[CentOS-es] Problema proftpd Centos 6.4.

Wilmer Arambula tecnologiaterabyte en gmail.com
Mie Mayo 22 13:12:52 UTC 2013 

Buenos dias decidi instalar proftpd y no puedo conectarme al vps ha sido
imposible he leido pero no me deja conectarme con root, para probar su
funcionamiento, explico lo que he hecho:

1.- Instale con yum --enablerepo=epel -y install proftpd

2.- modifique el conf  nano /etc/proftpd.conf

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName                 "mi direccion ip"
ServerIdent on "FTP Server ready."
ServerAdmin admin en cjtterabyte.com
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off

# Use this to excude users from the chroot
DefaultRoot ~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off

# Port 21 is the standard FTP port.
Port 21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Default to show dot files in directory listings
ListOptions "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
RootLogin on
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP

# get access log
ExtendedLog     /var/log/proftpd/access.log

# get auth log
ExtendedLog     /var/log/proftpd/auth.log

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20

# Set the user and group that the server normally runs at.
User nobody
Group nobody

# Disable sendfile by default since it breaks displaying the download
speeds in
# ftptop and ftpwho
UseSendfile no

# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
AllowOverwrite on
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
RootLogin on
</Global>

# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
RootLogin on

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
#   LoadModule mod_sql.c
#   LoadModule mod_sql_mysql.c
#   LoadModule mod_sql_postgres.c
#</IfModule>

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User ftp
#  Group ftp
#  AccessGrantMsg "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients 10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin /welcome.msg
#  DisplayFirstChdir .message
#  DisplayReadme README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser on ftp
#  DirFakeGroup on ftp
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog off
#
#  # Logging for the anonymous transfers
#  ExtendedLog /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

3.- configure mi firewall: nano /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Wed May 22 14:20:07 2013
*filter
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

4.- Configure el archivo proftpd. nano /etc/pam.d/proftpd

#%PAM-1.0
auth       required pam_listfile.so item=user sense=deny file=/etc/ftpusers
onerr=succeed
auth       required pam_stack.so service=system-auth
auth       required     pam_unix.so nullok
account    required     pam_unix.so
session    required     pam_unix.so

5.- Di permiso al usuario root para conectarse. nano /etc/ftpusers y
elimine el usuario root.

5.- Reinicio el firewall - service iptables restart

6.- Arranco el servicio - service proftpd start

y cuando intento conectarme con el filezilla client:

Estado: Conectando a mi direccion ip.
Estado: Conexión establecida, esperando el mensaje de bienvenida...
Respuesta: 220 FTP Server ready.
Comando: USER root
Respuesta: 331 Password required for root
Comando: PASS ********
Respuesta: 530 Login incorrect.
Error: Error crítico
Error: No se pudo conectar al servidor

7.1.- Access Log:

200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 -
200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)"
530 -

7.2.- Auth Log:

200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 -
200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)"
530 -

Y disculpen mi ignorancia en estas novatadas pero estoy cambiando de
windows a linux y mi ultimo contacto con linux fue hace 15 años en unix,

Saludos,



*Wilmer Arambula. *
*Asoc. Cooperativa Tecnologia Terabyte 124, RL.
Tlfs: +58 02512623601 - +58 4125110921.
Venezuela.*
*
Representante Para Venezuela.*

Más información sobre la lista de distribución CentOS-es