 22
<       SFTPEngine on
---
>         SFTPEngine on
>         Port 22
85a92,95
>
> #       <IfModule mod_sftp_ldap.c>
> #          SFTPAuthorizedUserKeys ldap:
> #       </IfModule>
133a144,145
>  </VirtualHost>
> </IfModule>
135,136d146
<     </VirtualHost>
<   </IfModule>

3
mod_sftp / Re: SSH Re-key breaks connection
« on: January 07, 2017, 10:17:12 pm »
It looks 1.3.6rc2 fixed this issue but it breaks my ftp connections. I don't know why. I am very upset.

4
I build proftpd 1.3.6rc2 using the proftpd.conf from my version of proftpd 1.3.5. proftpd won't listen on port 22 for sftp until I delete the portion of ftp from proftpd.conf.   Good news is proftpd1.3.6 fix the connections dropped issues after sftp rekey. Bad news is it doesn't work to listen ftp/sftp connections. I am still in a puzzle why this happens.    I check syntax ok except complained from mod_ctrls about local socket in used.

5
I think I am sure proftpd dropped the connection after SSH_MSG_NEWKEYS received by both ends.  I turned on the debugging on both ends. I am able to control on sftp client when and what size of file to re exchange MAC/ciphers..   It looks like a bug in proftpd 1.3.5.  I will download 1.3.6rc2 to test.

6
mod_sftp / Re: SSH Re-key breaks connection
« on: January 07, 2017, 07:22:48 pm »
I have the same issue with version of 1.3.5.  At first, I thought it is because SFPRekey is not on by default causing this issue. It still happens with SFTPRekey turned on.   I debugged on sftp client/server and they all show proftpd drop the connections after receive/send SSH_MSG_NEWKEYS.  I  test with different SFTP clients with rekey and it all looks like the issue is on proftpd.   I will try to upgrade and test again.

7
I have a data provider which will send sftp rekey to exchange hosts keys/cipher/mac after sending 1G of data and the sftp connection is aborted by proftpd I think since the default of SFTPRekey is none in my confiugration file.   Is it possible to configure proftpd for this client to use SFTPRekey only just like SFTPClientMatch "^OpenSSH_3\\.*" channelWindowSize 8MB ?   


Pages: [1]
sighted planning