1

I've setup a new proftpd server with mod_sftp for SSH support, that I'm able to login to when I use a password. But when I try to use my SSH key, I'm unable to connect.

Here's the full proftpd.conf file:

[root@myers log]# cat /usr/etc/proftpd.conf
ServerName                      "Develop CENTS"
ServerType                      standalone
DefaultServer                   on

Port                            2215

UseIPv6                         off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

MaxInstances                    15

User                            nobody
Group                           nobody

DefaultRoot ~

AllowOverwrite          on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

<IfModule mod_auth_pam.c>
    AuthPAM off
</IfModule>

<IfModule mod_sftp.c>
SFTPEngine on
SFTPHostKey /usr/etc/proftpd/rsa_key
SFTPHostKey /usr/etc/proftpd/dsa_key
Port 2216
SFTPAuthMethods publickey      
MaxLoginAttempts 4
SFTPCompression delayed

        <VirtualHost www.mydomain.com>
        SFTPAuthorizedUserKeys file:/home/mydomain.com/.ssh/authorized_keys
        DefaultRoot ~
        </VirtualHost>
</IfModule>

Here's a line I see in /var/log/messages regardless of the authentication method used:

Mar 19 10:41:51 myers proftpd[29675]: myhost.com - unable to create namebind for 'www.mydomain.com' to IPAddress#21: No such file or directory

Other than that, the only thing appearing in the log file when I attempt to connect with a SSH key, is that the client does reach the server and a SSH2 session is opened, but the very next line indicates the SSH2 session is closed.

Any ideas?

Castaglia
  • 3,349
  • 3
  • 21
  • 42
David W
  • 3,453
  • 5
  • 36
  • 62

2 Answers2

1
Mar 19 10:41:51 myers proftpd[29675]: myhost.com - unable to create namebind for 'www.mydomain.com' to IPAddress#21: No such file or directory

It's just a cosmetic warning. As I understood you are using proftpd-1.3.5.

As part of the final work on 1.3.5, I started adding some of the foundation for supporting the HOST command (RFC 7151), which will give FTP true name-based virtual hosting support. That added code is what is complaining (erroneouly) here. I have fixed up that code, which was erroneously logging that NOTICE level log message, in the master branch on GitHub. I'll also be updating the 1.3.5 branch so that that message is not logged so noisily, for the next maint release (which should be quite soon now).

You can find more at - http://sourceforge.net/p/proftp/mailman/proftp-user/thread/alpine.DEB.2.00.1503301702090.3566%40familiar.castaglia.org/#msg33678099

ALex_hha
  • 7,193
  • 1
  • 25
  • 40
1

From your configuration, it looks like you'd like a normal FTP server on port 2215, and the SFTP server on port 2216. In order to do this, you would need the mod_sftp configuration in its own <VirtualHost> section. As your configuration stands, both Port directives appear in the same "vhost" context, and thus ProFTPD, when parsing the configuration, may not do what you expect. I would recommend using something like:

# ... previous config ...
<IfModule mod_auth_pam.c>
    AuthPAM off
</IfModule>

<IfModule mod_sftp.c>
  # Here we give mod_sftp its own explicit vhost, and put all of
  # of the mod_sftp configuration within that <VirtualHost> section.
  <VirtualHost www.mydomain.com>
    Port 2216

    SFTPEngine on
    SFTPHostKey /usr/etc/proftpd/rsa_key
    SFTPHostKey /usr/etc/proftpd/dsa_key
    SFTPAuthMethods publickey      
    MaxLoginAttempts 4
    SFTPCompression delayed
    SFTPAuthorizedUserKeys file:/home/mydomain.com/.ssh/authorized_keys
    DefaultRoot ~
  </VirtualHost>
</IfModule>

Hope this helps!

Castaglia
  • 3,349
  • 3
  • 21
  • 42