0

I have installed proftpd in Centos Server, mainly for secured ftp access. But, frequently, the user are able to access the sftp server.

When i check the current process information for each FTP session using ftpwho i am getting the error as below.

30525 (none)   [15h27m] (authenticating)
30686 (none)   [15h26m] (authenticating)
31927 (none)   [15h26m] (authenticating)
32029 (none)   [15h25m] (authenticating)
32251 (none)   [15h25m] (authenticating)
32364 (none)   [15h24m] (authenticating)
18396 (none)   [ 14h9m] (authenticating)
19608 (none)   [ 14h9m] (authenticating)
19726 (none)   [ 14h9m] (authenticating)
19887 (none)   [ 14h8m] (authenticating)
20059 (none)   [ 14h8m] (authenticating)
20092 (none)   [ 14h7m] (authenticating)
20122 (none)   [ 14h7m] (authenticating)
20262 (none)   [ 14h7m] (authenticating)

Below is my proftpd configuration file 

 ServerName                      "ProFTPD"
    AuthUserFile /etc/proftpd/passwd.vhosts
    ServerType                      standalone
    DeferWelcome                    off
    DefaultServer                   on
    DefaultRoot ~ !wheel

# Port 21 is the standard FTP port.
IdentLookups off

<IfModule mod_tls.c>
    TLSEngine on
    TLSProtocol SSLv23
    TLSRequired off
    TLSRSACertificateFile /etc/ftpd-rsa.pem
    TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
    TLSVerifyClient off
    TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
     TLSOptions NoSessionReuseRequired
</IfModule>
#AuthPAM off
TransferLog /usr/local/apache/domlogs/ftpxferlog
UseReverseDNS off


Port                7634
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# Set the user and group that the server normally runs at.
User                            root
Group               nobody
SFTPEngine      On
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key

DefaultRoot /home
# Normally, we want files to be overwriteable.
<Directory />
  AllowOverwrite                on
</Directory>

# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
UseFtpUsers on
RequireValidShell off
  User                          ftp
  Group                         ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients                    10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin           welcome.msg
  DisplayChdir          .message true

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>

Can anyone provide the solution for it.

Castaglia
  • 3,349
  • 3
  • 21
  • 42
Mughil
  • 1,929
  • 1
  • 19
  • 28
  • 1
    Why not use the better supported FTPS? – Lucas Kauffman Jan 11 '12 at 06:50
  • Why do you have the TLS engine on if you're using SFTP? SFTP is not secured FTP, it is SSH File Transfer (an no that's not FTP over SSH either, SFTP has very little to do with FTP). As Lucas implied, you're probably looking for FTPS (Likely FTPiS since you've got SSLv23 turned on). – Chris S Jan 16 '12 at 14:49
  • Also just noticed that you've got TLS1 and SSL3 included in the cypher lists, they aren't compatible, you can't run both at the same time. The SSL protocols supply implicit security (security is negotiated before the application protocol begins). The TLS protocols supply explicit security (the application protocol has to request security be enabled). – Chris S Jan 16 '12 at 14:57

1 Answers1

2

The CentOS / RHEL version of ProFTPd does not come with mod_sftp built-in.

You must recompile it with support. There is a great blog entry here, covering the topic:

http://redhatvn.net/how-to-sftp-support-in-proftpd

I should also note that, most of the time, sftp is taken care of by the OpenSSH daemon. ProFTPd's mod_sftp is a relatively new development, and probably not documented as well.

Matt Simmons
  • 20,396
  • 10
  • 68
  • 116