[luau] Secure FTP to RedHat 7.3 box?

Brian Chee chee at hawaii.edu
Tue Dec 10 08:43:01 PST 2002


Actually this sounds like you may have a restriction on root logins....with
UID 0.....so perhaps I would look at PAM.

/brian

University of Hawaii ICS Dept
Advanced Network Computing Lab
1680 East West Road, POST rm 311
Honolulu, HI  96822
808-956-5797 voice, 808-956-5175 fax

----- Original Message -----
From: "Erich S." <sharky at websharx.com>
To: <luau at videl.ics.hawaii.edu>
Sent: Monday, December 09, 2002 9:47 PM
Subject: Re: [luau] Secure FTP to RedHat 7.3 box?


> Hi All,
>
> I'm kinda stumped, I still can't seem to connect via Dreamweaver (DMX).
>
> DMX is set up to use passive FTP, and when I click on the 'test' button in
> DMX, plink fires up with it's session, and I can log in with my username
> and password. After logging in and minimizing the plink window, it
> searches for host (127.0.0.1) and comes up with an FTP error:
>
> An FTP error occurred - cannot make connection to host
> 530 Login Incorrect
>
>
> /var/log/messages shows the connection via ssh, then proftp, then the
> failure:
>
> Dec  9 21:29:51 tiger sshd(pam_unix)[4262]: session opened for user sharky
by (uid=0)
> Dec  9 21:30:10 tiger proftpd[4283]: tiger.xx (tiger.xx[xx.yy.zz.zz]) -
FTP session opened.
> Dec  9 21:30:10 tiger PAM_pwdb[4283]: authentication failure; (uid=0) ->
sharky for ftp service
> Dec  9 21:30:11 tiger proftpd[4283]: tiger.xx (tiger.xx[xx.yy.zz.zz]) -
PAM(sharky): Authentication failure.
> Dec  9 21:30:11 tiger proftpd[4283]: tiger.xx (tiger.xx[xx.yy.zz.zz]) -
FTP session closed.
>
>
> * While SSH'd in trying to 'ftp localhost' get's a Connection refused
> * While SSH'd in I can ftp to my.live.ip.address and use my username/pass
> and get my user directory (yay)
> * FTP from the outside get's refused and anonymous does not work (yay)
>
> Are there other user files that need to be configured for ProFTPD? I'm
> probably missing something simple, but am not familiar enough with these
> packages to know what I've missed. Is it a PAM issue?
>
> Sorry for the long post and thanks again in advance. I've listed my notes
> after the sig.
>
> Sharky
>
> ========================================================================
> 120902
>
>
> I still feel pretty lame and a bit tired from reading through web docs and
> google groups. I've done the following:
>
> 1) Downloaded and installed rpms for proftpd-1.2.6-1,
> proftpd-inetd-1.2.6-1
>
> 2) Created a basic PAM file for proftpd in /etc/pam.d/proftpd
> auth       required     /lib/security/pam_listfile.so item=user sense=deny
> file=/etc/ftpusers onerr=succeed
>
> auth       required     /lib/security/pam_pwdb.so shadow nullok
> auth       required     /lib/security/pam_shells.so
> account    required     /lib/security/pam_pwdb.so
> session    required     /lib/security/pam_pwdb.so
>
> 3) Added in the changes in /etc/proftpd.conf noted by Brian in his earlier
> post. (NOTE: user and group is set to nobody/nobody for proftpd)
>
> AllowForeignAddress on
>
> #ES%120902 - Limit it to just local hits for FTP
> <Limit LOGIN>
> Order   allow, deny
> Allow from xx.yy.zz.zz, 127.0.0.1
> Deny from all
> </Limit>
>
> 4) Created an entry in /etc/xinetd/ called proftpd
>
> # ES%120902
> # default: off
> # description: ProFTPd daemon provides FTP support \
> #
> service ftp
> {
>         flags           = REUSE
>         socket_type     = stream
>         instances       = 50
>         wait            = no
>         user            = root
>         server          = /usr/sbin/proftpd
>         bind            = xx.yy.zz.zz
>         log_on_success  = HOST PID
>         log_on_failure  = HOST RECORD
> }
>
> ===========================================================
>
> _______________________________________________
> LUAU mailing list
> LUAU at videl.ics.hawaii.edu
> http://videl.ics.hawaii.edu/mailman/listinfo/luau




More information about the LUAU mailing list