Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
06-30-2012, 06:51 AM
|
#1
|
LQ Newbie
Registered: May 2012
Posts: 11
Rep:
|
FTP returns error
Hi all,
Oddly, at the same time FTP stopped working when I tried to log in. Each time, it returns the following error:
-------
Status: Connecting to xxx.xxx.xx.xxx...
Response: fzSftp started
Command: open "user@xxx.xxx.xx.xxx" 22
Command: Pass: ************
Status: Connected to xxx.xxx.xx.xxx
Error: Connection closed by server with exitcode 127
Error: Could not connect to server
-------
I have tried to FTP using different users and restart the server to to avail.
The only significant change I have made to the server recently is to change the MySQL password.
Any ideas as to what could be causing this?
|
|
|
06-30-2012, 06:59 AM
|
#2
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Try connecting with "sftp -vv <user>@<hostname>" for more verbose messages.
Make sure that the sshd service is running on the server.
|
|
1 members found this post helpful.
|
06-30-2012, 08:16 AM
|
#3
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
thanks for your suggestion jschiwal - do i need to introduce that command using SSH/Putty? I have been using FileZilla FTP to connect
|
|
|
06-30-2012, 08:37 AM
|
#4
|
Senior Member
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144
|
Yes, sftp command is from CLI (command line) like you wrote, in SSH/Putty.
Probably that's not what you are using to do FTP (you wrote FileZilla).
And since you're using FileZilla FTP server (regarding response: fzSftp started), there is a FileZilla forum for troubleshooting.
and more of it, you also didn't wrote your System and which FTP server software you are using,
so if you want help, please write your configurations/system/software to get help, otherwise we (members of LQ) can only guess what is wrong.
good luck
Last edited by lithos; 06-30-2012 at 08:38 AM.
|
|
|
06-30-2012, 09:26 AM
|
#5
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
thanks lithos. I'm a newbie so i don't know how where to find this information. I have been able to connect to the server using FileZilla before so i dont think the problem is with FileZilla. I'm actually experiencing issues with my website too (users are not able to login).
System: CentOS 5.3
FTP daemon: I cant find any daemons running which contain the word FTP when i type "#ps -al". I believe i should see something like vsftpd or Twoftpd but there is no such process running. There is definitely some daemon installed since i have connected using FTP various times before. How can i find this information?
Configurations: I'm not sure what you mean by this.
Last edited by funnyman; 06-30-2012 at 09:34 AM.
Reason: clarification
|
|
|
06-30-2012, 09:32 AM
|
#6
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
Typing "sftp -vv <user>@<hostname>" as suggested by jschiwal returns:
#command-line: line 0: Bad configuration option: PermitLocalCommand
|
|
|
06-30-2012, 11:48 AM
|
#7
|
Senior Member
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144
|
quickly:
Code:
# service vsftpd status
if returns "running..." then it's vsFTPd.
Configurations:
- vsftpd configuration : /etc/vsftpd/vsftpd.conf
- firewall configuration: probably "iptables" (# iptables -nL) , could be it's not opened for FTP passive ports (not 21) or something else is going on...
|
|
1 members found this post helpful.
|
06-30-2012, 12:59 PM
|
#8
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
lithos
# service vsftpd status
returns: "vsftpd: unrecognized service"
Directory vsftpd configuration : /etc/vsftpd/ does not exist either.
|
|
|
07-01-2012, 05:13 AM
|
#9
|
Senior Member
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144
|
Hi,
if there is no vsFTP then I can't say what service it is, try as 'root':
Code:
root@~#>netstat -tapln
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2251/mysqld
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14235/named
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 25308/vsftpd
if this shows you any service name listening on port 21 (ftp), which one is it?
|
|
1 members found this post helpful.
|
07-01-2012, 08:11 PM
|
#10
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.x
Posts: 18,443
|
As you are running Centos, lets check what's installed
Code:
rpm -qa|grep -i ftp
ls /etc/init.d
chkconfig --list|grep -i ftp
and go from there
|
|
1 members found this post helpful.
|
07-02-2012, 06:46 AM
|
#11
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
The server may be using ssh's ftp server rather than vsftp. Putty has an sftp client. Use that if since you have putty. You could also run linux using a live CD and use the openssh sftp client. Check if putty's sftp client has a verbose option is you use that.
If you can log into the server, check the logs in /var/log/. messages or secure or auth may contain info if you have an authentication problem.
|
|
1 members found this post helpful.
|
07-02-2012, 01:33 PM
|
#12
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
Hi guys,
Thank you for all your help - it is much appreciated. After using lithos' "#netstat -tapln" I realised that there were 4/5 IP addresses from corners of the world that had no reason to be connected to my server so I hired a system administrator to take a look and he confirmed my suspicions - my SSH was hacked and this is why FTP strangely stopped working.
I'll have to format the server and start again or move elsewhere.
I know this is off-topic but can anybody recommend a decent managed server with UK/EU data servers for under £180 (inc. VAT)? I'm thinking it'll be better to have a professional looking after the site from now on.
|
|
|
07-02-2012, 02:31 PM
|
#13
|
Senior Member
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144
|
Hi,
I'm sorry to read you had been hacked, but also glad you found it.
Since I'm not anywhere near UK I can't suggest you any hosting, sorry.
But if you will stay on the server and start setting all over again, try first to find how to securing SSH, then disabling unwanted domains to connect and enabling only your IP's.
It's an everyday job for system administrators to block the attacks from breaking in and securing as much as possible for a good night sleep.
|
|
1 members found this post helpful.
|
07-02-2012, 02:37 PM
|
#14
|
LQ Newbie
Registered: May 2012
Posts: 11
Original Poster
Rep:
|
Thanks again Lithos. Luckily I’d only just started when this happened and didn’t have any sensitive information on the server so no real damage was done. For now, I think I’m better off with a professional looking after things to ensure business continuity.
Thank you for your links nonetheless; if I pick up another VPS for a smaller project, I’ll be sure to use the information you provided to add additional layers of security.
|
|
|
07-02-2012, 02:40 PM
|
#15
|
Senior Member
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144
|
May I add you another point of RHEL administration guide for that reason,
a sh*tload of information to read and learn.
Good luck,
Best Regards
|
|
|
All times are GMT -5. The time now is 09:22 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|