Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am having issues configuring Proftpd on a NuTyX PC. I should start by saying that my objective on the proftpd server is:
1. anonymous not allowed
2. PAM not in use (authentication against local Linux accounts)
3. authenticated users should be able to read and write anywhere their user account permits
When I first installed Proftpd, I could not not log onto the ftp server getting a '530 Login incorrect' error. After searching many web pages, trying a some 'fixes' and getting nowhere, I found out how to start proftpd in forground mode. Here is a server log with two (2) of my login attempts:
At this point I am stuck. Anyone know why crypt fails? It this an auth module incompatibility?
The proftpd config file is as follows:
Code:
# This is a basic ProFTPD configuration file
# It establishes a single server and a single anonymous login.
ServerName "ProFTPD"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group proftpd
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, files should be overwritable.
<Directory /*>
AllowOverwrite on
</Directory>
<Limit LOGIN>
AllowAll
</Limit>
<Anonymous ~proftpd>
<Limit LOGIN>
DenyAll
</Limit>
</Anonymous>
# A basic anonymous configuration, no upload directories.
#<Anonymous ~proftpd>
# User proftpd
# Group proftpd
# Clients should be able to login with "anonymous" as well as "proftpd"
# UserAlias anonymous proftpd
# Limit the maximum number of anonymous logins
# MaxClients 10
# 'welcome.msg' should be displayed at login, and '.message' displayed
# in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>
I tried every 'fix' listed and not one of them did anything.
I knew going in that those suggestions would not work. Not one of them is on point. Let me explain.
Quote:
What does proftpd debug logging show, when you attempt to log in? The reason that ProFTPD only ever shows "530 Login incorrect", despite the real underlying cause of the problem, is to prevent leaking useful information to potential attackers. Unfortunately, while good for security, this is bad for debugging. The server-side debug logging will provide more information about what might be going on.
Not one hit discussed the actual error I am getting, they all discuss the 530 error but, in all cases, there is an underlying reason for the 530 error.
In the config file you posted we don't see evidence of at least two of the suggestions tried:
To comment out the user and group settings
To set UseFtpUsers off
It might be helpful to document every attempted fix. Not saying you need to post them, just that you need to try each one, one at a time, and write down what did (or didn't) happen.
Have you set up logging when running in daemon mode so you can confirm that the logged error is the same?
Some other troubleshooting ideas:
Can you log in at the console with the user and password?
Where are you connecting from?
What ftp client are you using to try to connect?
And, of course, are you sure you're using the correct password?
The proftpd.conf I posted here is OOTB. It does not reflect any modifications.
I have documented every attempt:
1. comment out 'User', 'Group' and add 'UseFtpUsers'
2. make sure 'DefaultRoot ~' is uncommented
3. comment out the lines 'AuthPAMConfig' and 'AuthOrder' (not present in file)
4. add 'UseFtpUsers'
Logging in daemon mode is not the same as in debug mode and does not supply all the information.
Attempting to log onto the ftp server from the console results in exactly the same error.
This is a lan-based ftp server, connection is only from within the same subnet. The ftp server is not on the internet.
I am using the standard, no-frills, command line ftp client.
The proftpd.conf I posted here is OOTB. It does not reflect any modifications.
I have documented every attempt:
1. comment out 'User', 'Group' and add 'UseFtpUsers'
2. make sure 'DefaultRoot ~' is uncommented
3. comment out the lines 'AuthPAMConfig' and 'AuthOrder' (not present in file)
4. add 'UseFtpUsers'
Logging in daemon mode is not the same as in debug mode and does not supply all the information.
Attempting to log onto the ftp server from the console results in exactly the same error.
This is a lan-based ftp server, connection is only from within the same subnet. The ftp server is not on the internet.
I am using the standard, no-frills, command line ftp client.
Rick
OK.
I'm not sure there's value in posting an OOTB config. We need to see the config you're using to help best.
That said:
Did you add UseFtpUser off? As I understand it, the ftpusers file is a list of user that are NOT allowed to ftp.
And can you log in at the console (not via ftp) with the user and password that's failing?
Another question: Why are you trying to run ftp at all? It's very insecure and pretty much obsolete. What is your need for ftp?
The recommended current tool to use for file transfer is sftp, which is built in to sshd and uses the same protocols as ssh login.
The alleged fix #1, third line to modify, I added the line:
Code:
UseFtpUsers off
I can log onto the console of the PC in question using the same user ID (not root) as I am using with ftp.
As previously mentioned, this is used inside a lan so (IMHO) there is no need for encryption or all that fancy stuff that would be required if the ftp server was internet facing. IMHO, ftp is still very essential.
As previously mentioned, this is used inside a lan so (IMHO) there is no need for encryption or all that fancy stuff that would be required if the ftp server was internet facing. IMHO, ftp is still very essential.
Rick
One more thought: File Transfer is definitely essential, but ftp is not.
Are you using ssh to get to the server now? PuTTY from Windows?
If so, then there's no additional configuration to do. If now using ssh from another Linux box, just type sftp instead(see man sftp for how to specify server, user, and password) I have passwordless ssh configured to my server, so sftp servername just connects me...)
From Windows, you'd want to install WinSCP, which runs over the PuTTY engine, but again, you'd need to make no changes on the server side if you're already using PuTTY.
So no, to get to the server command line, I walk over to the physical server and log on.
In regards to an ftp server for this NuTyX box, I am going to uninstall proftpd and compile vsftpd from source which all the other servers use (this should be very easy since NuTyX is based on LFS/BLFS, I will use BLFS to compile). Unfortunately, the developer of NuTyX does not have vsftpd in the repository. IMHO, vsftpd has almost zero config problems compared to proftpd.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
