[ydl-gen] Proftpd Help
Dene Stringfellow
spacemonkey at ridgedale.co.uk
Tue Sep 6 02:43:19 MDT 2005
I would be grateful for any help with this.
I'm trying to set up an FTP server on a YDL 4.0 box (B&W G3) - I already
have another server (same config except YDL 3.0.1) running an anonymous
FTP server using vsftpd accessed through the same Cisco firewall.
On the YDL 4.0 box I want to allow clients and suppliers to be able to
see and log into their own ftp directory ONLY. They should be allowed
read and write privileges.
At present, when I try to login it takes approximately 35 seconds to get
to a login screen! Then when I type in the user name and password it
takes a further 30 seconds (approx.) to run the authentication process!
(why is it so slow - the login process is lightening quick on the
vsftpd/YDL 3.0.1 box?
Finally all I get is the following error message:
Connecting to ftp://<server ip address>/ ...
Could not connect to the server because the name or password is not
correct.
Try Again Cancel
I originally created the test user using the Webmin Users and Groups
module and then I remembered to run the passwd <userid> command to
reassign the password because of the ssh server running. This hasn't
appeared to make any difference!
Below I have listed the output from the proftpd -vv, -l and -td5
commands along with the proftpd.conf and ssh.conf files:
[root at mustang root]# proftpd -vv
- ProFTPD Version: 1.2.10 (stable)
- Scoreboard Version: 01040002
- Built: Fri Jan 7 13:32:08 EST 2005
- Module: mod_core.c
- Module: mod_xfer.c
- Module: mod_auth_unix.c
- Module: mod_auth_file.c
- Module: mod_auth.c
- Module: mod_ls.c
- Module: mod_log.c
- Module: mod_site.c
- Module: mod_readme.c
- Module: mod_auth_pam.c
- Module: mod_tls.c
- Module: mod_cap/1.0
[root at mustang root]# proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_readme.c
mod_auth_pam.c
mod_tls.c
mod_cap.c
[root at mustang root]# proftpd -td5
Checking syntax of configuration file
- mod_tls/2.0.7: using OpenSSL 0.9.7a Feb 19 2003
- parsing '/etc/proftpd.conf' configuration
- warning: AuthPAMAuthoritative is deprecated
mustang.tinhorse.com -
mustang.tinhorse.com - Config for ProFTPD server:
mustang.tinhorse.com - ServerIdent
mustang.tinhorse.com - DefaultServer
mustang.tinhorse.com - AccessGrantMsg
mustang.tinhorse.com - DeferWelcome
mustang.tinhorse.com - DefaultRoot
mustang.tinhorse.com - IdentLookups
mustang.tinhorse.com - Umask
mustang.tinhorse.com - ListOptions
mustang.tinhorse.com - AllowRetrieveRestart
mustang.tinhorse.com - AllowStoreRestart
mustang.tinhorse.com - UserID
mustang.tinhorse.com - UserName
mustang.tinhorse.com - GroupID
mustang.tinhorse.com - GroupName
mustang.tinhorse.com - Limit
mustang.tinhorse.com - AllowAll
mustang.tinhorse.com - AllowOverwrite
mustang.tinhorse.com - SyslogLevel
mustang.tinhorse.com - ExtendedLog
mustang.tinhorse.com - DefaultRoot
Syntax check complete.
[root at mustang root]#
[root at mustang etc]# more proftpd.conf
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root at localhost
ServerType inetd
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off
# Use this to excude users from the chroot
DefaultRoot ~ !adm
# Use pam to authenticate by default
AuthPAMAuthoritative on
# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Default to show dot files in directory listings
ListOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP
# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
SyslogLevel debug
ExtendedLog /var/log/proftpdlog
DefaultRoot ~
</Global>
# Define the log formats
LogFormat default "%h %l %u %t \\"%r\\" %s %b"
LogFormat auth "%v [%P] %h %t \\"%r\\" %s"
# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off
timeout 300
#TLSLog /var/log/proftpd/tls.log
# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions
apply."
#
# # We want clients to be able to login with "anonymous" as well as
"ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again
later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftpadm
# DirFakeGroup on ftpadm
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
[root at mustang etc]#
[root at mustang etc]# ssh -V
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
[root at mustang etc]#
[root at mustang ssh]# more ssh_config
# $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256
-cbc
# EscapeChar ~
Host *
ForwardX11 yes
[root at mustang ssh]#
[root at mustang ssh]# more sshd_config
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 120
#PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
[root at mustang ssh]#
Hope I've provided everything you need.
Dene Stringfellow
More information about the yellowdog-general
mailing list