[luau] Secure FTP to RedHat 7.3 box?

Erich S. sharky at websharx.com
Mon Dec 9 21:44:00 PST 2002 

Hi All,

I'm kinda stumped, I still can't seem to connect via Dreamweaver (DMX).

DMX is set up to use passive FTP, and when I click on the 'test' button in
DMX, plink fires up with it's session, and I can log in with my username
and password. After logging in and minimizing the plink window, it
searches for host (127.0.0.1) and comes up with an FTP error:

An FTP error occurred - cannot make connection to host
530 Login Incorrect


/var/log/messages shows the connection via ssh, then proftp, then the 
failure:

Dec  9 21:29:51 tiger sshd(pam_unix)[4262]: session opened for user sharky by (uid=0)
Dec  9 21:30:10 tiger proftpd[4283]: tiger.xx (tiger.xx[xx.yy.zz.zz]) - FTP session opened.
Dec  9 21:30:10 tiger PAM_pwdb[4283]: authentication failure; (uid=0) -> sharky for ftp service
Dec  9 21:30:11 tiger proftpd[4283]: tiger.xx (tiger.xx[xx.yy.zz.zz]) - PAM(sharky): Authentication failure.
Dec  9 21:30:11 tiger proftpd[4283]: tiger.xx (tiger.xx[xx.yy.zz.zz]) - FTP session closed.


* While SSH'd in trying to 'ftp localhost' get's a Connection refused
* While SSH'd in I can ftp to my.live.ip.address and use my username/pass 
and get my user directory (yay)
* FTP from the outside get's refused and anonymous does not work (yay)

Are there other user files that need to be configured for ProFTPD? I'm 
probably missing something simple, but am not familiar enough with these 
packages to know what I've missed. Is it a PAM issue?

Sorry for the long post and thanks again in advance. I've listed my notes 
after the sig.

Sharky

========================================================================
120902


I still feel pretty lame and a bit tired from reading through web docs and
google groups. I've done the following:

1) Downloaded and installed rpms for proftpd-1.2.6-1,
proftpd-inetd-1.2.6-1

2) Created a basic PAM file for proftpd in /etc/pam.d/proftpd
auth       required     /lib/security/pam_listfile.so item=user sense=deny 
file=/etc/ftpusers onerr=succeed

auth       required     /lib/security/pam_pwdb.so shadow nullok
auth       required     /lib/security/pam_shells.so
account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so

3) Added in the changes in /etc/proftpd.conf noted by Brian in his earlier
post. (NOTE: user and group is set to nobody/nobody for proftpd)

AllowForeignAddress on

#ES%120902 - Limit it to just local hits for FTP
<Limit LOGIN>
Order   allow, deny
Allow from xx.yy.zz.zz, 127.0.0.1
Deny from all
</Limit>

4) Created an entry in /etc/xinetd/ called proftpd

# ES%120902
# default: off
# description: ProFTPd daemon provides FTP support \
#
service ftp
{
        flags           = REUSE
        socket_type     = stream
        instances       = 50
        wait            = no
        user            = root
        server          = /usr/sbin/proftpd
        bind            = xx.yy.zz.zz
        log_on_success  = HOST PID
        log_on_failure  = HOST RECORD
}

===========================================================

More information about the LUAU mailing list