[CentOS-es] Problema proftpd Centos 6.4.
angel jauregui
darkdiabliyo en gmail.com
Mie Mayo 22 21:32:47 UTC 2013
La verdad no veo nada mal en tu archivo de configuración...
Excepto el echo de que (para mi gusto) no es bueno dejar habilitada la
conexion para root, siempre es mejor conectarte con una cuenta de usuario
(/home).
Y sobre los LOGS creo que es un poco pobre la informacion, ya que
claramente menciona que no reconoce la cuenta root :S (cosa rara).
Saludos !
2013/5/22 Wilmer Arambula <tecnologiaterabyte en gmail.com>
> Buenos dias decidi instalar proftpd y no puedo conectarme al vps ha sido
> imposible he leido pero no me deja conectarme con root, para probar su
> funcionamiento, explico lo que he hecho:
>
> 1.- Instale con yum --enablerepo=epel -y install proftpd
>
> 2.- modifique el conf nano /etc/proftpd.conf
>
> # This is the ProFTPD configuration file
> # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
>
> ServerName "mi direccion ip"
> ServerIdent on "FTP Server ready."
> ServerAdmin admin en cjtterabyte.com
> ServerType standalone
> #ServerType inetd
> DefaultServer on
> AccessGrantMsg "User %u logged in."
> #DisplayConnect /etc/ftpissue
> #DisplayLogin /etc/ftpmotd
> #DisplayGoAway /etc/ftpgoaway
> DeferWelcome off
>
> # Use this to excude users from the chroot
> DefaultRoot ~ !adm
>
> # Use pam to authenticate (default) and be authoritative
> AuthPAMConfig proftpd
> AuthOrder mod_auth_pam.c* mod_auth_unix.c
>
> # Do not perform ident nor DNS lookups (hangs when the port is filtered)
> IdentLookups off
> UseReverseDNS off
>
> # Port 21 is the standard FTP port.
> Port 21
>
> # Umask 022 is a good standard umask to prevent new dirs and files
> # from being group and world writable.
> Umask 022
>
> # Default to show dot files in directory listings
> ListOptions "-a"
>
> # See Configuration.html for these (here are the default values)
> #MultilineRFC2228 off
> RootLogin on
> #LoginPasswordPrompt on
> #MaxLoginAttempts 3
> #MaxClientsPerHost none
> #AllowForeignAddress off # For FXP
>
> # get access log
> ExtendedLog /var/log/proftpd/access.log
>
> # get auth log
> ExtendedLog /var/log/proftpd/auth.log
>
> # Allow to resume not only the downloads but the uploads too
> AllowRetrieveRestart on
> AllowStoreRestart on
>
> # To prevent DoS attacks, set the maximum number of child processes
> # to 30. If you need to allow more than 30 concurrent connections
> # at once, simply increase this value. Note that this ONLY works
> # in standalone mode, in inetd mode you should use an inetd server
> # that allows you to limit maximum number of processes per service
> # (such as xinetd)
> MaxInstances 20
>
> # Set the user and group that the server normally runs at.
> User nobody
> Group nobody
>
> # Disable sendfile by default since it breaks displaying the download
> speeds in
> # ftptop and ftpwho
> UseSendfile no
>
> # This is where we want to put the pid file
> ScoreboardFile /var/run/proftpd.score
>
> # Normally, we want users to do a few things.
> <Global>
> AllowOverwrite on
> <Limit ALL SITE_CHMOD>
> AllowAll
> </Limit>
> RootLogin on
> </Global>
>
> # Define the log formats
> LogFormat default "%h %l %u %t \"%r\" %s %b"
> LogFormat auth "%v [%P] %h %t \"%r\" %s"
> RootLogin on
>
> # TLS
> # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
> #TLSEngine on
> #TLSRequired on
> #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
> #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
> #TLSCipherSuite ALL:!ADH:!DES
> #TLSOptions NoCertRequest
> #TLSVerifyClient off
> ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
> #TLSLog /var/log/proftpd/tls.log
>
> # SQL authentication Dynamic Shared Object (DSO) loading
> # See README.DSO and howto/DSO.html for more details.
> #<IfModule mod_dso.c>
> # LoadModule mod_sql.c
> # LoadModule mod_sql_mysql.c
> # LoadModule mod_sql_postgres.c
> #</IfModule>
>
> # A basic anonymous configuration, with an upload directory.
> #<Anonymous ~ftp>
> # User ftp
> # Group ftp
> # AccessGrantMsg "Anonymous login ok, restrictions apply."
> #
> # # We want clients to be able to login with "anonymous" as well as "ftp"
> # UserAlias anonymous ftp
> #
> # # Limit the maximum number of anonymous logins
> # MaxClients 10 "Sorry, max %m users -- try again later"
> #
> # # Put the user into /pub right after login
> # #DefaultChdir /pub
> #
> # # We want 'welcome.msg' displayed at login, '.message' displayed in
> # # each newly chdired directory and tell users to read README* files.
> # DisplayLogin /welcome.msg
> # DisplayFirstChdir .message
> # DisplayReadme README*
> #
> # # Some more cosmetic and not vital stuff
> # DirFakeUser on ftp
> # DirFakeGroup on ftp
> #
> # # Limit WRITE everywhere in the anonymous chroot
> # <Limit WRITE SITE_CHMOD>
> # DenyAll
> # </Limit>
> #
> # # An upload directory that allows storing files but not retrieving
> # # or creating directories.
> # <Directory uploads/*>
> # AllowOverwrite no
> # <Limit READ>
> # DenyAll
> # </Limit>
> #
> # <Limit STOR>
> # AllowAll
> # </Limit>
> # </Directory>
> #
> # # Don't write anonymous accesses to the system wtmp file (good idea!)
> # WtmpLog off
> #
> # # Logging for the anonymous transfers
> # ExtendedLog /var/log/proftpd/access.log WRITE,READ default
> # ExtendedLog /var/log/proftpd/auth.log AUTH auth
> #
> #</Anonymous>
>
> 3.- configure mi firewall: nano /etc/sysconfig/iptables
>
> # Generated by iptables-save v1.4.7 on Wed May 22 14:20:07 2013
> *filter
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
>
> 4.- Configure el archivo proftpd. nano /etc/pam.d/proftpd
>
> #%PAM-1.0
> auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers
> onerr=succeed
> auth required pam_stack.so service=system-auth
> auth required pam_unix.so nullok
> account required pam_unix.so
> session required pam_unix.so
>
> 5.- Di permiso al usuario root para conectarse. nano /etc/ftpusers y
> elimine el usuario root.
>
> 5.- Reinicio el firewall - service iptables restart
>
> 6.- Arranco el servicio - service proftpd start
>
> y cuando intento conectarme con el filezilla client:
>
> Estado: Conectando a mi direccion ip.
> Estado: Conexión establecida, esperando el mensaje de bienvenida...
> Respuesta: 220 FTP Server ready.
> Comando: USER root
> Respuesta: 331 Password required for root
> Comando: PASS ********
> Respuesta: 530 Login incorrect.
> Error: Error crítico
> Error: No se pudo conectar al servidor
>
> 7.1.- Access Log:
>
> 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 -
> 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)"
> 530 -
>
> 7.2.- Auth Log:
>
> 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:09 +0400] "USER root" 331 -
> 200.8.245.190 UNKNOWN nobody [22/May/2013:15:49:10 +0400] "PASS (hidden)"
> 530 -
>
> Y disculpen mi ignorancia en estas novatadas pero estoy cambiando de
> windows a linux y mi ultimo contacto con linux fue hace 15 años en unix,
>
> Saludos,
>
>
>
> *Wilmer Arambula. *
> *Asoc. Cooperativa Tecnologia Terabyte 124, RL.
> Tlfs: +58 02512623601 - +58 4125110921.
> Venezuela.*
> *
> Representante Para Venezuela.*
> _______________________________________________
> CentOS-es mailing list
> CentOS-es en centos.org
> http://lists.centos.org/mailman/listinfo/centos-es
>
--
M.S.I. Angel Haniel Cantu Jauregui.
Celular: (011-52-1)-899-871-17-22
E-Mail: angel.cantu en sie-group.net
Web: http://www.sie-group.net/
Cd. Reynosa Tamaulipas.
Más información sobre la lista de distribución CentOS-es