Buenos dias decidi instalar proftpd y no puedo conectarme al vps ha sido imposible he leido pero no me deja conectarme con root, para probar su funcionamiento, explico lo que he hecho:
1.- Instale con yum --enablerepo=epel -y install proftpd
2.- modifique el conf nano /etc/proftpd.conf
# This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "mi direccion ip" ServerIdent on "FTP Server ready." ServerAdmin admin@cjtterabyte.com ServerType standalone #ServerType inetd DefaultServer on AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway DeferWelcome off
# Use this to excude users from the chroot DefaultRoot ~ !adm
# Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident nor DNS lookups (hangs when the port is filtered) IdentLookups off UseReverseDNS off
# Port 21 is the standard FTP port. Port 21
# Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022
# Default to show dot files in directory listings ListOptions "-a"
# See Configuration.html for these (here are the default values) #MultilineRFC2228 off RootLogin on #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP
# get access log ExtendedLog /var/log/proftpd/access.log
# get auth log ExtendedLog /var/log/proftpd/auth.log
# Allow to resume not only the downloads but the uploads too AllowRetrieveRestart on AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 20
# Set the user and group that the server normally runs at. User nobody Group nobody
# Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho UseSendfile no
# This is where we want to put the pid file ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things. <Global> AllowOverwrite on <Limit ALL SITE_CHMOD> AllowAll </Limit> RootLogin on </Global>
# Define the log formats LogFormat default "%h %l %u %t "%r" %s %b" LogFormat auth "%v [%P] %h %t "%r" %s" RootLogin on
# TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log
# SQL authentication Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details. #<IfModule mod_dso.c> # LoadModule mod_sql.c # LoadModule mod_sql_mysql.c # LoadModule mod_sql_postgres.c #</IfModule>
# A basic anonymous configuration, with an upload directory. #<Anonymous ~ftp> # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftp # DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE SITE_CHMOD> # DenyAll # </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # #</Anonymous>
3.- configure mi firewall: nano /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Wed May 22 14:20:07 2013 *filter -A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
4.- Configure el archivo proftpd. nano /etc/pam.d/proftpd
#%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so
5.- Di permiso al usuario root para conectarse. nano /etc/ftpusers y elimine el usuario root.
5.- Reinicio el firewall - service iptables restart
6.- Arranco el servicio - service proftpd start
y cuando intento conectarme con el filezilla client:
Estado: Conectando a mi direccion ip. Estado: Conexión establecida, esperando el mensaje de bienvenida... Respuesta: 220 FTP Server ready. Comando: USER root Respuesta: 331 Password required for root Comando: PASS ******** Respuesta: 530 Login incorrect. Error: Error crítico Error: No se pudo conectar al servidor
7.1.- Access Log:
200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 - 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)" 530 -
7.2.- Auth Log:
200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 - 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)" 530 -
Y disculpen mi ignorancia en estas novatadas pero estoy cambiando de windows a linux y mi ultimo contacto con linux fue hace 15 años en unix,
Saludos,
*Wilmer Arambula. * *Asoc. Cooperativa Tecnologia Terabyte 124, RL. Tlfs: +58 02512623601 - +58 4125110921. Venezuela.* * Representante Para Venezuela.*