Recent Posts

Pages: [1] 2 3 ... 10
Sounds like the NAT device is interfering with the "start TLS" functionality; I think that disabling that NAT "helper" functionality will depend much on the specific NAT device (and software versions) in question.
Thought I should follow up. I figured out there's a TLS log-file and this shows the EOF error mentioned in your FAQ. I could only reproduce the problem behind client NAT. Is there any way to workaround this, like disabling the client NAT FTP helper modules?
Support / Re: ProFTPD 1.3.6 (stable), Verbose Logging
« Last post by gerryhickman on April 28, 2017, 04:56:50 pm »
I'm enclosing the whole of the conf file:

Code: [Select]
# proftpds conf file (sftp port 8022)

# server config

SystemLog       /var/log/proftpd/proftpd.log
SyslogLevel     debug
DebugLevel      10
LoadModule      mod_clamav.c
LoadModule      mod_sftp.c

ServerName                      "Web server FTP service"
ServerType                      standalone
DefaultServer                   on
Port                            0
#PidFile                         /var/run/
TimeoutIdle                     900
TimeoutNoTransfer               900
IdentLookups                    off
UseReverseDNS                   off
UseIPv6                         off
MaxInstances                    60
MaxClientsPerUser               20

User                            nobody
Group                           nobody


# allow group write
Umask 0002 0002

# To cause every FTP user to be "jailed" (chrooted)
DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite          on

# Bar use of SITE CHMOD by default

<IfModule mod_clamav.c>
  ClamAV on
  #ClamServer localhost
  ClamPort 3310


<VirtualHost 10.xx.xx.103>

<IfModule mod_sftp.c>

  ServerName "Web server SFTP service"
  SFTPEngine on
  SFTPLog /var/log/proftpd/sftp.log
  TransferLog /var/log/proftpd/xferlog
  Port 8022

  # Configure both the RSA and DSA host keys, using the same host key
  # files that OpenSSH uses.
  SFTPOptions InsecureHostKeyPerms
  SFTPHostKey /etc/ssh/ssh_host_rsa_key
  SFTPOptions MatchKeySubject

  # Configure the file used for comparing authorized public keys of users.
  # the key must be in the correct format for proftpds
  # if this is not set, it will request a password
  SFTPAuthorizedUserKeys file:/usr/local/etc/.sftp/sftp_keys

  SFTPCompression delayed
  MaxLoginAttempts 6


And is user "IQ" defined in /etc/passwd on your system, or something else?  In particular, I'd like to see which UID/GIDs are assigned to your user "IQ", to see if they line up with the permissions on that /home/IQ directory.
Support / Re: ProFTPD 1.3.6 (stable), Verbose Logging
« Last post by castaglia on April 28, 2017, 03:24:30 pm »
Could we see the rest of your config, and any Included files?
Support / ProFTPD 1.3.6 (stable), Verbose Logging
« Last post by gerryhickman on April 28, 2017, 10:54:08 am »
ProFTPD 1.3.5 (verbose logging works)
ProFTPD 1.3.6 (verbose logging not working?)

At the start of my config file in the 'server config' section I have

Code: [Select]
SystemLog       /var/log/proftpd/proftpd.log
SyslogLevel     debug
DebugLevel      10

The SystemLog directive tells ProFTPD to log to a file instead of the syslog. In v1.3.5 I'd get a huge log file, but in v1.3.6, I only get two entries, one for STARTUP and one for SHUTDOWN. I think it's only logging at level PR_LOG_NOTICE?

These are the two function calls in main.c that are working

Code: [Select]
   1886   pr_log_pri(PR_LOG_NOTICE, "ProFTPD %s (built %s) standalone mode STARTUP",
    134     pr_log_pri(PR_LOG_NOTICE, "ProFTPD " PROFTPD_VERSION_TEXT
    135       " standalone mode SHUTDOWN");
mod_sftp / Re: SFTPOptions InsecureHostKeyPerms (RHEL 7.2)
« Last post by gerryhickman on April 28, 2017, 10:42:38 am »
Tested again with official release of ProFTPD 1.3.6 (stable), also works as expected.

drwx------ 3 1013 1004 4096 Apr 26 10:46 /home/IQ

The other users have the same permissions,
OK, thanks.  Those trace logging messages make it appear that the SSH public key is not the issue.

In your previous log messages, there is this:

  chdir("/"): Permission denied

For the user logging in (user "IQ"?), what is their home directory?  What does `ls -aldn` show for that home directory)?
Apr 27 09:55:42 [22423] <ssh2:10>: auth requested for user 'IQ', service 'ssh-connection', using method 'none'
Apr 27 09:55:42 [22423] <ssh2:10>: auth requested for user 'IQ', service 'ssh-connection', using method 'publickey'
Apr 27 09:55:42 [22423] <ssh2:2>: using SFTPAuthorizedUserKeys '/home/IQ/.ssh/authorized_keys' for public key authentication for user 'IQ'
Apr 27 09:55:42 [22423] <ssh2:10>: found matching public key for user 'IQ' in '/home/IQ/.ssh/authorized_keys'
Apr 27 09:55:42 [22423] <ssh2:8>: verified public key for user 'IQ'
Apr 27 09:55:43 [22423] <ssh2:10>: auth requested for user 'IQ', service 'ssh-connection', using method 'password'
Apr 27 09:55:45 [22423] <ssh2:10>: auth requested for user 'IQ', service 'ssh-connection', using method 'password'
Pages: [1] 2 3 ... 10