Recent Posts

Pages: [1] 2 3 ... 10
1
Sounds like the NAT device is interfering with the "start TLS" functionality; I think that disabling that NAT "helper" functionality will depend much on the specific NAT device (and software versions) in question.
2
Thought I should follow up. I figured out there's a TLS log-file and this shows the EOF error mentioned in your FAQ. I could only reproduce the problem behind client NAT. Is there any way to workaround this, like disabling the client NAT FTP helper modules?
3
Support / Re: ProFTPD 1.3.6 (stable), Verbose Logging
« Last post by gerryhickman on April 28, 2017, 04:56:50 pm »
I'm enclosing the whole of the conf file:

Code: [Select]
# proftpds conf file (sftp port 8022)

# server config


SystemLog       /var/log/proftpd/proftpd.log
SyslogLevel     debug
DebugLevel      10
LoadModule      mod_clamav.c
LoadModule      mod_sftp.c

ServerName                      "Web server FTP service"
ServerType                      standalone
DefaultServer                   on
Port                            0
#PidFile                         /var/run/proftpd.pid
TimeoutIdle                     900
TimeoutNoTransfer               900
IdentLookups                    off
UseReverseDNS                   off
UseIPv6                         off
MaxInstances                    60
MaxClientsPerUser               20

User                            nobody
Group                           nobody

<Global>

# allow group write
Umask 0002 0002

# To cause every FTP user to be "jailed" (chrooted)
DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite          on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

<IfModule mod_clamav.c>
  ClamAV on
  #ClamServer localhost
  ClamServer 127.0.0.1
  ClamPort 3310
</IfModule>

</Global>

<VirtualHost 10.xx.xx.103>

<IfModule mod_sftp.c>

  ServerName "Web server SFTP service"
  SFTPEngine on
  SFTPLog /var/log/proftpd/sftp.log
  TransferLog /var/log/proftpd/xferlog
  Port 8022

  # Configure both the RSA and DSA host keys, using the same host key
  # files that OpenSSH uses.
  SFTPOptions InsecureHostKeyPerms
  SFTPHostKey /etc/ssh/ssh_host_rsa_key
  SFTPOptions MatchKeySubject

  # Configure the file used for comparing authorized public keys of users.
  # the key must be in the correct format for proftpds
  # if this is not set, it will request a password
  SFTPAuthorizedUserKeys file:/usr/local/etc/.sftp/sftp_keys

  SFTPCompression delayed
  MaxLoginAttempts 6

</IfModule>

</VirtualHost>
4
And is user "IQ" defined in /etc/passwd on your system, or something else?  In particular, I'd like to see which UID/GIDs are assigned to your user "IQ", to see if they line up with the permissions on that /home/IQ directory.
5
Support / Re: ProFTPD 1.3.6 (stable), Verbose Logging
« Last post by castaglia on April 28, 2017, 03:24:30 pm »
Could we see the rest of your config, and any Included files?
6
Support / ProFTPD 1.3.6 (stable), Verbose Logging
« Last post by gerryhickman on April 28, 2017, 10:54:08 am »
ProFTPD 1.3.5 (verbose logging works)
ProFTPD 1.3.6 (verbose logging not working?)

At the start of my config file in the 'server config' section I have

Code: [Select]
SystemLog       /var/log/proftpd/proftpd.log
SyslogLevel     debug
DebugLevel      10

The SystemLog directive tells ProFTPD to log to a file instead of the syslog. In v1.3.5 I'd get a huge log file, but in v1.3.6, I only get two entries, one for STARTUP and one for SHUTDOWN. I think it's only logging at level PR_LOG_NOTICE?

These are the two function calls in main.c that are working

Code: [Select]
./src/main.c
   1886   pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP",
   1887     PROFTPD_VERSION_TEXT " " PR_STATUS, BUILD_STAMP);
./src/main.c
    134     pr_log_pri(PR_LOG_NOTICE, "ProFTPD " PROFTPD_VERSION_TEXT
    135       " standalone mode SHUTDOWN");
7
mod_sftp / Re: SFTPOptions InsecureHostKeyPerms (RHEL 7.2)
« Last post by gerryhickman on April 28, 2017, 10:42:38 am »
Tested again with official release of ProFTPD 1.3.6 (stable), also works as expected.
8


drwx------ 3 1013 1004 4096 Apr 26 10:46 /home/IQ

The other users have the same permissions,
9
OK, thanks.  Those trace logging messages make it appear that the SSH public key is not the issue.

In your previous log messages, there is this:

  chdir("/"): Permission denied

For the user logging in (user "IQ"?), what is their home directory?  What does `ls -aldn` show for that home directory)?
10
Apr 27 09:55:42 [22423] <ssh2:10>: auth requested for user 'IQ', service 'ssh-connection', using method 'none'
Apr 27 09:55:42 [22423] <ssh2:10>: auth requested for user 'IQ', service 'ssh-connection', using method 'publickey'
Apr 27 09:55:42 [22423] <ssh2:2>: using SFTPAuthorizedUserKeys '/home/IQ/.ssh/authorized_keys' for public key authentication for user 'IQ'
Apr 27 09:55:42 [22423] <ssh2:10>: found matching public key for user 'IQ' in '/home/IQ/.ssh/authorized_keys'
Apr 27 09:55:42 [22423] <ssh2:8>: verified public key for user 'IQ'
Apr 27 09:55:43 [22423] <ssh2:10>: auth requested for user 'IQ', service 'ssh-connection', using method 'password'
Apr 27 09:55:45 [22423] <ssh2:10>: auth requested for user 'IQ', service 'ssh-connection', using method 'password'
Pages: [1] 2 3 ... 10