Buenos dias decidi instalar proftpd y no puedo conectarme al vps ha sido imposible he leido pero no me deja conectarme con root, para probar su funcionamiento, explico lo que he hecho:
1.- Instale con yum --enablerepo=epel -y install proftpd
2.- modifique el conf nano /etc/proftpd.conf
# This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "mi direccion ip" ServerIdent on "FTP Server ready." ServerAdmin admin@cjtterabyte.com ServerType standalone #ServerType inetd DefaultServer on AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway DeferWelcome off
# Use this to excude users from the chroot DefaultRoot ~ !adm
# Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident nor DNS lookups (hangs when the port is filtered) IdentLookups off UseReverseDNS off
# Port 21 is the standard FTP port. Port 21
# Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022
# Default to show dot files in directory listings ListOptions "-a"
# See Configuration.html for these (here are the default values) #MultilineRFC2228 off RootLogin on #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP
# get access log ExtendedLog /var/log/proftpd/access.log
# get auth log ExtendedLog /var/log/proftpd/auth.log
# Allow to resume not only the downloads but the uploads too AllowRetrieveRestart on AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 20
# Set the user and group that the server normally runs at. User nobody Group nobody
# Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho UseSendfile no
# This is where we want to put the pid file ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things. <Global> AllowOverwrite on <Limit ALL SITE_CHMOD> AllowAll </Limit> RootLogin on </Global>
# Define the log formats LogFormat default "%h %l %u %t "%r" %s %b" LogFormat auth "%v [%P] %h %t "%r" %s" RootLogin on
# TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log
# SQL authentication Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details. #<IfModule mod_dso.c> # LoadModule mod_sql.c # LoadModule mod_sql_mysql.c # LoadModule mod_sql_postgres.c #</IfModule>
# A basic anonymous configuration, with an upload directory. #<Anonymous ~ftp> # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftp # DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE SITE_CHMOD> # DenyAll # </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # #</Anonymous>
3.- configure mi firewall: nano /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Wed May 22 14:20:07 2013 *filter -A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
4.- Configure el archivo proftpd. nano /etc/pam.d/proftpd
#%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so
5.- Di permiso al usuario root para conectarse. nano /etc/ftpusers y elimine el usuario root.
5.- Reinicio el firewall - service iptables restart
6.- Arranco el servicio - service proftpd start
y cuando intento conectarme con el filezilla client:
Estado: Conectando a mi direccion ip. Estado: Conexión establecida, esperando el mensaje de bienvenida... Respuesta: 220 FTP Server ready. Comando: USER root Respuesta: 331 Password required for root Comando: PASS ******** Respuesta: 530 Login incorrect. Error: Error crítico Error: No se pudo conectar al servidor
7.1.- Access Log:
200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 - 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)" 530 -
7.2.- Auth Log:
200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 - 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)" 530 -
Y disculpen mi ignorancia en estas novatadas pero estoy cambiando de windows a linux y mi ultimo contacto con linux fue hace 15 años en unix,
Saludos,
*Wilmer Arambula. * *Asoc. Cooperativa Tecnologia Terabyte 124, RL. Tlfs: +58 02512623601 - +58 4125110921. Venezuela.* * Representante Para Venezuela.*
La verdad no veo nada mal en tu archivo de configuración...
Excepto el echo de que (para mi gusto) no es bueno dejar habilitada la conexion para root, siempre es mejor conectarte con una cuenta de usuario (/home).
Y sobre los LOGS creo que es un poco pobre la informacion, ya que claramente menciona que no reconoce la cuenta root :S (cosa rara).
Saludos !
2013/5/22 Wilmer Arambula tecnologiaterabyte@gmail.com
Buenos dias decidi instalar proftpd y no puedo conectarme al vps ha sido imposible he leido pero no me deja conectarme con root, para probar su funcionamiento, explico lo que he hecho:
1.- Instale con yum --enablerepo=epel -y install proftpd
2.- modifique el conf nano /etc/proftpd.conf
# This is the ProFTPD configuration file # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "mi direccion ip" ServerIdent on "FTP Server ready." ServerAdmin admin@cjtterabyte.com ServerType standalone #ServerType inetd DefaultServer on AccessGrantMsg "User %u logged in." #DisplayConnect /etc/ftpissue #DisplayLogin /etc/ftpmotd #DisplayGoAway /etc/ftpgoaway DeferWelcome off
# Use this to excude users from the chroot DefaultRoot ~ !adm
# Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident nor DNS lookups (hangs when the port is filtered) IdentLookups off UseReverseDNS off
# Port 21 is the standard FTP port. Port 21
# Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022
# Default to show dot files in directory listings ListOptions "-a"
# See Configuration.html for these (here are the default values) #MultilineRFC2228 off RootLogin on #LoginPasswordPrompt on #MaxLoginAttempts 3 #MaxClientsPerHost none #AllowForeignAddress off # For FXP
# get access log ExtendedLog /var/log/proftpd/access.log
# get auth log ExtendedLog /var/log/proftpd/auth.log
# Allow to resume not only the downloads but the uploads too AllowRetrieveRestart on AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 20
# Set the user and group that the server normally runs at. User nobody Group nobody
# Disable sendfile by default since it breaks displaying the download speeds in # ftptop and ftpwho UseSendfile no
# This is where we want to put the pid file ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things.
<Global> AllowOverwrite on <Limit ALL SITE_CHMOD> AllowAll </Limit> RootLogin on </Global>
# Define the log formats LogFormat default "%h %l %u %t "%r" %s %b" LogFormat auth "%v [%P] %h %t "%r" %s" RootLogin on
# TLS # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html #TLSEngine on #TLSRequired on #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem #TLSCipherSuite ALL:!ADH:!DES #TLSOptions NoCertRequest #TLSVerifyClient off ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 #TLSLog /var/log/proftpd/tls.log
# SQL authentication Dynamic Shared Object (DSO) loading # See README.DSO and howto/DSO.html for more details. #<IfModule mod_dso.c> # LoadModule mod_sql.c # LoadModule mod_sql_mysql.c # LoadModule mod_sql_postgres.c #</IfModule>
# A basic anonymous configuration, with an upload directory. #<Anonymous ~ftp> # User ftp # Group ftp # AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login # #DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. # DisplayLogin /welcome.msg # DisplayFirstChdir .message # DisplayReadme README* # # # Some more cosmetic and not vital stuff # DirFakeUser on ftp # DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE SITE_CHMOD> # DenyAll # </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # #</Anonymous>
3.- configure mi firewall: nano /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Wed May 22 14:20:07 2013 *filter -A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
4.- Configure el archivo proftpd. nano /etc/pam.d/proftpd
#%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so
5.- Di permiso al usuario root para conectarse. nano /etc/ftpusers y elimine el usuario root.
5.- Reinicio el firewall - service iptables restart
6.- Arranco el servicio - service proftpd start
y cuando intento conectarme con el filezilla client:
Estado: Conectando a mi direccion ip. Estado: Conexión establecida, esperando el mensaje de bienvenida... Respuesta: 220 FTP Server ready. Comando: USER root Respuesta: 331 Password required for root Comando: PASS ******** Respuesta: 530 Login incorrect. Error: Error crítico Error: No se pudo conectar al servidor
7.1.- Access Log:
200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 - 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)" 530 -
7.2.- Auth Log:
200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 - 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)" 530 -
Y disculpen mi ignorancia en estas novatadas pero estoy cambiando de windows a linux y mi ultimo contacto con linux fue hace 15 años en unix,
Saludos,
*Wilmer Arambula. * *Asoc. Cooperativa Tecnologia Terabyte 124, RL. Tlfs: +58 02512623601 - +58 4125110921. Venezuela.*
Representante Para Venezuela.* _______________________________________________ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es