Menu
▾
▴
Re: [Proftpd-user] Can't login using sftp
|
From: Larry M. <Lar...@ca...> - 2023-09-01 12:40:21
|
Hi Matus. I created the "conf.d/sftp.conf" because I found this: https://www.digitalocean.com/community/tutorials/how-to-configure-proftpd-to-use-sftp-instead-of-ftp I think I may have made a little progress. I realized that I had to 1. uncomment "LoadModule mod_sftp.c" in "modules.conf". 2. sudo chmod g-r /etc/ssh/ssh_host_rsa_key 3. comment out "SFTPHostKey /etc/ssh/ssh_host_dsa_key" in "conf.d/sftp.conf" (that file doesn't exist) I'm still not able to connect, but now when I run the service as an application I see an error: $ sudo /usr/sbin/proftpd --nodaemon daemon[214098]: processing configuration directory '/etc/proftpd/conf.d' daemon[214098]: mod_dso/0.5: module 'mod_sftp_pam.c' already loaded daemon[214098] 192.168.19.134: mod_sftp/1.0.0: detected OpenSSH-encoded private SFTPHostKey '/etc/ssh/ssh_host_rsa_key'; use `ssh-keygen -e -m PEM -f /etc/ssh/ssh_host_rsa_key` to convert to supported PEM-encoded key daemon[214098] 192.168.19.134: mod_sftp/1.0.0: error reading passphrase for SFTPHostKey '/etc/ssh/ssh_host_rsa_key': (unknown) daemon[214098] 192.168.19.134: mod_sftp/1.0.0: unable to use key in SFTPHostKey '/etc/ssh/ssh_host_rsa_key', exiting $ I've now run that "ssh-keygen -e -m PEM -f /etc/ssh/ssh_host_rsa_key" command and it generated an RSA PUBLIC KEY. But what do I do with that? Thanks. ________________________________ From: Matus UHLAR - fantomas <uh...@fa...> Sent: Friday, September 1, 2023 4:37 AM To: pro...@li... <pro...@li...> Subject: Re: [Proftpd-user] Can't login using sftp WARNING: This email originated from outside of CallMiner. Do not click any links or open any attachments unless you recognize the sender and know that the content is safe. Please report suspicious emails to: Rep...@Ca... <mailto:rep...@ca...> On 31.08.23 21:14, Larry Menard via Proftp-user wrote: > I've installed proftpd on a RedHat 8 test VM from the EPEL repository. > >$ rpm -qa | grep proftp >proftpd-1.3.6e-5.el8.x86_64 >proftpd-devel-1.3.6e-5.el8.x86_64 >$ > >I'm able to connect to the server on the VM using ftp and successfully login, but sftp doesn't even get off the ground. > >In a terminal on the same VM, I enter command "sftp -P 2222 username@localhost", but it just returns: > >ssh: connect to host localhost port 2222: Connection refused >Connection closed > >I've even downloaded the source and run "sudo prxs -c -i -d mod_sftp_pam.c", which says it was successful. > >Here is my "/etc/proftpd/conf.d/sftp.conf": is this included by default? ><IfModule mod_sftp.c> > > SFTPEngine on > Port 2222 > SFTPLog /var/log/proftpd/sftp.log > > # Configure both the RSA and DSA host keys, using the same host key > # files that OpenSSH uses. > SFTPHostKey /etc/ssh/ssh_host_rsa_key > SFTPHostKey /etc/ssh/ssh_host_dsa_key > > SFTPAuthMethods publickey password keyboard-interactive ># SFTPAuthMethods publickey ># SFTPAuthMethods keyboard-interactive > > SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u > > # Enable compression > SFTPCompression delayed > ></IfModule> > >At the bottom of my "/etc/proftpd.conf" I've appended: > > <IfModule mod_dso.c> > LoadModule mod_sftp_pam.c > </IfModule> are you sure mod_sftp is loaded? (I don't have redhat 8). >And I've created a "/etc/proftpd/conf.d/sftp_pam.conf" containing: > > <IfModule mod_sftp_pam.c> > SFTPPAMEngine on > SFTPPAMServiceName sftp > </IfModule> > >Port 2222 is open on the VM's firewall: > >$ sudo firewall-cmd --list-ports >21/tcp 22/tcp 1433/tcp 2222/tcp 8080/tcp 8443/tcp 20001/tcp 59140/tcp this only lists ports allowed on firewall, it does not mean any process is listening on those ports. >There is no "/var/log/proftpd/sftp.log" file. > >Am I missing something? -- Matus UHLAR - fantomas, uh...@fa... ; https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.fantomas.sk%2F&data=05%7C01%7CLarry.Menard%40callminer.com%7C33686fdf8a9c4010f6b008dbaac6ec2b%7C05fb0b836560417d856d38eeb0eb2dfd%7C1%7C0%7C638291543587168968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=jrc7JtKqljjEDf%2BnPBBaws9LUf%2FIVO9QgDlL50VDDiY%3D&reserved=0<http://www.fantomas.sk/> Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. One OS to rule them all, One OS to find them, One OS to bring them all and into darkness bind them _______________________________________________ ProFTPD Users List <pro...@pr...> Unsubscribe problems? https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.proftpd.org%2Flist-unsub.html&data=05%7C01%7CLarry.Menard%40callminer.com%7C33686fdf8a9c4010f6b008dbaac6ec2b%7C05fb0b836560417d856d38eeb0eb2dfd%7C1%7C0%7C638291543587325194%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=tHL9e15oMvcnt2phFKAvUw%2FzwHxXi5kdHtBpEc0XQEM%3D&reserved=0<http://www.proftpd.org/list-unsub.html> |
