You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(356) |
Nov
(380) |
Dec
(318) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(439) |
Feb
(396) |
Mar
(326) |
Apr
(364) |
May
(331) |
Jun
(300) |
Jul
(345) |
Aug
(367) |
Sep
(567) |
Oct
(690) |
Nov
(454) |
Dec
(328) |
2003 |
Jan
(507) |
Feb
(507) |
Mar
(556) |
Apr
(482) |
May
(529) |
Jun
(528) |
Jul
(534) |
Aug
(271) |
Sep
(333) |
Oct
(348) |
Nov
(340) |
Dec
(241) |
2004 |
Jan
(319) |
Feb
(331) |
Mar
(283) |
Apr
(259) |
May
(172) |
Jun
(212) |
Jul
(186) |
Aug
(264) |
Sep
(201) |
Oct
(138) |
Nov
(136) |
Dec
(107) |
2005 |
Jan
(130) |
Feb
(154) |
Mar
(116) |
Apr
(79) |
May
(123) |
Jun
(151) |
Jul
(65) |
Aug
(121) |
Sep
(113) |
Oct
(109) |
Nov
(134) |
Dec
(78) |
2006 |
Jan
(26) |
Feb
(83) |
Mar
(150) |
Apr
(83) |
May
(145) |
Jun
(80) |
Jul
(102) |
Aug
(99) |
Sep
(93) |
Oct
(26) |
Nov
(39) |
Dec
(46) |
2007 |
Jan
(78) |
Feb
(65) |
Mar
(77) |
Apr
(39) |
May
(63) |
Jun
(59) |
Jul
(53) |
Aug
(50) |
Sep
(93) |
Oct
(85) |
Nov
(35) |
Dec
(22) |
2008 |
Jan
(56) |
Feb
(26) |
Mar
(58) |
Apr
(45) |
May
(52) |
Jun
(52) |
Jul
(41) |
Aug
(34) |
Sep
(27) |
Oct
(75) |
Nov
(31) |
Dec
(69) |
2009 |
Jan
(54) |
Feb
(55) |
Mar
(57) |
Apr
(39) |
May
(40) |
Jun
(79) |
Jul
(49) |
Aug
(30) |
Sep
(46) |
Oct
(72) |
Nov
(89) |
Dec
(71) |
2010 |
Jan
(48) |
Feb
(73) |
Mar
(52) |
Apr
(28) |
May
(32) |
Jun
(48) |
Jul
(29) |
Aug
(38) |
Sep
(14) |
Oct
(32) |
Nov
(70) |
Dec
(46) |
2011 |
Jan
(33) |
Feb
(30) |
Mar
(79) |
Apr
(24) |
May
(29) |
Jun
(63) |
Jul
(22) |
Aug
(38) |
Sep
(27) |
Oct
(49) |
Nov
(41) |
Dec
(69) |
2012 |
Jan
(28) |
Feb
(21) |
Mar
(18) |
Apr
(50) |
May
(30) |
Jun
(16) |
Jul
(22) |
Aug
(15) |
Sep
(35) |
Oct
(37) |
Nov
(23) |
Dec
(19) |
2013 |
Jan
(40) |
Feb
(76) |
Mar
(18) |
Apr
(17) |
May
(27) |
Jun
(17) |
Jul
(67) |
Aug
(30) |
Sep
(27) |
Oct
(43) |
Nov
(13) |
Dec
(13) |
2014 |
Jan
(37) |
Feb
(36) |
Mar
(31) |
Apr
(3) |
May
(40) |
Jun
(20) |
Jul
(18) |
Aug
(23) |
Sep
(15) |
Oct
(28) |
Nov
(26) |
Dec
(20) |
2015 |
Jan
(10) |
Feb
(16) |
Mar
(8) |
Apr
(11) |
May
(6) |
Jun
(8) |
Jul
(6) |
Aug
(12) |
Sep
(4) |
Oct
(26) |
Nov
(13) |
Dec
(6) |
2016 |
Jan
(30) |
Feb
(19) |
Mar
(12) |
Apr
(15) |
May
(3) |
Jun
(20) |
Jul
|
Aug
(19) |
Sep
(17) |
Oct
(7) |
Nov
(15) |
Dec
(33) |
2017 |
Jan
(19) |
Feb
(18) |
Mar
(25) |
Apr
(25) |
May
(10) |
Jun
(2) |
Jul
(5) |
Aug
(9) |
Sep
|
Oct
(5) |
Nov
(18) |
Dec
(4) |
2018 |
Jan
(17) |
Feb
(14) |
Mar
(4) |
Apr
(8) |
May
(9) |
Jun
(9) |
Jul
(12) |
Aug
(26) |
Sep
(10) |
Oct
(2) |
Nov
(6) |
Dec
(2) |
2019 |
Jan
(4) |
Feb
(2) |
Mar
(4) |
Apr
(2) |
May
(16) |
Jun
(2) |
Jul
(5) |
Aug
(16) |
Sep
(13) |
Oct
(16) |
Nov
(7) |
Dec
(18) |
2020 |
Jan
(4) |
Feb
(6) |
Mar
(9) |
Apr
(21) |
May
(33) |
Jun
(15) |
Jul
(12) |
Aug
(2) |
Sep
(9) |
Oct
(2) |
Nov
(17) |
Dec
(9) |
2021 |
Jan
(16) |
Feb
(21) |
Mar
(8) |
Apr
(5) |
May
(4) |
Jun
(10) |
Jul
(13) |
Aug
(12) |
Sep
|
Oct
|
Nov
(5) |
Dec
(6) |
2022 |
Jan
(9) |
Feb
(3) |
Mar
(18) |
Apr
(7) |
May
(4) |
Jun
(5) |
Jul
(10) |
Aug
(4) |
Sep
(4) |
Oct
(2) |
Nov
(6) |
Dec
(8) |
2023 |
Jan
(3) |
Feb
(4) |
Mar
(24) |
Apr
(13) |
May
(1) |
Jun
|
Jul
(21) |
Aug
(1) |
Sep
(10) |
Oct
(5) |
Nov
|
Dec
(2) |
2024 |
Jan
(9) |
Feb
|
Mar
(1) |
Apr
|
May
(5) |
Jun
|
Jul
(1) |
Aug
(13) |
Sep
(5) |
Oct
(2) |
Nov
(9) |
Dec
(1) |
2025 |
Jan
(3) |
Feb
(12) |
Mar
(1) |
Apr
|
May
|
Jun
(5) |
Jul
(13) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Mathias M. <ma...@gm...> - 2025-07-17 22:49:44
|
Hello, I'm trying to setup an SFTP server on a RedHat 9 machine where users authenticate with winbind. I have those settings enabled: SFTPPAMEngine on SFTPPAMServiceName proftpd AuthOrder mod_auth_pam.c mod_auth_unix.c So local users can also connect (mostly for tests) My current proftp PAM file looks like: #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_shells.so auth include password-auth account include password-auth session required pam_loginuid.so session include password-auth Local users can connect (I guess thanks to mod_auth_unix.c) Network users cannot. I tried replacing password-auth with system-auth but that did not help. My guess is that some changes are needed in the PAM config file, but I have no clue what to change, and with which value. Any help welcome. |
From: Lists <li...@se...> - 2025-07-12 13:31:34
|
We customize the location of the config file as well. Sent from my iPhone > On Jul 11, 2025, at 6:32 PM, christian.audebert--- via Proftp-user <pro...@li...> wrote: > > Encountered similar problem just today. > > mod_sftp.c wasn't loaded, because It wasn't present with the install like > apt -y install proftpd proftpd-mod-mysql > > after fighting to resolve, founded that just add proftpd-mod-crypto on install resolve the problem. > So now, i use > apt -y install proftpd proftpd-mod-mysql proftpd-mod-crypto > and mod_sftp.c and mod_sftp.so are presents and usable. > > Claude.ai helped me a lot to find the solution. > > > -----Message d'origine----- > De : Matus UHLAR - fantomas <uh...@fa...> > Envoyé : vendredi 11 juillet 2025 20:13 > À : pro...@li... > Objet : Re: [Proftpd-user] Unknown configuration > >> On 11.07.25 13:52, Lists wrote: >> I was missing: >> >> LoadModule mod_sftp.c >> >> From my config. >> >> Sorry for the bother. > > No problem. > I just don't know where RH/clones do put their configs. > in debian it's /etc/proftpd/modules.conf > > it's not on mine but I often hugely modify my configs so it may be installed in original > >>>> On Jul 11, 2025, at 1:41 PM, Lists <li...@se...> wrote: >>> Odd. Proftpd -l does not list the module. Makes sense. But on my rhel8 sftp works yet proftpd does not list it either. Am I missing something? > >>>>> On 11.07.25 10:08, Lists wrote: >>>>> I see that mod_sftp.so is installed via proftpd rpm on rhel9, but I get unknown configuration directive ‘SFTPEngine’ error when starting proftpd. > >>>>> On Jul 11, 2025, at 12:40 PM, Matus UHLAR - fantomas <uh...@fa...> wrote: >>>> it might not be loaded in modules.conf or other included config > > -- > Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Atheism is a non-prophet organization. > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html > > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
From: <chr...@wa...> - 2025-07-11 22:30:37
|
Encountered similar problem just today. mod_sftp.c wasn't loaded, because It wasn't present with the install like apt -y install proftpd proftpd-mod-mysql after fighting to resolve, founded that just add proftpd-mod-crypto on install resolve the problem. So now, i use apt -y install proftpd proftpd-mod-mysql proftpd-mod-crypto and mod_sftp.c and mod_sftp.so are presents and usable. Claude.ai helped me a lot to find the solution. -----Message d'origine----- De : Matus UHLAR - fantomas <uh...@fa...> Envoyé : vendredi 11 juillet 2025 20:13 À : pro...@li... Objet : Re: [Proftpd-user] Unknown configuration On 11.07.25 13:52, Lists wrote: >I was missing: > >LoadModule mod_sftp.c > >From my config. > >Sorry for the bother. No problem. I just don't know where RH/clones do put their configs. in debian it's /etc/proftpd/modules.conf it's not on mine but I often hugely modify my configs so it may be installed in original >> On Jul 11, 2025, at 1:41 PM, Lists <li...@se...> wrote: >> Odd. Proftpd -l does not list the module. Makes sense. But on my rhel8 sftp works yet proftpd does not list it either. Am I missing something? >>>> On 11.07.25 10:08, Lists wrote: >>>> I see that mod_sftp.so is installed via proftpd rpm on rhel9, but I get unknown configuration directive ‘SFTPEngine’ error when starting proftpd. >>>> On Jul 11, 2025, at 12:40 PM, Matus UHLAR - fantomas <uh...@fa...> wrote: >>> it might not be loaded in modules.conf or other included config -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. _______________________________________________ ProFTPD Users List <pro...@pr...> Unsubscribe problems? http://www.proftpd.org/list-unsub.html |
From: Matus U. - f. <uh...@fa...> - 2025-07-11 18:13:27
|
On 11.07.25 13:52, Lists wrote: >I was missing: > >LoadModule mod_sftp.c > >From my config. > >Sorry for the bother. No problem. I just don't know where RH/clones do put their configs. in debian it's /etc/proftpd/modules.conf it's not on mine but I often hugely modify my configs so it may be installed in original >> On Jul 11, 2025, at 1:41 PM, Lists <li...@se...> wrote: >> Odd. Proftpd -l does not list the module. Makes sense. But on my rhel8 sftp works yet proftpd does not list it either. Am I missing something? >>>> On 11.07.25 10:08, Lists wrote: >>>> I see that mod_sftp.so is installed via proftpd rpm on rhel9, but I get unknown configuration directive ‘SFTPEngine’ error when starting proftpd. >>>> On Jul 11, 2025, at 12:40 PM, Matus UHLAR - fantomas <uh...@fa...> wrote: >>> it might not be loaded in modules.conf or other included config -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. |
From: Lists <li...@se...> - 2025-07-11 17:52:48
|
I was missing: LoadModule mod_sftp.c From my config. Sorry for the bother. Sent from my iPhone > On Jul 11, 2025, at 1:41 PM, Lists <li...@se...> wrote: > > Odd. Proftpd -l does not list the module. Makes sense. But on my rhel8 sftp works yet proftpd does not list it either. Am I missing something? > > > Sent from my iPhone > >>> On Jul 11, 2025, at 12:40 PM, Matus UHLAR - fantomas <uh...@fa...> wrote: >>> >>> On 11.07.25 10:08, Lists wrote: >>> I see that mod_sftp.so is installed via proftpd rpm on rhel9, but I get unknown configuration directive ‘SFTPEngine’ error when starting proftpd. >> >> it might not be loaded in modules.conf or other included config >> >> -- >> Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ >> Warning: I wish NOT to receive e-mail advertising to this address. >> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. >> Spam is for losers who can't get business any other way. >> >> >> _______________________________________________ >> ProFTPD Users List <pro...@pr...> >> Unsubscribe problems? >> http://www.proftpd.org/list-unsub.html |
From: Lists <li...@se...> - 2025-07-11 17:42:08
|
Odd. Proftpd -l does not list the module. Makes sense. But on my rhel8 sftp works yet proftpd does not list it either. Am I missing something? Sent from my iPhone > On Jul 11, 2025, at 12:40 PM, Matus UHLAR - fantomas <uh...@fa...> wrote: > > On 11.07.25 10:08, Lists wrote: >> I see that mod_sftp.so is installed via proftpd rpm on rhel9, but I get unknown configuration directive ‘SFTPEngine’ error when starting proftpd. > > it might not be loaded in modules.conf or other included config > > -- > Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Spam is for losers who can't get business any other way. > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
From: Matus U. - f. <uh...@fa...> - 2025-07-11 16:39:22
|
On 11.07.25 10:08, Lists wrote: >I see that mod_sftp.so is installed via proftpd rpm on rhel9, but I get unknown configuration directive ‘SFTPEngine’ error when starting proftpd. it might not be loaded in modules.conf or other included config -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Spam is for losers who can't get business any other way. |
From: Lists <li...@se...> - 2025-07-11 15:56:41
|
I see that mod_sftp.so is installed via proftpd rpm on rhel9, but I get unknown configuration directive ‘SFTPEngine’ error when starting proftpd. Suggestions? Thanks Geoffrey Myers Sent from my iPhone |
From: Cosmin N. <cos...@az...> - 2025-07-07 12:28:54
|
Hi guys, I'm trying to use mod_ifsession to change the DisplayLogin banner for a particular sftp user, with IfUser condition. This is the relevant setup used : DisplayLogin /opt/proftpd-sftp/etc/DisplayLogin #Global DisplayLogin <IfModule mod_ifsession.c> <IfUser regex ^cosmin$> DisplayLogin /opt/proftpd-sftp/etc/cosminDisplayLogin #PerUser DisplayLogin </IfUser> </IfModule> I also tried matching the user like: <IfUser cosmin> But no matter how I set it up, the DisplayLogin under IfUser seems to be ignored, and only showing the DisplayLogin globally configured, even though in the debug logs I see the IfUser directive is being matched. 2025-07-07 11:30:16,284 azno-ftp-protftp-test proftpd[1557058] 172.18.34.129 (172.18.248.148[172.18.248.148]): user 'cosmin' authenticated by mod_sql.c 2025-07-07 11:30:16,284 azno-ftp-protftp-test proftpd[1557058] 172.18.34.129 (172.18.248.148[172.18.248.148]): mod_ifsession/1.3.1: merging <IfUser regex ^cosmin$> directives in So, can anyone with experience in using IfUser directive, tell me please if I'm doing something wrong in the way I'm trying to use it? Best regards, Cosmin Neagu Network Architect Phone +40.744.625.033 ________________________________ From: Cosmin Neagu via Proftp-user <pro...@li...> Sent: Wednesday, July 2, 2025 11:29 AM To: ProFTPD Users <pro...@li...>; tj...@ca... <tj...@ca...> Cc: Cosmin Neagu <cos...@az...> Subject: Re: [Proftpd-user] PROFTPD - ERROR:> unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77) You were spot on TJ, that was actually the only difference between Test Server and Production server. On the test server, I had the DisplayLogin directive, but was pointing to a non-existent file. Once I created the login file, started to get the same error with the test instance as well. Any idea if there's another way (maybe not too complicated) to circumvent this for a particular SFTP client type? Other than removing the DisplayLogin banner? Kind of reluctant to disable the login banner in production, just for one sftp client - we have hundreds of clients. Best regards, Cosmin Neagu Network Architect Phone +40.744.625.033 ________________________________ From: TJ Saunders <tj...@ca...> Sent: Tuesday, June 24, 2025 8:34 PM To: ProFTPD Users <pro...@li...> Cc: Cosmin Neagu <cos...@az...> Subject: Re: [Proftpd-user] PROFTPD - ERROR:> unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77) > I have proftpd version 1.3.8b installed on 2 production servers, and a > client using TurboFTP client, complains about getting this error, after > succesfull authentication: > *unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error > #77)* Packet type 95 means that that unexpected packet is SSH2_MSG_CHANNEL_EXTENDED_DATA. It's not exactly common, which is why your particular SFTP client might be be handling it like other SFTP clients. In this case, the mod_sftp module uses SSH2_MSG_CHANNEL_EXTENDED_DATA to convey the contents of your DisplayLogin file to the client. You might try commenting out that DisplayLogin directive, restarting ProFTPD, and seeing if your SFTP client works without encountering that issue. Hope this helps, TJ |
From: Dieter B. <pr...@bl...> - 2025-07-07 07:54:53
|
Hello Benny, thank you for your answer! On Fri, Jul 04, Benny Pedersen via Proftp-user wrote: > Dieter Bloms via Proftp-user skrev den 2025-07-04 12:54: > > > > Then use "pkill -f '^proftpd: .* IDLE$”' to kill all IDLE sessions and > > then terminate the master process. > > if this works its a bug, master process should not allow hanging process to > exists, and i belive no one would not talk to the ctrl tool what to do > > i just have expirense from dovecot and postfix, when master is stopped, > hopefully proftpd is not diffrent :) Maybe I didn't express myself clearly. I have two proftpd instances behind a load balancer. If I want to restart the container with a new OCI image, then active uploads/downloads should not be cancelled. However, active sessions in IDLE mode (users are logged in, but not doing anything) should be terminated gradually so that only the master process is still running. As proftpd no longer allows new logins (ftpshut), it has run empty and can then be started with a new OCI image. Technically it works quite well. One problem is that during the transfer of a large file, the process name of the instance repeatedly has IDLE in its name, although data is definitely being actively transferred here. As a result, I would then cancel this active transfer and have an incorrect, incomplete file. -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. |
From: Benny P. <me...@ju...> - 2025-07-04 12:46:52
|
Dieter Bloms via Proftp-user skrev den 2025-07-04 12:54: > > Then use "pkill -f '^proftpd: .* IDLE$”' to kill all IDLE sessions and > then terminate the master process. if this works its a bug, master process should not allow hanging process to exists, and i belive no one would not talk to the ctrl tool what to do i just have expirense from dovecot and postfix, when master is stopped, hopefully proftpd is not diffrent :) |
From: Dieter B. <pr...@bl...> - 2025-07-04 11:13:32
|
Hello, I am running proftpd 1.3.9 in a docker container. Before I roll out a new OCI image, I want to make sure that no more active transfers are taking place. IDLE connections (users are logged in, but no operations are taking place) may be terminated, because some users unfortunately do not log out. My idea is to first set proftpd to maintenance mode with ftpshut so that no new connections are accepted. Then use "pkill -f '^proftpd: .* IDLE$”' to kill all IDLE sessions and then terminate the master process. However, I have noticed that even when transferring at 100MBit/s, proftpd keeps showing IDLE for this session in the process table for a short time, even when transferring at high speed. IDLE and WRITE are displayed alternately every second. Now my question: Is it possible to set a time after which the IDLE status is displayed in the process table? Or is there another sensible way to end the IDLE sessions? -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. |
From: Cosmin N. <cos...@az...> - 2025-07-02 08:29:47
|
You were spot on TJ, that was actually the only difference between Test Server and Production server. On the test server, I had the DisplayLogin directive, but was pointing to a non-existent file. Once I created the login file, started to get the same error with the test instance as well. Any idea if there's another way (maybe not too complicated) to circumvent this for a particular SFTP client type? Other than removing the DisplayLogin banner? Kind of reluctant to disable the login banner in production, just for one sftp client - we have hundreds of clients. Best regards, Cosmin Neagu Network Architect Phone +40.744.625.033 ________________________________ From: TJ Saunders <tj...@ca...> Sent: Tuesday, June 24, 2025 8:34 PM To: ProFTPD Users <pro...@li...> Cc: Cosmin Neagu <cos...@az...> Subject: Re: [Proftpd-user] PROFTPD - ERROR:> unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77) > I have proftpd version 1.3.8b installed on 2 production servers, and a > client using TurboFTP client, complains about getting this error, after > succesfull authentication: > *unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error > #77)* Packet type 95 means that that unexpected packet is SSH2_MSG_CHANNEL_EXTENDED_DATA. It's not exactly common, which is why your particular SFTP client might be be handling it like other SFTP clients. In this case, the mod_sftp module uses SSH2_MSG_CHANNEL_EXTENDED_DATA to convey the contents of your DisplayLogin file to the client. You might try commenting out that DisplayLogin directive, restarting ProFTPD, and seeing if your SFTP client works without encountering that issue. Hope this helps, TJ |
From: TJ S. <tj...@ca...> - 2025-06-24 17:51:37
|
> I have proftpd version 1.3.8b installed on 2 production servers, and a > client using TurboFTP client, complains about getting this error, after > succesfull authentication: > *unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error > #77)* Packet type 95 means that that unexpected packet is SSH2_MSG_CHANNEL_EXTENDED_DATA. It's not exactly common, which is why your particular SFTP client might be be handling it like other SFTP clients. In this case, the mod_sftp module uses SSH2_MSG_CHANNEL_EXTENDED_DATA to convey the contents of your DisplayLogin file to the client. You might try commenting out that DisplayLogin directive, restarting ProFTPD, and seeing if your SFTP client works without encountering that issue. Hope this helps, TJ |
From: Rob C. <rc...@gm...> - 2025-06-24 13:29:22
|
Ah sorry you will have to switch on tracing where you will see the negotiation of the client and the server in the log. That is where the client is identified and you can see things like the protocol version and so on being negotiated. I should have mentioned that my bad. Regards, Rob Coops On Tue, Jun 24, 2025 at 3:19 PM Cosmin Neagu <cos...@az...> wrote: > Hi Rob, > Thanks for the clarification. > Do you know how can I identify what version and what banner the client is > sending? Would need that to use SFTPClientMatch. Can't really catch it with > wireshark. > And maybe, what would be the default sftpProtocolVersion, cause it's not > stated in the docs. > > > Best regards, > > *Cosmin Neagu* > > Network Architect > > Phone +40.744.625.033 > ------------------------------ > *From:* Rob Coops <rc...@gm...> > *Sent:* Tuesday, June 24, 2025 3:49 PM > *To:* pro...@li... <pro...@li... > > > *Cc:* Cosmin Neagu <cos...@az...> > *Subject:* Re: [Proftpd-user] PROFTPD - ERROR:> unexp. packet type 95 in > respond to SSH_MSG_CHANNEL_REQUEST (error #77) > > Hi Cosmin, > > This looks very familiar, what is happening here is that the version of > the protocol used by the client and the server do not match. This happens > quite often when the client is slightly older. What happens is that the > client or the server but typically it is the client that does this has not > fully or correctly implemented the protocol version it claims to support. > As a result the one of the two sides will send a something over to the > other side that is unexpected and you end up with a disconnect because it > has no idea what to do with this. > > This part of the documentation: http://www.proftpd.org/docs/contrib/mod_sftp.html > [proftpd.org] > <https://urldefense.com/v3/__http://www.proftpd.org/docs/contrib/mod_sftp.html__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbcyu3Ciqc$> > and specifically this part: *SFTPClientMatch* will help you do this. > Using sftpProtocolVersion to force a older version (typically 3 will work > for nearly any client I have encountered) other things that you might want > to mess with are: *channelWindowSize* and *channelPacketSize* you will > have to experiment with this a bit or try and find someone else that > figured this out for you by lookig for the client identifier and one of > these key words. > > Another option is change the client ot something that is better able to > handle the protocol version it claims to be using. If you have a sftp > server with many different clients connecting and especially clients that > you have no control over be ready to add more of these mentods to force > those clients to use an older version than the advertise especially in the > business world there are quite a few older clients around or clients that > are very recent but have not implemented the protocol correctly. > > I hope that helps, best regards, > > Rob Coops > > On Tue, Jun 24, 2025 at 2:24 PM Cosmin Neagu via Proftp-user < > pro...@li...> wrote: > > Hi Guys, > I have this peculiar error, which I'm having a hard time to troubleshoot > it. > > I have proftpd version 1.3.8b installed on 2 production servers, and a > client using TurboFTP client, complains about getting this error, after > succesfull authentication: > *unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77)* > > Getting this issue on both production server, even though I setup a test > instance, same version, copy paste the config, and there I cannot replicate > the issue, it works. > Other SFTP clients (filezila, winscp etc) do not have this error. > > Would appreciate if someone can point me in the right direction to > troubleshoot this. > > > > Below the error, and debugs, and config > > #TurboFTP logs > TurboFTP 64-bit Version 7.10 Build 1573 - WinSock 2.0 > Unregistered evaluation copy. The evaluation period will expire in 29 > days. > STATUS:> Connecting to A.B.C.D Port 22 (try #1) ... > Server version: SSH-2.0-Azets FTP > COMMAND:> Sent client version string 'SSH-2.0-TurboFTP_SSHM_2.680' > STATUS:> Crypto negotiation done, Server to client cipher:aes128-ctr, > mac:hmac-sha2-256, compression:none. > STATUS:> Crypto negotiation done, Client to server cipher:aes128-ctr, > mac:hmac-sha2-256, compression:none. > STATUS:> Key exchange done with ecdh-sha2-nistp256 and host key algo: > rsa-sha2-256 > STATUS:> Authenticating with method 'password' > STATUS:> Login successful. > ERROR:> unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error > #77) > STATUS:> Wait 10 seconds and try again... > > > #Proftpd config: > ubuntu@FTP-PROD3:/opt/proftpd-sftp/etc$ cat proftpd.conf > DisplayConnect /opt/proftpd-sftp/etc/DisplayConnect > DisplayQuit /opt/proftpd-sftp/etc/DisplayQuit > DisplayLogin /opt/proftpd-sftp/etc/DisplayLogin > ServerIdent on "Azets FTP" > ServerName "Azets File Transfer Server" > UseReverseDNS off > MaxInstances 1000 > MaxClients 999 "Max Clients reached!" > MaxClientsPerHost 50 "Max Clients per Host reached!" > MaxClientsPerUser 50 "Max Client per User reached!" > MaxLoginAttempts 3 > TimeoutLogin 120 > TimeoutIdle 300 > TimeoutNoTransfer 300 > TimeoutStalled 300 > ServerType standalone > DefaultServer on > UseIPv6 off > Umask 066 077 > User nobody > Group nogroup > DefaultRoot ~ > AllowOverwrite on > AuthOrder mod_sql.c > SQLAuthenticate users > SQLConnectInfo PROFTPD@dburl user pass > SQLUserInfo USERS USER PASS UID GID DIR NULL > SQLUserWhereClause "SFTP=1" > SQLAuthTypes Crypt > SQLMinID 1999 > SQLDefaultGID 2000 > SQLLog PASS updatecount > SQLNamedQuery updatecount UPDATE "COUNT=COUNT+1,LAST=now() WHERE > USER='%u'" USERS > CreateHome on > WtmpLog off > <IfModule mod_unique_id.c> > LogFormat logformat "%{%Y-%m-%d %H:%M:%S}t.%{millisecs} %{UNIQUE_ID}e %a > %{remote-port} %u \"%r\" %s %S %bbytes %Tsec %{transfer-status} > %{transfer-type} %{protocol}" > ExtendedLog /var/log/proftpd/sftp-extended.log > AUTH,INFO,DIRS,READ,WRITE,MISC,SEC,EXIT logformat > </IfModule> > <IfModule mod_sftp.c> > Port 22 > SFTPEngine on > SFTPHostKey /opt/proftpd-sftp/etc/sftp.azets.com.rsa.key > SFTPHostKey /opt/proftpd-sftp/etc/sftp.azets.com.ecdsa.key > SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys > SFTPOptions IgnoreSFTPUploadPerms IgnoreSFTPSetOwners IgnoreSFTPSetPerms > IgnoreSFTPSetTimes > </IfModule> > <Limit SITE_CHMOD> > DenyAll > </Limit> > > > > > #PROD session logs with debug level 10 > > proftpd 172.18.128.117 [172.18.128.117] > <https://urldefense.com/v3/__http://172.18.128.117__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbc_megAu4$>: > ROOT PRIVS at main.c:1327 > proftpd 172.18.128.117 [172.18.128.117] > <https://urldefense.com/v3/__http://172.18.128.117__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbc_megAu4$>: > RELINQUISH PRIVS at main.c:1331 > proftpd 172.18.128.117 [172.18.128.117] > <https://urldefense.com/v3/__http://172.18.128.117__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbc_megAu4$>: > no matching vhost found for 172.18.128.117#22, using 'Azets File Transfer > Server' listening on wildcard address > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > main.c:1136 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SETUP PRIVS at > main.c:1141 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): session requested > from client in unknown class > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): performing module > session initializations > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_unique_id/0.2: > generating unique session ID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_unique_id/0.2: > unique session ID is 'aFm4zqwSgHVaX+nEABOGqwi7' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > keys.c:3644 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > keys.c:3651 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > keys.c:1026 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > keys.c:1033 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > keys.c:1026 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > keys.c:1033 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > keys.c:3644 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > keys.c:3651 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_sql/4.5: > defaulting to 'mysql' backend > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mod_delay.c:2111 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mod_delay.c:2114 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_log: opening > ExtendedLog '/var/log/proftpd/sftp-extended.log' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mod_log.c:1284 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mod_log.c:1287 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mod_auth.c:215 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): opening scoreboard > '/opt/proftpd-sftp/var/proftpd.scoreboard' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mod_auth.c:217 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AuthOrder in > effect, resetting auth module order > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): connected - local > : 172.18.128.117:22 [172.18.128.117] > <https://urldefense.com/v3/__http://172.18.128.117:22__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbcQl-o9Vs$> > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): connected - remote > : 90.95.233.196:40873 [90.95.233.196] > <https://urldefense.com/v3/__http://90.95.233.196:40873__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbceoM-eds$> > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SSH2 session opened. > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'KEXINIT' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'KEXINIT' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'ECDH_INIT' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'ECDH_INIT' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'NEWKEYS' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'NEWKEYS' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'SERVICE_REQUEST' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'SERVICE_REQUEST' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'USER user1' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'USER user1' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'USER user1' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'USER user1' to mod_auth > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'USER user1' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'USER user1' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USER user1' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USER user1' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USER user1' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_auth > precatel be removed in a future version. > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 > for user 'user1' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 > for user 'user1' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:1774 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:1777 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER PRIVS 2003 at > auth.c:403 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:405 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mkhome.c:326 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mkhome.c:371 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Config for Azets > File Transfer Server: > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Limit > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DenyAll > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayConnect > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayQuit > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayLogin > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ServerIdent > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClients > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClientsPerHost > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClientsPerUser > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxLoginAttempts > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutLogin > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutIdle > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutNoTransfer > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutStalled > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DefaultServer > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Umask > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DirUmask > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UserID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UserName > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): GroupID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): GroupName > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DefaultRoot > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AllowOverwrite > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AuthOrder > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLAuthenticate > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLConnectInfo > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUserTable > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUsernameField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLPasswordField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUidField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLGidField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLHomedirField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUserWhereClause > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLAuthTypes > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLMinID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLDefaultGID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLLog_PASS > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): > SQLNamedQuery_updatecount > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): CreateHome > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): WtmpLog > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): LogFormat > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ExtendedLog > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Port > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPEngine > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPHostKey > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPHostKey > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): > SFTPAuthorizedUserKeys > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPOptions > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:472 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): opening TransferLog > '/var/log/xferlog' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:513 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER PRIVS 2003 at > auth.c:166 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 > for user 'user1' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:171 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): set TZ environment > variable to 'UTC' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Preparing to chroot > to directory '/FTP/user1' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:1912 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:1915 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Environment > successfully chroot()ed > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:547 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SETUP PRIVS at > auth.c:548 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:574 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS at > auth.c:575 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): changed directory > to '/' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): in > dir_check_full(): path = '/', fullpath = '/FTP/user1/' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): in > dir_check_full(): setting umask to 0077 (was 0066) > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER user1: Login > successful > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): user 'user1' > authenticated by mod_sql.c > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_sftp > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_ls > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_auth > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mod_auth.c:2175 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UseReverseDNS off, > returning IP address instead of DNS name > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mod_auth.c:727 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS: ID > switching disabled > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS at > mod_auth.c:728 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS: > unable to seteuid(): Operation not permitted > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RootRevoke in > effect, dropped root privs > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_rlimit > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_xfer > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'PASS (hidden)' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'PASS (hidden)' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'PASS (hidden)' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'PASS (hidden)' to mod_auth > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER user1: Login > successful. > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'USERAUTH_REQUEST user1 password' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USERAUTH_REQUEST user1 password' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USERAUTH_REQUEST user1 password' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'CHANNEL_OPEN session' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'CHANNEL_OPEN session' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'CHANNEL_REQUEST subsystem' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'CHANNEL_REQUEST subsystem' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_sftp/1.1.1: > scrubbing 2 passphrases from memory > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SSH2 session closed. > > > Best regards, > > *Cosmin Neagu* > > Network Architect > > Phone +40.744.625.033 > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html [proftpd.org] > <https://urldefense.com/v3/__http://www.proftpd.org/list-unsub.html__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbcgtDqle8$> > > |
From: Cosmin N. <cos...@az...> - 2025-06-24 13:19:39
|
Hi Rob, Thanks for the clarification. Do you know how can I identify what version and what banner the client is sending? Would need that to use SFTPClientMatch. Can't really catch it with wireshark. And maybe, what would be the default sftpProtocolVersion, cause it's not stated in the docs. Best regards, Cosmin Neagu Network Architect Phone +40.744.625.033 ________________________________ From: Rob Coops <rc...@gm...> Sent: Tuesday, June 24, 2025 3:49 PM To: pro...@li... <pro...@li...> Cc: Cosmin Neagu <cos...@az...> Subject: Re: [Proftpd-user] PROFTPD - ERROR:> unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77) Hi Cosmin, This looks very familiar, what is happening here is that the version of the protocol used by the client and the server do not match. This happens quite often when the client is slightly older. What happens is that the client or the server but typically it is the client that does this has not fully or correctly implemented the protocol version it claims to support. As a result the one of the two sides will send a something over to the other side that is unexpected and you end up with a disconnect because it has no idea what to do with this. This part of the documentation: http://www.proftpd.org/docs/contrib/mod_sftp.html [proftpd.org]<https://urldefense.com/v3/__http://www.proftpd.org/docs/contrib/mod_sftp.html__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbcyu3Ciqc$> and specifically this part: SFTPClientMatch will help you do this. Using sftpProtocolVersion to force a older version (typically 3 will work for nearly any client I have encountered) other things that you might want to mess with are: channelWindowSize and channelPacketSize you will have to experiment with this a bit or try and find someone else that figured this out for you by lookig for the client identifier and one of these key words. Another option is change the client ot something that is better able to handle the protocol version it claims to be using. If you have a sftp server with many different clients connecting and especially clients that you have no control over be ready to add more of these mentods to force those clients to use an older version than the advertise especially in the business world there are quite a few older clients around or clients that are very recent but have not implemented the protocol correctly. I hope that helps, best regards, Rob Coops On Tue, Jun 24, 2025 at 2:24 PM Cosmin Neagu via Proftp-user <pro...@li...<mailto:pro...@li...>> wrote: Hi Guys, I have this peculiar error, which I'm having a hard time to troubleshoot it. I have proftpd version 1.3.8b installed on 2 production servers, and a client using TurboFTP client, complains about getting this error, after succesfull authentication: unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77) Getting this issue on both production server, even though I setup a test instance, same version, copy paste the config, and there I cannot replicate the issue, it works. Other SFTP clients (filezila, winscp etc) do not have this error. Would appreciate if someone can point me in the right direction to troubleshoot this. Below the error, and debugs, and config #TurboFTP logs TurboFTP 64-bit Version 7.10 Build 1573 - WinSock 2.0 Unregistered evaluation copy. The evaluation period will expire in 29 days. STATUS:> Connecting to A.B.C.D Port 22 (try #1) ... Server version: SSH-2.0-Azets FTP COMMAND:> Sent client version string 'SSH-2.0-TurboFTP_SSHM_2.680' STATUS:> Crypto negotiation done, Server to client cipher:aes128-ctr, mac:hmac-sha2-256, compression:none. STATUS:> Crypto negotiation done, Client to server cipher:aes128-ctr, mac:hmac-sha2-256, compression:none. STATUS:> Key exchange done with ecdh-sha2-nistp256 and host key algo: rsa-sha2-256 STATUS:> Authenticating with method 'password' STATUS:> Login successful. ERROR:> unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77) STATUS:> Wait 10 seconds and try again... #Proftpd config: ubuntu@FTP-PROD3:/opt/proftpd-sftp/etc$ cat proftpd.conf DisplayConnect /opt/proftpd-sftp/etc/DisplayConnect DisplayQuit /opt/proftpd-sftp/etc/DisplayQuit DisplayLogin /opt/proftpd-sftp/etc/DisplayLogin ServerIdent on "Azets FTP" ServerName "Azets File Transfer Server" UseReverseDNS off MaxInstances 1000 MaxClients 999 "Max Clients reached!" MaxClientsPerHost 50 "Max Clients per Host reached!" MaxClientsPerUser 50 "Max Client per User reached!" MaxLoginAttempts 3 TimeoutLogin 120 TimeoutIdle 300 TimeoutNoTransfer 300 TimeoutStalled 300 ServerType standalone DefaultServer on UseIPv6 off Umask 066 077 User nobody Group nogroup DefaultRoot ~ AllowOverwrite on AuthOrder mod_sql.c SQLAuthenticate users SQLConnectInfo PROFTPD@dburl user pass SQLUserInfo USERS USER PASS UID GID DIR NULL SQLUserWhereClause "SFTP=1" SQLAuthTypes Crypt SQLMinID 1999 SQLDefaultGID 2000 SQLLog PASS updatecount SQLNamedQuery updatecount UPDATE "COUNT=COUNT+1,LAST=now() WHERE USER='%u'" USERS CreateHome on WtmpLog off <IfModule mod_unique_id.c> LogFormat logformat "%{%Y-%m-%d %H:%M:%S}t.%{millisecs} %{UNIQUE_ID}e %a %{remote-port} %u \"%r\" %s %S %bbytes %Tsec %{transfer-status} %{transfer-type} %{protocol}" ExtendedLog /var/log/proftpd/sftp-extended.log AUTH,INFO,DIRS,READ,WRITE,MISC,SEC,EXIT logformat </IfModule> <IfModule mod_sftp.c> Port 22 SFTPEngine on SFTPHostKey /opt/proftpd-sftp/etc/sftp.azets.com.rsa.key SFTPHostKey /opt/proftpd-sftp/etc/sftp.azets.com.ecdsa.key SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys SFTPOptions IgnoreSFTPUploadPerms IgnoreSFTPSetOwners IgnoreSFTPSetPerms IgnoreSFTPSetTimes </IfModule> <Limit SITE_CHMOD> DenyAll </Limit> #PROD session logs with debug level 10 proftpd 172.18.128.117 [172.18.128.117]<https://urldefense.com/v3/__http://172.18.128.117__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbc_megAu4$>: ROOT PRIVS at main.c:1327 proftpd 172.18.128.117 [172.18.128.117]<https://urldefense.com/v3/__http://172.18.128.117__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbc_megAu4$>: RELINQUISH PRIVS at main.c:1331 proftpd 172.18.128.117 [172.18.128.117]<https://urldefense.com/v3/__http://172.18.128.117__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbc_megAu4$>: no matching vhost found for 172.18.128.117#22, using 'Azets File Transfer Server' listening on wildcard address proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at main.c:1136 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SETUP PRIVS at main.c:1141 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): session requested from client in unknown class proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): performing module session initializations proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_unique_id/0.2: generating unique session ID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_unique_id/0.2: unique session ID is 'aFm4zqwSgHVaX+nEABOGqwi7' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at keys.c:3644 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at keys.c:3651 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at keys.c:1026 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at keys.c:1033 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at keys.c:1026 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at keys.c:1033 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at keys.c:3644 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at keys.c:3651 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_sql/4.5: defaulting to 'mysql' backend proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mod_delay.c:2111 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mod_delay.c:2114 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_log: opening ExtendedLog '/var/log/proftpd/sftp-extended.log' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mod_log.c:1284 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mod_log.c:1287 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mod_auth.c:215 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): opening scoreboard '/opt/proftpd-sftp/var/proftpd.scoreboard' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mod_auth.c:217 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AuthOrder in effect, resetting auth module order proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): connected - local : 172.18.128.117:22 [172.18.128.117]<https://urldefense.com/v3/__http://172.18.128.117:22__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbcQl-o9Vs$> proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): connected - remote : 90.95.233.196:40873 [90.95.233.196]<https://urldefense.com/v3/__http://90.95.233.196:40873__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbceoM-eds$> proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SSH2 session opened. proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'KEXINIT' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'KEXINIT' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'ECDH_INIT' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'ECDH_INIT' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'NEWKEYS' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'NEWKEYS' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'SERVICE_REQUEST' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'SERVICE_REQUEST' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'USER user1' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'USER user1' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'USER user1' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'USER user1' to mod_auth proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'USER user1' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'USER user1' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USER user1' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USER user1' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USER user1' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth precatel be removed in a future version. proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 for user 'user1' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 for user 'user1' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:1774 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:1777 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER PRIVS 2003 at auth.c:403 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:405 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mkhome.c:326 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mkhome.c:371 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Config for Azets File Transfer Server: proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Limit proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DenyAll proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayConnect proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayQuit proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayLogin proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ServerIdent proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClients proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClientsPerHost proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClientsPerUser proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxLoginAttempts proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutLogin proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutIdle proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutNoTransfer proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutStalled proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DefaultServer proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Umask proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DirUmask proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UserID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UserName proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): GroupID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): GroupName proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DefaultRoot proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AllowOverwrite proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AuthOrder proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLAuthenticate proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLConnectInfo proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUserTable proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUsernameField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLPasswordField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUidField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLGidField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLHomedirField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUserWhereClause proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLAuthTypes proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLMinID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLDefaultGID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLLog_PASS proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLNamedQuery_updatecount proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): CreateHome proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): WtmpLog proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): LogFormat proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ExtendedLog proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Port proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPEngine proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPHostKey proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPHostKey proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPAuthorizedUserKeys proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPOptions proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:472 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): opening TransferLog '/var/log/xferlog' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:513 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER PRIVS 2003 at auth.c:166 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 for user 'user1' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:171 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): set TZ environment variable to 'UTC' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Preparing to chroot to directory '/FTP/user1' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:1912 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:1915 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Environment successfully chroot()ed proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:547 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SETUP PRIVS at auth.c:548 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:574 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS at auth.c:575 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): changed directory to '/' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): in dir_check_full(): path = '/', fullpath = '/FTP/user1/' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): in dir_check_full(): setting umask to 0077 (was 0066) proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER user1: Login successful proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): user 'user1' authenticated by mod_sql.c proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_sftp proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_ls proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_auth proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mod_auth.c:2175 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UseReverseDNS off, returning IP address instead of DNS name proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mod_auth.c:727 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS: ID switching disabled proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS at mod_auth.c:728 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS: unable to seteuid(): Operation not permitted proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RootRevoke in effect, dropped root privs proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_rlimit proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_xfer proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'PASS (hidden)' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'PASS (hidden)' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'PASS (hidden)' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'PASS (hidden)' to mod_auth proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER user1: Login successful. proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'USERAUTH_REQUEST user1 password' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USERAUTH_REQUEST user1 password' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USERAUTH_REQUEST user1 password' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'CHANNEL_OPEN session' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'CHANNEL_OPEN session' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'CHANNEL_REQUEST subsystem' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'CHANNEL_REQUEST subsystem' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_sftp/1.1.1: scrubbing 2 passphrases from memory proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SSH2 session closed. Best regards, Cosmin Neagu Network Architect Phone +40.744.625.033 _______________________________________________ ProFTPD Users List <pro...@pr...<mailto:pro...@pr...>> Unsubscribe problems? http://www.proftpd.org/list-unsub.html [proftpd.org]<https://urldefense.com/v3/__http://www.proftpd.org/list-unsub.html__;!!KFYUDeg!kkrWP_ub1fTArad2euI0WfNqb7mTV2IzsgkN8xB_ZdFVT-HzOnrJc9uI_RSLwoaIrAHJqXbcgtDqle8$> |
From: Rob C. <rc...@gm...> - 2025-06-24 12:49:46
|
Hi Cosmin, This looks very familiar, what is happening here is that the version of the protocol used by the client and the server do not match. This happens quite often when the client is slightly older. What happens is that the client or the server but typically it is the client that does this has not fully or correctly implemented the protocol version it claims to support. As a result the one of the two sides will send a something over to the other side that is unexpected and you end up with a disconnect because it has no idea what to do with this. This part of the documentation: http://www.proftpd.org/docs/contrib/mod_sftp.html and specifically this part: *SFTPClientMatch* will help you do this. Using sftpProtocolVersion to force a older version (typically 3 will work for nearly any client I have encountered) other things that you might want to mess with are: *channelWindowSize* and *channelPacketSize* you will have to experiment with this a bit or try and find someone else that figured this out for you by lookig for the client identifier and one of these key words. Another option is change the client ot something that is better able to handle the protocol version it claims to be using. If you have a sftp server with many different clients connecting and especially clients that you have no control over be ready to add more of these mentods to force those clients to use an older version than the advertise especially in the business world there are quite a few older clients around or clients that are very recent but have not implemented the protocol correctly. I hope that helps, best regards, Rob Coops On Tue, Jun 24, 2025 at 2:24 PM Cosmin Neagu via Proftp-user < pro...@li...> wrote: > Hi Guys, > I have this peculiar error, which I'm having a hard time to troubleshoot > it. > > I have proftpd version 1.3.8b installed on 2 production servers, and a > client using TurboFTP client, complains about getting this error, after > succesfull authentication: > *unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77)* > > Getting this issue on both production server, even though I setup a test > instance, same version, copy paste the config, and there I cannot replicate > the issue, it works. > Other SFTP clients (filezila, winscp etc) do not have this error. > > Would appreciate if someone can point me in the right direction to > troubleshoot this. > > > > Below the error, and debugs, and config > > #TurboFTP logs > TurboFTP 64-bit Version 7.10 Build 1573 - WinSock 2.0 > Unregistered evaluation copy. The evaluation period will expire in 29 > days. > STATUS:> Connecting to A.B.C.D Port 22 (try #1) ... > Server version: SSH-2.0-Azets FTP > COMMAND:> Sent client version string 'SSH-2.0-TurboFTP_SSHM_2.680' > STATUS:> Crypto negotiation done, Server to client cipher:aes128-ctr, > mac:hmac-sha2-256, compression:none. > STATUS:> Crypto negotiation done, Client to server cipher:aes128-ctr, > mac:hmac-sha2-256, compression:none. > STATUS:> Key exchange done with ecdh-sha2-nistp256 and host key algo: > rsa-sha2-256 > STATUS:> Authenticating with method 'password' > STATUS:> Login successful. > ERROR:> unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error > #77) > STATUS:> Wait 10 seconds and try again... > > > #Proftpd config: > ubuntu@FTP-PROD3:/opt/proftpd-sftp/etc$ cat proftpd.conf > DisplayConnect /opt/proftpd-sftp/etc/DisplayConnect > DisplayQuit /opt/proftpd-sftp/etc/DisplayQuit > DisplayLogin /opt/proftpd-sftp/etc/DisplayLogin > ServerIdent on "Azets FTP" > ServerName "Azets File Transfer Server" > UseReverseDNS off > MaxInstances 1000 > MaxClients 999 "Max Clients reached!" > MaxClientsPerHost 50 "Max Clients per Host reached!" > MaxClientsPerUser 50 "Max Client per User reached!" > MaxLoginAttempts 3 > TimeoutLogin 120 > TimeoutIdle 300 > TimeoutNoTransfer 300 > TimeoutStalled 300 > ServerType standalone > DefaultServer on > UseIPv6 off > Umask 066 077 > User nobody > Group nogroup > DefaultRoot ~ > AllowOverwrite on > AuthOrder mod_sql.c > SQLAuthenticate users > SQLConnectInfo PROFTPD@dburl user pass > SQLUserInfo USERS USER PASS UID GID DIR NULL > SQLUserWhereClause "SFTP=1" > SQLAuthTypes Crypt > SQLMinID 1999 > SQLDefaultGID 2000 > SQLLog PASS updatecount > SQLNamedQuery updatecount UPDATE "COUNT=COUNT+1,LAST=now() WHERE > USER='%u'" USERS > CreateHome on > WtmpLog off > <IfModule mod_unique_id.c> > LogFormat logformat "%{%Y-%m-%d %H:%M:%S}t.%{millisecs} %{UNIQUE_ID}e %a > %{remote-port} %u \"%r\" %s %S %bbytes %Tsec %{transfer-status} > %{transfer-type} %{protocol}" > ExtendedLog /var/log/proftpd/sftp-extended.log > AUTH,INFO,DIRS,READ,WRITE,MISC,SEC,EXIT logformat > </IfModule> > <IfModule mod_sftp.c> > Port 22 > SFTPEngine on > SFTPHostKey /opt/proftpd-sftp/etc/sftp.azets.com.rsa.key > SFTPHostKey /opt/proftpd-sftp/etc/sftp.azets.com.ecdsa.key > SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys > SFTPOptions IgnoreSFTPUploadPerms IgnoreSFTPSetOwners IgnoreSFTPSetPerms > IgnoreSFTPSetTimes > </IfModule> > <Limit SITE_CHMOD> > DenyAll > </Limit> > > > > > #PROD session logs with debug level 10 > > proftpd 172.18.128.117: ROOT PRIVS at main.c:1327 > proftpd 172.18.128.117: RELINQUISH PRIVS at main.c:1331 > proftpd 172.18.128.117: no matching vhost found for 172.18.128.117#22, > using 'Azets File Transfer Server' listening on wildcard address > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > main.c:1136 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SETUP PRIVS at > main.c:1141 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): session requested > from client in unknown class > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): performing module > session initializations > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_unique_id/0.2: > generating unique session ID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_unique_id/0.2: > unique session ID is 'aFm4zqwSgHVaX+nEABOGqwi7' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > keys.c:3644 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > keys.c:3651 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > keys.c:1026 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > keys.c:1033 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > keys.c:1026 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > keys.c:1033 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > keys.c:3644 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > keys.c:3651 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_sql/4.5: > defaulting to 'mysql' backend > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mod_delay.c:2111 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mod_delay.c:2114 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_log: opening > ExtendedLog '/var/log/proftpd/sftp-extended.log' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mod_log.c:1284 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mod_log.c:1287 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mod_auth.c:215 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): opening scoreboard > '/opt/proftpd-sftp/var/proftpd.scoreboard' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mod_auth.c:217 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AuthOrder in > effect, resetting auth module order > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): connected - local > : 172.18.128.117:22 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): connected - remote > : 90.95.233.196:40873 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SSH2 session opened. > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'KEXINIT' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'KEXINIT' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'ECDH_INIT' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'ECDH_INIT' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'NEWKEYS' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'NEWKEYS' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'SERVICE_REQUEST' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'SERVICE_REQUEST' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'USER user1' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'USER user1' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'USER user1' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'USER user1' to mod_auth > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'USER user1' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'USER user1' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USER user1' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USER user1' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USER user1' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD > command 'PASS (hidden)' to mod_auth > precatel be removed in a future version. > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 > for user 'user1' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 > for user 'user1' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:1774 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:1777 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER PRIVS 2003 at > auth.c:403 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:405 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mkhome.c:326 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mkhome.c:371 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Config for Azets > File Transfer Server: > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Limit > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DenyAll > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayConnect > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayQuit > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayLogin > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ServerIdent > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClients > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClientsPerHost > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClientsPerUser > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxLoginAttempts > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutLogin > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutIdle > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutNoTransfer > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutStalled > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DefaultServer > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Umask > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DirUmask > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UserID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UserName > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): GroupID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): GroupName > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DefaultRoot > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AllowOverwrite > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AuthOrder > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLAuthenticate > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLConnectInfo > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUserTable > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUsernameField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLPasswordField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUidField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLGidField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLHomedirField > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUserWhereClause > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLAuthTypes > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLMinID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLDefaultGID > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLLog_PASS > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): > SQLNamedQuery_updatecount > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): CreateHome > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): WtmpLog > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): LogFormat > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ExtendedLog > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Port > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPEngine > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPHostKey > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPHostKey > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): > SFTPAuthorizedUserKeys > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPOptions > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:472 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): opening TransferLog > '/var/log/xferlog' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:513 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER PRIVS 2003 at > auth.c:166 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 > for user 'user1' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:171 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): set TZ environment > variable to 'UTC' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Preparing to chroot > to directory '/FTP/user1' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:1912 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > auth.c:1915 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Environment > successfully chroot()ed > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:547 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SETUP PRIVS at > auth.c:548 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > auth.c:574 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS at > auth.c:575 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): changed directory > to '/' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): in > dir_check_full(): path = '/', fullpath = '/FTP/user1/' > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): in > dir_check_full(): setting umask to 0077 (was 0066) > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER user1: Login > successful > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): user 'user1' > authenticated by mod_sql.c > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_sftp > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_ls > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_auth > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at > mod_auth.c:2175 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UseReverseDNS off, > returning IP address instead of DNS name > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at > mod_auth.c:727 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS: ID > switching disabled > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS at > mod_auth.c:728 > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS: > unable to seteuid(): Operation not permitted > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RootRevoke in > effect, dropped root privs > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_rlimit > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_xfer > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'PASS (hidden)' to mod_core > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'PASS (hidden)' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'PASS (hidden)' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'PASS (hidden)' to mod_delay > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'PASS (hidden)' to mod_auth > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER user1: Login > successful. > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching > POST_CMD command 'USERAUTH_REQUEST user1 password' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USERAUTH_REQUEST user1 password' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'USERAUTH_REQUEST user1 password' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'CHANNEL_OPEN session' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'CHANNEL_OPEN session' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'CHANNEL_REQUEST subsystem' to mod_sql > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD > command 'CHANNEL_REQUEST subsystem' to mod_log > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_sftp/1.1.1: > scrubbing 2 passphrases from memory > proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SSH2 session closed. > > > Best regards, > > *Cosmin Neagu* > > Network Architect > > Phone +40.744.625.033 > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html > |
From: Cosmin N. <cos...@az...> - 2025-06-24 12:22:28
|
Hi Guys, I have this peculiar error, which I'm having a hard time to troubleshoot it. I have proftpd version 1.3.8b installed on 2 production servers, and a client using TurboFTP client, complains about getting this error, after succesfull authentication: unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77) Getting this issue on both production server, even though I setup a test instance, same version, copy paste the config, and there I cannot replicate the issue, it works. Other SFTP clients (filezila, winscp etc) do not have this error. Would appreciate if someone can point me in the right direction to troubleshoot this. Below the error, and debugs, and config #TurboFTP logs TurboFTP 64-bit Version 7.10 Build 1573 - WinSock 2.0 Unregistered evaluation copy. The evaluation period will expire in 29 days. STATUS:> Connecting to A.B.C.D Port 22 (try #1) ... Server version: SSH-2.0-Azets FTP COMMAND:> Sent client version string 'SSH-2.0-TurboFTP_SSHM_2.680' STATUS:> Crypto negotiation done, Server to client cipher:aes128-ctr, mac:hmac-sha2-256, compression:none. STATUS:> Crypto negotiation done, Client to server cipher:aes128-ctr, mac:hmac-sha2-256, compression:none. STATUS:> Key exchange done with ecdh-sha2-nistp256 and host key algo: rsa-sha2-256 STATUS:> Authenticating with method 'password' STATUS:> Login successful. ERROR:> unexp. packet type 95 in respond to SSH_MSG_CHANNEL_REQUEST (error #77) STATUS:> Wait 10 seconds and try again... #Proftpd config: ubuntu@FTP-PROD3:/opt/proftpd-sftp/etc$ cat proftpd.conf DisplayConnect /opt/proftpd-sftp/etc/DisplayConnect DisplayQuit /opt/proftpd-sftp/etc/DisplayQuit DisplayLogin /opt/proftpd-sftp/etc/DisplayLogin ServerIdent on "Azets FTP" ServerName "Azets File Transfer Server" UseReverseDNS off MaxInstances 1000 MaxClients 999 "Max Clients reached!" MaxClientsPerHost 50 "Max Clients per Host reached!" MaxClientsPerUser 50 "Max Client per User reached!" MaxLoginAttempts 3 TimeoutLogin 120 TimeoutIdle 300 TimeoutNoTransfer 300 TimeoutStalled 300 ServerType standalone DefaultServer on UseIPv6 off Umask 066 077 User nobody Group nogroup DefaultRoot ~ AllowOverwrite on AuthOrder mod_sql.c SQLAuthenticate users SQLConnectInfo PROFTPD@dburl user pass SQLUserInfo USERS USER PASS UID GID DIR NULL SQLUserWhereClause "SFTP=1" SQLAuthTypes Crypt SQLMinID 1999 SQLDefaultGID 2000 SQLLog PASS updatecount SQLNamedQuery updatecount UPDATE "COUNT=COUNT+1,LAST=now() WHERE USER='%u'" USERS CreateHome on WtmpLog off <IfModule mod_unique_id.c> LogFormat logformat "%{%Y-%m-%d %H:%M:%S}t.%{millisecs} %{UNIQUE_ID}e %a %{remote-port} %u \"%r\" %s %S %bbytes %Tsec %{transfer-status} %{transfer-type} %{protocol}" ExtendedLog /var/log/proftpd/sftp-extended.log AUTH,INFO,DIRS,READ,WRITE,MISC,SEC,EXIT logformat </IfModule> <IfModule mod_sftp.c> Port 22 SFTPEngine on SFTPHostKey /opt/proftpd-sftp/etc/sftp.azets.com.rsa.key SFTPHostKey /opt/proftpd-sftp/etc/sftp.azets.com.ecdsa.key SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys SFTPOptions IgnoreSFTPUploadPerms IgnoreSFTPSetOwners IgnoreSFTPSetPerms IgnoreSFTPSetTimes </IfModule> <Limit SITE_CHMOD> DenyAll </Limit> #PROD session logs with debug level 10 proftpd 172.18.128.117: ROOT PRIVS at main.c:1327 proftpd 172.18.128.117: RELINQUISH PRIVS at main.c:1331 proftpd 172.18.128.117: no matching vhost found for 172.18.128.117#22, using 'Azets File Transfer Server' listening on wildcard address proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at main.c:1136 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SETUP PRIVS at main.c:1141 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): session requested from client in unknown class proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): performing module session initializations proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_unique_id/0.2: generating unique session ID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_unique_id/0.2: unique session ID is 'aFm4zqwSgHVaX+nEABOGqwi7' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at keys.c:3644 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at keys.c:3651 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at keys.c:1026 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at keys.c:1033 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at keys.c:1026 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at keys.c:1033 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at keys.c:3644 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at keys.c:3651 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_sql/4.5: defaulting to 'mysql' backend proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mod_delay.c:2111 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mod_delay.c:2114 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_log: opening ExtendedLog '/var/log/proftpd/sftp-extended.log' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mod_log.c:1284 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mod_log.c:1287 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mod_auth.c:215 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): opening scoreboard '/opt/proftpd-sftp/var/proftpd.scoreboard' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mod_auth.c:217 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AuthOrder in effect, resetting auth module order proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): connected - local : 172.18.128.117:22 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): connected - remote : 90.95.233.196:40873 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SSH2 session opened. proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'KEXINIT' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'KEXINIT' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'ECDH_INIT' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'ECDH_INIT' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'NEWKEYS' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'NEWKEYS' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'SERVICE_REQUEST' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'SERVICE_REQUEST' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'USER user1' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'USER user1' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'USER user1' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'USER user1' to mod_auth proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'USER user1' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'USER user1' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USER user1' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USER user1' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USER user1' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth precatel be removed in a future version. proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 for user 'user1' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 for user 'user1' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:1774 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:1777 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER PRIVS 2003 at auth.c:403 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:405 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mkhome.c:326 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mkhome.c:371 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Config for Azets File Transfer Server: proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Limit proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DenyAll proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayConnect proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayQuit proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DisplayLogin proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ServerIdent proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClients proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClientsPerHost proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxClientsPerUser proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): MaxLoginAttempts proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutLogin proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutIdle proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutNoTransfer proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): TimeoutStalled proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DefaultServer proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Umask proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DirUmask proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UserID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UserName proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): GroupID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): GroupName proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): DefaultRoot proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AllowOverwrite proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): AuthOrder proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLAuthenticate proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLConnectInfo proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUserTable proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUsernameField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLPasswordField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUidField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLGidField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLHomedirField proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLUserWhereClause proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLAuthTypes proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLMinID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLDefaultGID proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLLog_PASS proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SQLNamedQuery_updatecount proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): CreateHome proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): WtmpLog proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): LogFormat proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ExtendedLog proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Port proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPEngine proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPHostKey proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPHostKey proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPAuthorizedUserKeys proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SFTPOptions proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:472 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): opening TransferLog '/var/log/xferlog' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:513 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER PRIVS 2003 at auth.c:166 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): retrieved UID 2003 for user 'user1' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:171 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): set TZ environment variable to 'UTC' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Preparing to chroot to directory '/FTP/user1' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:1912 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at auth.c:1915 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): Environment successfully chroot()ed proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:547 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SETUP PRIVS at auth.c:548 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at auth.c:574 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS at auth.c:575 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): changed directory to '/' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): in dir_check_full(): path = '/', fullpath = '/FTP/user1/' proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): in dir_check_full(): setting umask to 0077 (was 0066) proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER user1: Login successful proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): user 'user1' authenticated by mod_sql.c proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_sftp proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_ls proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_auth proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RELINQUISH PRIVS at mod_auth.c:2175 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): UseReverseDNS off, returning IP address instead of DNS name proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS at mod_auth.c:727 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): ROOT PRIVS: ID switching disabled proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS at mod_auth.c:728 proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): REVOKE PRIVS: unable to seteuid(): Operation not permitted proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): RootRevoke in effect, dropped root privs proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_rlimit proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_xfer proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'PASS (hidden)' to mod_core proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'PASS (hidden)' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'PASS (hidden)' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'PASS (hidden)' to mod_delay proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'PASS (hidden)' to mod_auth proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): USER user1: Login successful. proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching POST_CMD command 'USERAUTH_REQUEST user1 password' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USERAUTH_REQUEST user1 password' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'USERAUTH_REQUEST user1 password' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'CHANNEL_OPEN session' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'CHANNEL_OPEN session' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'CHANNEL_REQUEST subsystem' to mod_sql proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): dispatching LOG_CMD command 'CHANNEL_REQUEST subsystem' to mod_log proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): mod_sftp/1.1.1: scrubbing 2 passphrases from memory proftpd 172.18.128.117 (90.95.233.196[90.95.233.196]): SSH2 session closed. Best regards, Cosmin Neagu Network Architect Phone +40.744.625.033 |
From: HASENOHR P. <Pau...@ec...> - 2025-03-04 14:33:23
|
Hello, Sorry for coming back to you only now as I have been away for a few days and thank you for enquiring about "my" use case. The use case is the following one: - we have various FTP backend servers for various user typologies and only one FTP reverse proxy open to internet - due to confidentiality requirements, some users are allowed to access a specific backend FTP service only from specific IP ranges. Let's say there are three backend FTP services A, B and C: - Service A is accessible by anonymous user from any IP range. - Service B is accessible by any user whose name starts with SPECIAL_ and who connects from a specific IP range - Service C is accessible by any user who is not anonymous and whose name does not start with SPECIAL_ from any IP range The authentication is always done by the backend server. The reverse proxy does not have access to the IAM service. Relying on the connecting IP and the information provided as USER during the ftp login to dispatch the request to the correct backend server would be enough in that use case. >From http://proftpd.org/docs/RELEASE_NOTES-1.3.9rc1 I understood that the purpose of "IfSessionOptions PerUnauthenticatedUser" was to have the "IfUser" directive relying on the string provided as "USER" during login (%U in mod_rewirte variable substitution documentation) instead of relying on the authenticated user (%u in mod_rewrite doc). Did I misunderstand the purpose of that option? Thank you for your support. Cheers, Paul -----Original Message----- From: TJ Saunders <tj...@ca...> Sent: Friday, February 21, 2025 10:57 PM To: HASENOHR Paul (JRC-ISPRA) <Pau...@ec...>; ProFTPD Users <pro...@li...> Subject: Re: [Proftpd-user] ProxyPassReverseServers option combined with IfClass directive > I just tested this patch on 1.3.8c and it worked perfectly. Thanks a > lot, it is really great! Excellent. I've merged that PR now for mod_proxy. > I would have an additional question: While doing some tests, I also > tried to use IfUser combined with "IfSessionOptions > PerUnauthenticatedUser" on 1.3.9rc3 but it seems that IfSessionOptions > does not have any effect. Is it working only with SFTP? I think it might be tricky, because of what authentication means when going through a reverse proxy. Normally, the actual authenticating of frontend client's credentials are done by the selected backend server, not by the proxy itself. This, in turn, means that the proxy doesn't really have a notion of the user, authenticated or not. mod_proxy does have a UseReverseProxyAuth ProxyOption, but I'm not sure that that is what you want, either -- as it means that any/all user credentials would need to be the same on the proxy host as on all of the backend hosts. > Ideally, if possible, I would have liked to take advantage of the > "IfSessionOptions PerUnauthenticatedUser" functionality to do > something like that: Can you explain more of the desired use case/functionality leading to such a configuration? Cheers, TJ |
From: TJ S. <tj...@ca...> - 2025-02-21 22:42:30
|
> I just tested this patch on 1.3.8c and it worked perfectly. Thanks a > lot, it is really great! Excellent. I've merged that PR now for mod_proxy. > I would have an additional question: While doing some tests, I also > tried to use IfUser combined with "IfSessionOptions > PerUnauthenticatedUser" on 1.3.9rc3 but it seems that IfSessionOptions > does not have any effect. Is it working only with SFTP? I think it might be tricky, because of what authentication means when going through a reverse proxy. Normally, the actual authenticating of frontend client's credentials are done by the selected backend server, not by the proxy itself. This, in turn, means that the proxy doesn't really have a notion of the user, authenticated or not. mod_proxy does have a UseReverseProxyAuth ProxyOption, but I'm not sure that that is what you want, either -- as it means that any/all user credentials would need to be the same on the proxy host as on all of the backend hosts. > Ideally, if possible, I would have liked to take advantage of the > "IfSessionOptions PerUnauthenticatedUser" functionality to do something > like that: Can you explain more of the desired use case/functionality leading to such a configuration? Cheers, TJ |
From: HASENOHR P. <Pau...@ec...> - 2025-02-21 15:41:10
|
Hello, I just tested this patch on 1.3.8c and it worked perfectly. Thanks a lot, it is really great! I would have an additional question: While doing some tests, I also tried to use IfUser combined with "IfSessionOptions PerUnauthenticatedUser" on 1.3.9rc3 but it seems that IfSessionOptions does not have any effect. Is it working only with SFTP? Ideally, if possible, I would have liked to take advantage of the "IfSessionOptions PerUnauthenticatedUser" functionality to do something like that: IfSessionOptions PerUnauthenticatedUser <IfClass welcome_net1> <IfUser regex USER_A.*> ProxyReverseServers ftp://server1.xxxx.yyy.it </IfUser> ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json ProxyReverseServers ftp://server2. xxxx.yyy.it </IfClass> <IfClass !welcome_net1> ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json ProxyReverseServers ftp://server2. xxxx.yyy.it </IfClass> Should it even work? Thank you for your support. Best regards, Paul -----Original Message----- From: TJ Saunders <tj...@ca...> Sent: Thursday, February 20, 2025 10:34 PM To: HASENOHR Paul (JRC-ISPRA) <Pau...@ec...>; ProFTPD Users <pro...@li...> Subject: Re: [Proftpd-user] ProxyPassReverseServers option combined with IfClass directive > Thank you for your suggestions. Unfortunately, it does not solve the > issue as only the last occurrence of ProxyReverseServers within an > IfClass section seems to be processed. I've reproduced this issue locally, and identified the cause and necessary fix; see: https://urldefense.com/v3/__https://github.com/Castaglia/proftpd-mod_proxy/pull/287__;!!DOxrgLBm!FQmEWzRxFJggVD1IY2vnuH8h29VuSzTjH0ezVKmr4m5kwUwS7VOVK_s-yssxLjinkiI9G9X3iQ3UskJkMFE$ The mod_proxy module needs to set flags on the directives that it expects to see multiple times; these flags are used by mod_ifsession, when it does its merging, to know whether to expect multiple occurrences of a directive, or not. Without these flags, mod_ifsession thinks that the ProxyReverseServers directive should only appear once, and removes the other occurrences from the in-memory config database (and thus it doesn't matter the ordering of the directives). The above PR has worked for my local tests; would you care to try it out for your needs, verify that it works as you expect? Cheers, TJ |
From: TJ S. <tj...@ca...> - 2025-02-20 21:34:52
|
> Thank you for your suggestions. Unfortunately, it does not solve the > issue as only the last occurrence of ProxyReverseServers within an > IfClass section seems to be processed. I've reproduced this issue locally, and identified the cause and necessary fix; see: https://github.com/Castaglia/proftpd-mod_proxy/pull/287 The mod_proxy module needs to set flags on the directives that it expects to see multiple times; these flags are used by mod_ifsession, when it does its merging, to know whether to expect multiple occurrences of a directive, or not. Without these flags, mod_ifsession thinks that the ProxyReverseServers directive should only appear once, and removes the other occurrences from the in-memory config database (and thus it doesn't matter the ordering of the directives). The above PR has worked for my local tests; would you care to try it out for your needs, verify that it works as you expect? Cheers, TJ |
From: HASENOHR P. <Pau...@ec...> - 2025-02-19 13:27:38
|
Hello, Thank you for your suggestions. Unfortunately, it does not solve the issue as only the last occurrence of ProxyReverseServers within an IfClass section seems to be processed. With this configuration: <IfClass welcome_net1> ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json ProxyReverseServers ftp://ftpa.ddddd.ooo.it </IfClass> <IfClass !welcome_net1> ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json ProxyReverseServers ftp://ftps.xxxx.yyy.it </IfClass> Anonymous cannot connect as ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json is ignored. +++++++ With this configuration: <IfClass welcome_net1> ProxyReverseServers ftp://ftpa.ddddd.ooo.it ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json </IfClass> <IfClass !welcome_net1> ProxyReverseServers ftp://ftps.xxxx.yyy.it ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json </IfClass> Anonymous user can connect but no other user as ProxyReverseServers ftp://ftpa.ddddd.ooo.it and ProxyReverseServers ftp://ftps.xxxx.yyy.it are not used and Proftpd cannot find a file /usr/local/proftpd/var/ftp/proxy/backends/PIPPO.json (in case the user connecting would be PIPPO). In that case, here are the mod_proxy logs: mod_proxy/0.9.4[862401]: unable to check ProxyReverseServers '/usr/local/proftpd/var/ftp/proxy/backends/PIPPO.json': No such file or directory 2025-02-19 14:03:54,744 mod_proxy/0.9.4[862401]: error reading ProxyReverseServers file '/usr/local/proftpd/var/ftp/proxy/backends/PIPPO.json': No such file or directory mod_proxy/0.9.4[862401]: no PerUser servers found for user 'PIPPO', and no global ProxyReverseServers configured mod_proxy/0.9.4[862401]: error preparing database for ProxyReverseConnectPolicy PerUser for user 'PIPPO': No such file or directory mod_proxy/0.9.4[862401]: error selecting backend server: Operation not permitted +++++++ In case it matters, proftpd was compiled with if_session as last module as written in http://www.proftpd.org/docs/contrib/mod_ifsession.html: ./configure --prefix=/usr/local/proftpd --enable-openssl --enable-ctrls --disable-auth-pam --with-modules= mod_ban:mod_tls:mod_load:mod_proxy:mod_shaper:mod_ifsession Thank you for your help. Best regards, Paul -----Original Message----- From: TJ Saunders <tj...@ca...> Sent: Tuesday, February 18, 2025 7:56 PM To: ProFTPD Users <pro...@li...> Cc: HASENOHR Paul (JRC-ISPRA) <Pau...@ec...> Subject: Re: [Proftpd-user] ProxyPassReverseServers option combined with IfClass directive > I have set up a reverse proxy several years ago with the following > configuration: > > ProxyReverseServers > file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json > ProxyReverseServers > https://urldefense.com/v3/__ftp://ftps.xxxx.yyy.it__;!!DOxrgLBm!A4c3KE > M7pmgPUmw0Y836iMg7S7svSreLyWD4pK8h8_t2cw7AcNABti6hgyMbqCJRbT-SsFbbcSG2 > vpyD9_c$ > > Where /usr/local/proftpd/var/ftp/proxy/backends contains only one file > anonymous.json > > This configuration allows me to forward anonymous connections to a > specific backend server while all others are redirected to > https://urldefense.com/v3/__ftp://ftps.xxxx.yyy.it__;!!DOxrgLBm!A4c3KE > M7pmgPUmw0Y836iMg7S7svSreLyWD4pK8h8_t2cw7AcNABti6hgyMbqCJRbT-SsFbbcSG2 > vpyD9_c$ > > This has been working perfectly for years. Excellent! I'm always gratified to hear about successful use cases for the mod_proxy module. > Now, I would need to segregate the backend servers based on the > connecting IP address. Anonymous connections should still be > redirected to a specific backend while all others should be redirected > to two different backend servers depending on the connecting IP address. > > I tried the following configuration and several variations but without > any success: > > <Class netA> > From 192.168.0.0/16 > </Class netA> > ProxyReverseServers > file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json > <IfClass netA> > ProxyReverseServers > https://urldefense.com/v3/__ftp://ftpa.ddddd.ooo.it__;!!DOxrgLBm!A4c3K > EM7pmgPUmw0Y836iMg7S7svSreLyWD4pK8h8_t2cw7AcNABti6hgyMbqCJRbT-SsFbbcSG > 2V83F6UE$ > </IfClass> > <IfClass !netA> > ProxyReverseServers > https://urldefense.com/v3/__ftp://ftps.xxxx.yyy.it__;!!DOxrgLBm!A4c3KE > M7pmgPUmw0Y836iMg7S7svSreLyWD4pK8h8_t2cw7AcNABti6hgyMbqCJRbT-SsFbbcSG2 > vpyD9_c$ > </IfClass> > > In this example the setting _*ProxyReverseServers > file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json*_ is > systematically ignored and the connection is forwarded to > https://urldefense.com/v3/__ftp://ftpa.ddddd.ooo.it__;!!DOxrgLBm!A4c3K > EM7pmgPUmw0Y836iMg7S7svSreLyWD4pK8h8_t2cw7AcNABti6hgyMbqCJRbT-SsFbbcSG2V83F6UE$ or https://urldefense.com/v3/__ftp://ftps.xxxx.yyy.it__;!!DOxrgLBm!A4c3KEM7pmgPUmw0Y836iMg7S7svSreLyWD4pK8h8_t2cw7AcNABti6hgyMbqCJRbT-SsFbbcSG2vpyD9_c$ depending on the connecting IP address. Hmm. I wonder if this is somehow related to the order that these configuration records appear in the internal in-memory tree -- and thus the order in which they are retrieved and used. The mod_ifsession code, which merges in these conditional configuration sections, may be creating a different order of those configuration records. To verify this hypothesis, here is a possible different configurations you might try: you might add the %U.json using directive inside each of the <IfClass> sections: <Class netA> From 192.168.0.0/16 </Class netA> <IfClass netA> ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json ProxyReverseServers https://urldefense.com/v3/__ftp://ftpa.ddddd.ooo.it__;!!DOxrgLBm!A4c3KEM7pmgPUmw0Y836iMg7S7svSreLyWD4pK8h8_t2cw7AcNABti6hgyMbqCJRbT-SsFbbcSG2V83F6UE$ </IfClass> <IfClass !netA> ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json ProxyReverseServers https://urldefense.com/v3/__ftp://ftps.xxxx.yyy.it__;!!DOxrgLBm!A4c3KEM7pmgPUmw0Y836iMg7S7svSreLyWD4pK8h8_t2cw7AcNABti6hgyMbqCJRbT-SsFbbcSG2vpyD9_c$ </IfClass> The idea here being to see if this approach restores the ordering that your original config used. Yes, it is not as aesthetically pleasing due to the apparent duplication of records. Hope this helps, TJ |
From: TJ S. <tj...@ca...> - 2025-02-18 19:12:52
|
> I have set up a reverse proxy several years ago with the following > configuration: > > ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json > ProxyReverseServers ftp://ftps.xxxx.yyy.it > > Where /usr/local/proftpd/var/ftp/proxy/backends contains only one file > anonymous.json > > This configuration allows me to forward anonymous connections to a > specific backend server while all others are redirected to > ftp://ftps.xxxx.yyy.it > > This has been working perfectly for years. Excellent! I'm always gratified to hear about successful use cases for the mod_proxy module. > Now, I would need to segregate the backend servers based on the > connecting IP address. Anonymous connections should still be redirected > to a specific backend while all others should be redirected to two > different backend servers depending on the connecting IP address. > > I tried the following configuration and several variations but without > any success: > > <Class netA> > From 192.168.0.0/16 > </Class netA> > ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json > <IfClass netA> > ProxyReverseServers ftp://ftpa.ddddd.ooo.it > </IfClass> > <IfClass !netA> > ProxyReverseServers ftp://ftps.xxxx.yyy.it > </IfClass> > > In this example the setting _*ProxyReverseServers > file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json*_ is > systematically ignored and the connection is forwarded to > ftp://ftpa.ddddd.ooo.it or ftp://ftps.xxxx.yyy.it depending on the > connecting IP address. Hmm. I wonder if this is somehow related to the order that these configuration records appear in the internal in-memory tree -- and thus the order in which they are retrieved and used. The mod_ifsession code, which merges in these conditional configuration sections, may be creating a different order of those configuration records. To verify this hypothesis, here is a possible different configurations you might try: you might add the %U.json using directive inside each of the <IfClass> sections: <Class netA> From 192.168.0.0/16 </Class netA> <IfClass netA> ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json ProxyReverseServers ftp://ftpa.ddddd.ooo.it </IfClass> <IfClass !netA> ProxyReverseServers file:/usr/local/proftpd/var/ftp/proxy/backends/%U.json ProxyReverseServers ftp://ftps.xxxx.yyy.it </IfClass> The idea here being to see if this approach restores the ordering that your original config used. Yes, it is not as aesthetically pleasing due to the apparent duplication of records. Hope this helps, TJ |
From: Preuße, H. <hi...@we...> - 2025-02-17 20:42:28
|
On 17.02.2025 18:20, Ischia Massimo via Proftp-user wrote: Hello, > I checked the distribution, is actually "Red Hat enterprise linux > 7.6", not Debian, as supposed first. Would you be able to release an > RPM package for proFTPD that includes the fix ? > AFAIK RHEL 7.6 is out of support, so you should migrate anyway to RH8 or RH9. I'm the maintainer of the proftp package in Debian, so if you would use Debian, I could have done something for you. If your are not allowed to use non-official packages, please open a ticket at Redhat and ask for a backport of the fix. Hilmar |