ProFTPd issues, incorrect password
Specs:
CentOS 5.2
Latest ProFTPd
I'm trying to setup ProFTPd so that I can login using my regular user accounts. Whenever I attempt to login I get a "Login failed" response. I did some searching and it seems like this can be from a variety of different causes and to look in the logs to see what the actual cause is. From reading the logs it says that my password is wrong.
I have stripped my config file down to a very basic one for debug purposes. Here it is:
> DefaultRoot ~
ServerName "Mike's FTP Server"
ServerIdent on "FTP Server ready."
ServerType standalone
DefaultServer on
Port 21
Umask 022
MaxInstances 2
User nobody
Group nobody
Any ideas why it's not allowing me to use the standard user accounts? I've tried a couple different user accounts and they all give the same results.
13 Replies
@freedomischaos:
Don't really have much time to be posting, quick google search found this:
http://www.castaglia.org/proftpd/doc/co … ation.html">http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Authentication.html
I don't think I want any of those though. I want to just use the regular users from /etc/passwd.
RequireValidShell off
Set this so you can make FTP users that do not have shell access to the machine.
Alternatively you can add /sbin/nologin to /etc/shells.
IdentLookups off
What else is there in your proftpd config? How is your authentication setup? Are you using PAM or something "in-house"?
zmog ftp is evil, use ssh.
Seriously, OpenSSH's supplied config file has directives in it to enable SCP access, it already talks to PAM/passwd, and its secure. Unless you have a need for ftp, I'd look into using SCP instead.
There are some really nice upload management tools that just work better with ftp.
You can however often use ssl to secure the authentication. I've never done it though, I just use scp or rsync over ssh.
! people still use macs?!?!
There are many benefits to using FTP over SCP, it really depends on what you're trying to accomplish.
In my situation, I like to do some hosting for people. I don't advise them to go download WinSCP and learn how to use "keyfiles" to authenticate to the server. FTP provides them an easy and highly supported way to authenticate, and I provide explicit SSL to boot if they so wish to choose it.
@A-KO:
FTP is good in situations when you do not want users to have shell access. On top of that, you can allow anonymous connections for file transfers and things of that nature.
Check out scponly
Subsystem sftp /usr/libexec/sftp-server
@sshd_config(5):
Subsystem
Configures an external subsystem (e.g. file transfer daemon).
Arguments should be a subsystem name and a command (with optional
arguments) to execute upon subsystem request.
The command sftp-server(8) implements the ``sftp'' file transfer
subsystem.
Alternately the name ``internal-sftp'' implements an in-process
``sftp'' server. This may simplify configurations using
ChrootDirectory to force a different filesystem root on clients.
By default no subsystems are defined. Note that this option
applies to protocol version 2 only.