You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(356) |
Nov
(380) |
Dec
(318) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(439) |
Feb
(396) |
Mar
(326) |
Apr
(364) |
May
(331) |
Jun
(300) |
Jul
(345) |
Aug
(367) |
Sep
(567) |
Oct
(690) |
Nov
(454) |
Dec
(328) |
2003 |
Jan
(507) |
Feb
(507) |
Mar
(556) |
Apr
(482) |
May
(529) |
Jun
(528) |
Jul
(534) |
Aug
(271) |
Sep
(333) |
Oct
(348) |
Nov
(340) |
Dec
(241) |
2004 |
Jan
(319) |
Feb
(331) |
Mar
(283) |
Apr
(259) |
May
(172) |
Jun
(212) |
Jul
(186) |
Aug
(264) |
Sep
(201) |
Oct
(138) |
Nov
(136) |
Dec
(107) |
2005 |
Jan
(130) |
Feb
(154) |
Mar
(116) |
Apr
(79) |
May
(123) |
Jun
(151) |
Jul
(65) |
Aug
(121) |
Sep
(113) |
Oct
(109) |
Nov
(134) |
Dec
(78) |
2006 |
Jan
(26) |
Feb
(83) |
Mar
(150) |
Apr
(83) |
May
(145) |
Jun
(80) |
Jul
(102) |
Aug
(99) |
Sep
(93) |
Oct
(26) |
Nov
(39) |
Dec
(46) |
2007 |
Jan
(78) |
Feb
(65) |
Mar
(77) |
Apr
(39) |
May
(63) |
Jun
(59) |
Jul
(53) |
Aug
(50) |
Sep
(93) |
Oct
(85) |
Nov
(35) |
Dec
(22) |
2008 |
Jan
(56) |
Feb
(26) |
Mar
(58) |
Apr
(45) |
May
(52) |
Jun
(52) |
Jul
(41) |
Aug
(34) |
Sep
(27) |
Oct
(75) |
Nov
(31) |
Dec
(69) |
2009 |
Jan
(54) |
Feb
(55) |
Mar
(57) |
Apr
(39) |
May
(40) |
Jun
(79) |
Jul
(49) |
Aug
(30) |
Sep
(46) |
Oct
(72) |
Nov
(89) |
Dec
(71) |
2010 |
Jan
(48) |
Feb
(73) |
Mar
(52) |
Apr
(28) |
May
(32) |
Jun
(48) |
Jul
(29) |
Aug
(38) |
Sep
(14) |
Oct
(32) |
Nov
(70) |
Dec
(46) |
2011 |
Jan
(33) |
Feb
(30) |
Mar
(79) |
Apr
(24) |
May
(29) |
Jun
(63) |
Jul
(22) |
Aug
(38) |
Sep
(27) |
Oct
(49) |
Nov
(41) |
Dec
(69) |
2012 |
Jan
(28) |
Feb
(21) |
Mar
(18) |
Apr
(50) |
May
(30) |
Jun
(16) |
Jul
(22) |
Aug
(15) |
Sep
(35) |
Oct
(37) |
Nov
(23) |
Dec
(19) |
2013 |
Jan
(40) |
Feb
(76) |
Mar
(18) |
Apr
(17) |
May
(27) |
Jun
(17) |
Jul
(67) |
Aug
(30) |
Sep
(27) |
Oct
(43) |
Nov
(13) |
Dec
(13) |
2014 |
Jan
(37) |
Feb
(36) |
Mar
(31) |
Apr
(3) |
May
(40) |
Jun
(20) |
Jul
(18) |
Aug
(23) |
Sep
(15) |
Oct
(28) |
Nov
(26) |
Dec
(20) |
2015 |
Jan
(10) |
Feb
(16) |
Mar
(8) |
Apr
(11) |
May
(6) |
Jun
(8) |
Jul
(6) |
Aug
(12) |
Sep
(4) |
Oct
(26) |
Nov
(13) |
Dec
(6) |
2016 |
Jan
(30) |
Feb
(19) |
Mar
(12) |
Apr
(15) |
May
(3) |
Jun
(20) |
Jul
|
Aug
(19) |
Sep
(17) |
Oct
(7) |
Nov
(15) |
Dec
(33) |
2017 |
Jan
(19) |
Feb
(18) |
Mar
(25) |
Apr
(25) |
May
(10) |
Jun
(2) |
Jul
(5) |
Aug
(9) |
Sep
|
Oct
(5) |
Nov
(18) |
Dec
(4) |
2018 |
Jan
(17) |
Feb
(14) |
Mar
(4) |
Apr
(8) |
May
(9) |
Jun
(9) |
Jul
(12) |
Aug
(26) |
Sep
(10) |
Oct
(2) |
Nov
(6) |
Dec
(2) |
2019 |
Jan
(4) |
Feb
(2) |
Mar
(4) |
Apr
(2) |
May
(16) |
Jun
(2) |
Jul
(5) |
Aug
(16) |
Sep
(13) |
Oct
(16) |
Nov
(7) |
Dec
(18) |
2020 |
Jan
(4) |
Feb
(6) |
Mar
(9) |
Apr
(21) |
May
(33) |
Jun
(15) |
Jul
(12) |
Aug
(2) |
Sep
(9) |
Oct
(2) |
Nov
(17) |
Dec
(9) |
2021 |
Jan
(16) |
Feb
(21) |
Mar
(8) |
Apr
(5) |
May
(4) |
Jun
(10) |
Jul
(13) |
Aug
(12) |
Sep
|
Oct
|
Nov
(5) |
Dec
(6) |
2022 |
Jan
(9) |
Feb
(3) |
Mar
(18) |
Apr
(7) |
May
(4) |
Jun
(5) |
Jul
(10) |
Aug
(4) |
Sep
(4) |
Oct
(2) |
Nov
(6) |
Dec
(8) |
2023 |
Jan
(3) |
Feb
(4) |
Mar
(24) |
Apr
(13) |
May
(1) |
Jun
|
Jul
(21) |
Aug
(1) |
Sep
(10) |
Oct
(5) |
Nov
|
Dec
(2) |
2024 |
Jan
(9) |
Feb
|
Mar
(1) |
Apr
|
May
(5) |
Jun
|
Jul
(1) |
Aug
(13) |
Sep
(4) |
Oct
|
Nov
|
Dec
|
From: Steven D. <Ste...@in...> - 2024-09-09 12:37:29
|
Hello TJ, Many thanks for your quick and sound reply ! If I read it correctly, the only option that I have is to recompile the current version. The only (official) available version for RHEL 8.10 (via EPEL) is version 1.3.6e-7, in which I don't think the issue that I described is fixed... https://pkgs.org/download/proftpd https://www.rpmfind.net/linux/rpm2html/search.php?query=proftpd&submit=Search+...&system=&arch= Luckily we have a test system where I could perform the recompilation, before bringing it into production. Thanks again for pointing me in the right direction ! Best regards, Steven Driesmans Sensitivity: Company -----Original Message----- From: TJ Saunders <tj...@ca...> Sent: Saturday, September 7, 2024 5:32 PM To: ProFTPD Users <pro...@li...>; pro...@pr... Cc: Steven Driesmans <Steven.Driesmans@inetum-realdolmen.world> Subject: Re: [Proftpd-user] Proftpd AuthGroupFile == EXTERNAL MAIL == This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. > A virtual groups file (AuthGroupFile definition inside the proftpd > config file underneath /etc/proftpd/conf.d) has one group that > contains > 64 or more virtual users. > > Some time ago, adding a new virtual user to that specific group lead > to the following error message inside the sftp logfile: > > Jul 10 12:54:28 <hostname> proftpd[1176232]: session[1176232] > <IP-address> (<IP-address>[<IP-address>]): Malformed entry in > AuthGroupFile file (line 85) Jul 10 12:54:28 <hostname> > proftpd[1176232]: session[1176232] <hostname> > (<IP-address>[<IP-address>]): Malformed entry in AuthGroupFile file > (line 170) Jul 10 12:54:28 <hostname> proftpd[1176232]: realloc(): > invalid next size The handling of these AuthUserFile, AuthGroupFiles has changed over time. In particular, ProFTPD _might_ use some functions in the C library for reading these files -- depending on the platform; otherwise, it would use its own internal functions. Either way, there is a fixed buffer that is used for reading a single line of text; it is possible that your current AuthGroupFile has a line of text that is longer than that fixed buffer size. If the line of text is longer than the buffer, then ProFTPD will not read the entire line; it will be truncated. Which, in turn, can lead to "malformed syntax" sorts of parse errors. In the cases where ProFTPD uses its own internal functions for handling these auth files, that fixed buffer size is 1024 characters: https://github.com/proftpd/proftpd/blob/master/include/options.h#L84 That buffer size can be changed, but only at compile-time, using the --enable-tunable-buffer-size configure option. I should also point out that the use of C library functions, vs internal functions, did change in ProFTPD versions newer than yours; see: https://github.com/proftpd/proftpd/issues/1134 > Jul 10 12:54:28 <hostname> proftpd[1176232]: realloc(): invalid next > size This particular log message looks like a related, but slightly different issue: https://github.com/proftpd/proftpd/issues/1321 Hope this helps, TJ |
From: TJ S. <tj...@ca...> - 2024-09-07 15:32:56
|
> A virtual groups file (AuthGroupFile definition inside the proftpd > config file underneath /etc/proftpd/conf.d) has one group that contains > 64 or more virtual users. > > Some time ago, adding a new virtual user to that specific group lead to > the following error message inside the sftp logfile: > > Jul 10 12:54:28 <hostname> proftpd[1176232]: session[1176232] > <IP-address> (<IP-address>[<IP-address>]): Malformed entry in > AuthGroupFile file (line 85) > Jul 10 12:54:28 <hostname> proftpd[1176232]: session[1176232] > <hostname> (<IP-address>[<IP-address>]): Malformed entry in > AuthGroupFile file (line 170) > Jul 10 12:54:28 <hostname> proftpd[1176232]: realloc(): invalid next > size The handling of these AuthUserFile, AuthGroupFiles has changed over time. In particular, ProFTPD _might_ use some functions in the C library for reading these files -- depending on the platform; otherwise, it would use its own internal functions. Either way, there is a fixed buffer that is used for reading a single line of text; it is possible that your current AuthGroupFile has a line of text that is longer than that fixed buffer size. If the line of text is longer than the buffer, then ProFTPD will not read the entire line; it will be truncated. Which, in turn, can lead to "malformed syntax" sorts of parse errors. In the cases where ProFTPD uses its own internal functions for handling these auth files, that fixed buffer size is 1024 characters: https://github.com/proftpd/proftpd/blob/master/include/options.h#L84 That buffer size can be changed, but only at compile-time, using the --enable-tunable-buffer-size configure option. I should also point out that the use of C library functions, vs internal functions, did change in ProFTPD versions newer than yours; see: https://github.com/proftpd/proftpd/issues/1134 > Jul 10 12:54:28 <hostname> proftpd[1176232]: realloc(): invalid next > size This particular log message looks like a related, but slightly different issue: https://github.com/proftpd/proftpd/issues/1321 Hope this helps, TJ |
From: Steven D. <Ste...@in...> - 2024-09-07 13:40:17
|
Dear all, A virtual groups file (AuthGroupFile definition inside the proftpd config file underneath /etc/proftpd/conf.d) has one group that contains 64 or more virtual users. Some time ago, adding a new virtual user to that specific group lead to the following error message inside the sftp logfile: Jul 10 12:54:28 <hostname> proftpd[1176232]: session[1176232] <IP-address> (<IP-address>[<IP-address>]): Malformed entry in AuthGroupFile file (line 85) Jul 10 12:54:28 <hostname> proftpd[1176232]: session[1176232] <hostname> (<IP-address>[<IP-address>]): Malformed entry in AuthGroupFile file (line 170) Jul 10 12:54:28 <hostname> proftpd[1176232]: realloc(): invalid next size * I scrambled the original hostname and IP-addresses from the logs * There are only 84 lines in the AuthGroupFile ! [root@<hostname> conf.d]# wc -l <sftp-fqdn>.groups 84 sftp.dewatergroep.be.groups [root@<hostname> conf.d]# Info on link https://fossies.org/linux/proftpd/doc/howto/LogMessages.html talks about the most common cause for this : "Malformed entry in AuthUserFile/AuthGroupFile" The configured AuthUserFile/AuthGroupFile<https://fossies.org/linux/proftpd/doc/howto/AuthFiles.html> has a line which is not in the necessary format. The most common cause for this is when one of the file fields is missing, or if there an extra colon (':') character in a field (e.g. in the name field). I already looked inside the AuthUsersFile to check if the specific user(s) have a malformed entry, which is not the case. Also nothing special or abnormal to be seen or found in the AuthGroupFile. Moving the specific virtual user more to the beginning of the specific virtual group does work, so some sort of limitation must be in place somewhere... Current version of OS : RHEL 8.10 Current version of proftpd : 1.3.6e It looks like there's a limit of maximum characters or users for one virtual group, but I cannot find any info about this... [root@<hostname> conf.d]# grep -v ^# <sftp-fqdn>.groups | grep svc | awk -F":" '{print $4}' | wc -c 1067 [root@<hostname> conf.d]# [root@<hostname> conf.d]# grep -v ^# <sftp-fqdn>.groups | grep svc | awk -F":" '{print $4}' | tr -s "," " " |wc -w 64 [root@<hostname> conf.d]# Anybody that can help me out or point me in the right direction ? Best regards, Steven Driesmans Sensitivity: Company |
From: Steven D. <Ste...@in...> - 2024-09-05 17:32:32
|
Dear all, A virtual groups file (AuthGroupFile definition inside the proftpd config file underneath /etc/proftpd/conf.d) has one group that contains 64 or more virtual users. Some time ago, adding a new virtual user to that specific group lead to the following error message inside the sftp logfile: Jul 10 12:54:28 <hostname> proftpd[1176232]: session[1176232] <IP-address> (<IP-address>[<IP-address>]): Malformed entry in AuthGroupFile file (line 85) Jul 10 12:54:28 <hostname> proftpd[1176232]: session[1176232] <hostname> (<IP-address>[<IP-address>]): Malformed entry in AuthGroupFile file (line 170) Jul 10 12:54:28 <hostname> proftpd[1176232]: realloc(): invalid next size * I scrambled the original hostname and IP-addresses from the logs * There are only 84 lines in the AuthGroupFile ! [root@<hostname> conf.d]# wc -l <sftp-fqdn>.groups 84 sftp.dewatergroep.be.groups [root@<hostname> conf.d]# Info on link https://fossies.org/linux/proftpd/doc/howto/LogMessages.html talks about the most common cause for this : "Malformed entry in AuthUserFile/AuthGroupFile" The configured AuthUserFile/AuthGroupFile<https://fossies.org/linux/proftpd/doc/howto/AuthFiles.html> has a line which is not in the necessary format. The most common cause for this is when one of the file fields is missing, or if there an extra colon (':') character in a field (e.g. in the name field). I already looked inside the AuthUsersFile to check if the specific user(s) have a malformed entry, which is not the case. Also nothing special or abnormal to be seen or found in the AuthGroupFile. Moving the specific virtual user more to the beginning of the specific virtual group does work, so some sort of limitation must be in place somewhere... Current version of OS : RHEL 8.10 Current version of proftpd : 1.3.6e It looks like there's a limit of maximum characters or users for one virtual group, but I cannot find any info about this... [root@<hostname> conf.d]# grep -v ^# <sftp-fqdn>.groups | grep svc | awk -F":" '{print $4}' | wc -c 1067 [root@<hostname> conf.d]# [root@<hostname> conf.d]# grep -v ^# <sftp-fqdn>.groups | grep svc | awk -F":" '{print $4}' | tr -s "," " " |wc -w 64 [root@<hostname> conf.d]# Anybody that can help me out or point me in the right direction ? Best regards, Steven Driesmans Sensitivity: Company |
From: TJ S. <tj...@ca...> - 2024-08-13 17:41:58
|
> How do I configure MAC algorithm for sftp? The SFTPDigests configuration directive can be used for this; see: http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPDigests Cheers, TJ |
From: Lists <li...@se...> - 2024-08-13 17:37:50
|
Please excuse my ignorance, getting deep into this configuration. How do I configure MAC algorithm for sftp? Geoffrey Myers |
From: Chris Y. <mr...@gm...> - 2024-08-12 21:00:54
|
I don't use root when I run nmap nmap -Pn --script ssh2-enum-algos -p 22 my.sftp.server Root is only necessary if you're doing silly things with raw sockets. Checking an sftp server for supported algos is basic tcp stuff. No root required. On Mon, Aug 12, 2024 at 12:28 PM Geoffrey Myers <li...@se...> wrote: > thanks Chris, > > If I recall correctly, map requires root access? I don’t have root > access. Is there any way to determine the altos/ciphers supported by > proftpd that does not require root access? > > > On Aug 2, 2024, at 10:38 PM, Chris Young <mr...@gm...> wrote: > > to "visualize" the enabled ciphers for your server, install nmap, and from > a command line, you can run > > ## check for ssh/sftp algos > nmap -Pn --script ssh2-enum-algos -p 22 SFTP.HOST.WHATEVER > > ## check for ssl/tls ciphers > nmap --script ssl-enum-ciphers -p 443 WWW.HOST.WHATEVER > > if your machine is running openssl v3+, you'll get an accurate map of the > enable key exchange and encryption algorithms. > > .. pretty sure ssh will show accurate, even for openssl v1, but modern tls > ciphers will only show if you have openssl v3+ > > > On Fri, Aug 2, 2024 at 1:36 PM TJ Saunders <tj...@ca...> wrote: > >> > TJ, thanks. Quick question. I’m a bit confused. As I referenced ssh >> > you mentioned openssl. Does ssh use OpenSSL? I would expect openssh. >> >> The mod_sftp module for ProFTPD implements the SSH and SFTP protocols >> using the OpenSSL library for the necessary cryptographic support. It does >> not use the OpenSSH implementations in any way. In fact, mod_sftp >> implements some parts of the SFTP protocol that OpenSSH does not implement. >> >> Cheers, >> TJ >> >> >> _______________________________________________ >> ProFTPD Users List <pro...@pr...> >> Unsubscribe problems? >> http://www.proftpd.org/list-unsub.html > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html > > > -- > Until later, Geof > > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
From: TJ S. <tj...@ca...> - 2024-08-12 19:37:09
|
> *In general, there is no need to use this directive unless only one > specific key exchange algorithm must be used.* > > If I want to exclude a particular algo, is the only solution to specify > only the algos you want? Yes, if you want to omit/exclude a particular key exchange algorithm, you have to explicitly list all the other algorithms that you want to enable. > Is there an option to do something like: > > STPKeyExchanges ! algoNotWanted Not currently, no. Cheers, TJ |
From: Geoffrey M. <li...@se...> - 2024-08-12 18:59:36
|
In the docs for sftpkeyexchanges it states: In general, there is no need to use this directive unless only one specific key exchange algorithm must be used. If I want to exclude a particular algo, is the only solution to specify only the algos you want? Is there an option to do something like: STPKeyExchanges ! algoNotWanted Thanks -- Until later, Geof |
From: Geoffrey M. <li...@se...> - 2024-08-12 17:26:38
|
thanks Chris, If I recall correctly, map requires root access? I don’t have root access. Is there any way to determine the altos/ciphers supported by proftpd that does not require root access? > On Aug 2, 2024, at 10:38 PM, Chris Young <mr...@gm...> wrote: > > to "visualize" the enabled ciphers for your server, install nmap, and from a command line, you can run > > ## check for ssh/sftp algos > nmap -Pn --script ssh2-enum-algos -p 22 SFTP.HOST.WHATEVER > > ## check for ssl/tls ciphers > nmap --script ssl-enum-ciphers -p 443 WWW.HOST.WHATEVER > > if your machine is running openssl v3+, you'll get an accurate map of the enable key exchange and encryption algorithms. > > .. pretty sure ssh will show accurate, even for openssl v1, but modern tls ciphers will only show if you have openssl v3+ > > > On Fri, Aug 2, 2024 at 1:36 PM TJ Saunders <tj...@ca... <mailto:tj...@ca...>> wrote: > > TJ, thanks. Quick question. I’m a bit confused. As I referenced ssh > > you mentioned openssl. Does ssh use OpenSSL? I would expect openssh. > > The mod_sftp module for ProFTPD implements the SSH and SFTP protocols using the OpenSSL library for the necessary cryptographic support. It does not use the OpenSSH implementations in any way. In fact, mod_sftp implements some parts of the SFTP protocol that OpenSSH does not implement. > > Cheers, > TJ > > > _______________________________________________ > ProFTPD Users List <pro...@pr... <mailto:pro...@pr...>> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html <http://www.proftpd.org/list-unsub.html>_______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html -- Until later, Geof |
From: Chris Y. <mr...@gm...> - 2024-08-03 02:39:38
|
to "visualize" the enabled ciphers for your server, install nmap, and from a command line, you can run ## check for ssh/sftp algos nmap -Pn --script ssh2-enum-algos -p 22 SFTP.HOST.WHATEVER ## check for ssl/tls ciphers nmap --script ssl-enum-ciphers -p 443 WWW.HOST.WHATEVER if your machine is running openssl v3+, you'll get an accurate map of the enable key exchange and encryption algorithms. .. pretty sure ssh will show accurate, even for openssl v1, but modern tls ciphers will only show if you have openssl v3+ On Fri, Aug 2, 2024 at 1:36 PM TJ Saunders <tj...@ca...> wrote: > > TJ, thanks. Quick question. I’m a bit confused. As I referenced ssh > > you mentioned openssl. Does ssh use OpenSSL? I would expect openssh. > > The mod_sftp module for ProFTPD implements the SSH and SFTP protocols > using the OpenSSL library for the necessary cryptographic support. It does > not use the OpenSSH implementations in any way. In fact, mod_sftp > implements some parts of the SFTP protocol that OpenSSH does not implement. > > Cheers, > TJ > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
From: TJ S. <tj...@ca...> - 2024-08-02 18:34:32
|
> TJ, thanks. Quick question. I’m a bit confused. As I referenced ssh > you mentioned openssl. Does ssh use OpenSSL? I would expect openssh. The mod_sftp module for ProFTPD implements the SSH and SFTP protocols using the OpenSSL library for the necessary cryptographic support. It does not use the OpenSSH implementations in any way. In fact, mod_sftp implements some parts of the SFTP protocol that OpenSSH does not implement. Cheers, TJ |
From: Lists <li...@se...> - 2024-08-02 18:11:21
|
TJ, thanks. Quick question. I’m a bit confused. As I referenced ssh you mentioned openssl. Does ssh use OpenSSL? I would expect openssh. Geoffrey Myers > On Aug 2, 2024, at 1:34 PM, Matus UHLAR - fantomas <uh...@fa...> wrote: > > On 02.08.24 11:53, Geoffrey Myers wrote: >> If I don’t use the SFTPCipher directive what cipher will it use? I see in the docs: In general, there is no need to use this directive unless only one specific cipher must be used. > > http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPCiphers > > By default, all of the above cipher algorithms are presented to the client, in the above order, during the key exchange. > > -- > Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > If Barbie is so popular, why do you have to buy her friends? > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
From: Matus U. - f. <uh...@fa...> - 2024-08-02 17:33:10
|
On 02.08.24 11:53, Geoffrey Myers wrote: >If I don’t use the SFTPCipher directive what cipher will it use? I see in the docs: In general, there is no need to use this directive unless only one specific cipher must be used. http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPCiphers By default, all of the above cipher algorithms are presented to the client, in the above order, during the key exchange. -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. If Barbie is so popular, why do you have to buy her friends? |
From: TJ S. <tj...@ca...> - 2024-08-02 17:26:37
|
> If I don’t use the SFTPCipher directive what cipher will it use? I see > in the docs: In general, there is no need to use this directive unless > only one specific cipher must be used. The actual cipher algorithm used for a given SFTP session is negotiated by the client and server; each side presents its preferred list of algorithms (such as the list configured by the SFTPCiphers directive) to the other, and they use the same rules to find a matching algorithm in both lists. If the SFTPCiphers directive is not used, then the list of cipher algorithms presented by mod_sftp is as documented: http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPCiphers Note that the presence of some algorithms, in that list, depend on the version of OpenSSL being used, and the presence/absence of particular algorithms in that build of OpenSSL. Hope this helps! TJ |
From: Geoffrey M. <li...@se...> - 2024-08-02 16:06:50
|
If I don’t use the SFTPCipher directive what cipher will it use? I see in the docs: In general, there is no need to use this directive unless only one specific cipher must be used. -- Until later, Geof |
From: Geoffrey M. <geo...@gm...> - 2024-08-02 15:45:48
|
If I don’t use the SFTPCipher directive what cipher will it use? I see in the docs: In general, there is no need to use this directive unless only one specific cipher must be used. Thanks, Geoffrey Myers |
From: Preuße, H. <hi...@we...> - 2024-07-20 10:03:33
|
On 20.07.2024 03:07, Mark Grimes wrote: Hi, > I don't have any other modules that I can think of. I'll contact you if > our requirements change. > Including mod_delay would be very much appreciated. > hille@rasppi2:~/devel/proftp/aaa_git $ dpkg-deb -c proftpd-core_1.3.8.b+dfsg-3_arm64.deb|grep mod_del -rw-r--r-- root/root 68360 2024-05-22 09:12 ./usr/lib/proftpd/mod_delay.so I'll release it with rev. -3. Hilmar |
From: Roberto B. <rob...@pr...> - 2024-05-22 10:47:33
|
uhm ... I have recompiled the package with the patch pointed to by TJ: the situation is unchanged :/ Il giorno mer 22 mag 2024 alle ore 04:14 Brad Knorr <br...@kn...> ha scritto: > I have no idea if this means anything, but I was trying to use 24.04 and > containerd/runc and app armour has broken this application. Just thought I > would throw this out there. Sorry if I am way off base. > > Brad > > -----Original Message----- > From: TJ Saunders <tj...@ca...> > Sent: Tuesday, May 21, 2024 5:08 PM > To: ProFTPD Users <pro...@li...> > Subject: Re: [Proftpd-user] Ubuntu 24.04 mod_tls.o seg fault? > > > > I am trying to configure proftpd for using ftps under Ubuntu 24.04 > > running in a virtual machine (VirtualBox, in a NAT Network). > > Can you provide the output from `proftpd -V`? In particular, I'm > wondering if you are running into this issue: > > https://github.com/proftpd/proftpd/issues/1770 > > Cheers, > TJ > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html > -- Roberto Brunelli PROVINCIA AUTONOMA DI TRENTO Agenzia provinciale per le risorse idriche e l'energia APRIE - PAT IT - Piazza Fiera - 38122 Trento T. +39 0461 497358 ¯¯¯¯ -- |
From: Roberto B. <rob...@pr...> - 2024-05-22 05:57:26
|
Here it comes ... Thx, Roberto Il giorno mer 22 mag 2024 alle ore 01:24 TJ Saunders <tj...@ca...> ha scritto: > > > I am trying to configure proftpd for using ftps under Ubuntu 24.04 > > running in a virtual machine (VirtualBox, in a NAT Network). > > Can you provide the output from `proftpd -V`? In particular, I'm > wondering if you are running into this issue: > > https://github.com/proftpd/proftpd/issues/1770 > > Cheers, > TJ > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html > -- Roberto Brunelli PROVINCIA AUTONOMA DI TRENTO Agenzia provinciale per le risorse idriche e l'energia APRIE - PAT IT - Piazza Fiera - 38122 Trento T. +39 0461 497358 ¯¯¯¯ -- |
From: Brad K. <br...@kn...> - 2024-05-22 02:12:01
|
I have no idea if this means anything, but I was trying to use 24.04 and containerd/runc and app armour has broken this application. Just thought I would throw this out there. Sorry if I am way off base. Brad -----Original Message----- From: TJ Saunders <tj...@ca...> Sent: Tuesday, May 21, 2024 5:08 PM To: ProFTPD Users <pro...@li...> Subject: Re: [Proftpd-user] Ubuntu 24.04 mod_tls.o seg fault? > I am trying to configure proftpd for using ftps under Ubuntu 24.04 > running in a virtual machine (VirtualBox, in a NAT Network). Can you provide the output from `proftpd -V`? In particular, I'm wondering if you are running into this issue: https://github.com/proftpd/proftpd/issues/1770 Cheers, TJ _______________________________________________ ProFTPD Users List <pro...@pr...> Unsubscribe problems? http://www.proftpd.org/list-unsub.html |
From: TJ S. <tj...@ca...> - 2024-05-21 23:21:33
|
> I am trying to configure proftpd for using ftps under Ubuntu 24.04 > running in a virtual machine (VirtualBox, in a NAT Network). Can you provide the output from `proftpd -V`? In particular, I'm wondering if you are running into this issue: https://github.com/proftpd/proftpd/issues/1770 Cheers, TJ |
From: Roberto B. <rob...@pr...> - 2024-05-21 15:40:19
|
I am trying to configure proftpd for using ftps under Ubuntu 24.04 running in a virtual machine (VirtualBox, in a NAT Network). 1. I have generated the certificates with certbot and successfully used them to provide https with apache 2. I have installed proftpd and it works in the standard ftp mode. 3. I have then modified the standard proftpd.conf file by uncommenting Include /etc/proftpd/tls.conf 4. I have modified modules.conf uncommenting LoadModule mod_tls.c 5. I have the following tls.conf file: <IfModule mod_tls.c> > TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv23 TLSOptions NoCertRequest TLSRSACertificateFile /etc/letsencrypt/live/ > osservatorio.energia.provincia.tn.it/fullchain.pem TLSRSACertificateKeyFile /etc/letsencrypt/live/ > osservatorio.energia.provincia.tn.it/privkey.pem TLSVerifyClient off #TLSRequired on </IfModule> and when I use lftp to connect with the following options: oetools@oeweb:/etc/proftpd$ lftp > lftp :~> open --user xxxx --port 21 ftps:// > osservatorio.energia.provincia.tn.it > Password: > lftp ap...@os...:~> ls > ls: Fatal error: gnutls_handshake: The TLS connection was non-properly > terminated. > and I get the following output in proftpd.log (tls.log remains empty): 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it[...]): > -----BEGIN STACK TRACE----- 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [0] /usr/lib/proftpd/mod_tls.so(+0x26962) [0x7fb5037e6962] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [1] /usr/lib/proftpd/mod_tls.so(+0x26962) [0x7fb5037e6962] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [2] /usr/lib/proftpd/mod_tls.so(+0x29fae) [0x7fb5037e9fae] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [3] proftpd: (accepting > connections)(modules_session_init+0x64) [0x5ed9abc83244] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [4] proftpd: (accepting connections)(+0x2981e) [0x5ed9abc5d81e] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [5] proftpd: (accepting connections)(+0x2a239) [0x5ed9abc5e239] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [6] proftpd: (accepting connections)(main+0x648) > [0x5ed9abc54098] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [7] /lib/x86_64-linux-gnu/libc.so.6(+0x2a1ca) [0x7fb50382a1ca] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [8] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x8b) > [0x7fb50382a28b] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): [9] proftpd: (accepting connections)(_start+0x25) > [0x5ed9abc546b5] 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): -----END STACK TRACE----- 2024-05-21 16:38:57,806 oeweb proftpd[13837] > osservatorio.energia.provincia.tn.it (osservatorio.energia.provincia.tn.it > [ ... ]): ProFTPD terminating (signal 11) Any help is greatly appreciated! Roberto -- |
From: Lists <li...@se...> - 2024-03-14 17:12:29
|
It’s my understanding init script is required for clustered rh8 Geoffrey Myers > On Jan 26, 2024, at 7:25 PM, Robillard, Bob <bro...@ic...> wrote: > > >> >> I'm wondering, why you want to work with init scripts on Redhat8 instead of doing a proper systemd integration > > As an aside, that's how we did it...there's a proftpd.service file in the "contrib" source tree to start from: > > > [Unit] > Description = ProFTPD FTP Server > Wants=network-online.target > After=network-online.target nss-lookup.target local-fs.target remote-fs.target > > [Service] > Type = simple > Environment = PROFTPD_OPTIONS= > EnvironmentFile = -/etc/sysconfig/proftpd > ExecStartPre = /usr/sbin/proftpd --configtest > ExecStart = /usr/sbin/proftpd --nodaemon $PROFTPD_OPTIONS > ExecReload = /bin/kill -HUP $MAINPID > PIDFile = /run/proftpd/proftpd.pid > > [Install] > WantedBy = multi-user.target > > > > -----Original Message----- > From: Preuße, Hilmar via Proftp-user <pro...@li...> > Sent: Thursday, January 25, 2024 5:07 PM > To: pro...@li... > Cc: Preuße, Hilmar <hi...@we...> > Subject: Re: [Proftpd-user] Init script for RHEL8 > > This message has originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email. > > On 22.01.2024 20:36, Lists wrote: > > Hi, > >> We are migrating our proftpd from RHEL7 to RHEL8. We copied our >> /etc/init.d script but it does not work. Curious if someone has >> conquered this issue. Proftpd does start when calling >> /usr/sbin/proftpd directly. >> > I'm wondering, why you want to work with init scripts on Redhat8 instead of doing a proper systemd integration. IIRC there are some templates in the proftp source package, which you can use. Further I'd expect that proftp is packaged for Redhat, but I did not check. > > Hilmar > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
From: Robillard, B. <bro...@ic...> - 2024-01-27 00:23:38
|
> I'm wondering, why you want to work with init scripts on Redhat8 instead of doing a proper systemd integration As an aside, that's how we did it...there's a proftpd.service file in the "contrib" source tree to start from: [Unit] Description = ProFTPD FTP Server Wants=network-online.target After=network-online.target nss-lookup.target local-fs.target remote-fs.target [Service] Type = simple Environment = PROFTPD_OPTIONS= EnvironmentFile = -/etc/sysconfig/proftpd ExecStartPre = /usr/sbin/proftpd --configtest ExecStart = /usr/sbin/proftpd --nodaemon $PROFTPD_OPTIONS ExecReload = /bin/kill -HUP $MAINPID PIDFile = /run/proftpd/proftpd.pid [Install] WantedBy = multi-user.target -----Original Message----- From: Preuße, Hilmar via Proftp-user <pro...@li...> Sent: Thursday, January 25, 2024 5:07 PM To: pro...@li... Cc: Preuße, Hilmar <hi...@we...> Subject: Re: [Proftpd-user] Init script for RHEL8 This message has originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email. On 22.01.2024 20:36, Lists wrote: Hi, > We are migrating our proftpd from RHEL7 to RHEL8. We copied our > /etc/init.d script but it does not work. Curious if someone has > conquered this issue. Proftpd does start when calling > /usr/sbin/proftpd directly. > I'm wondering, why you want to work with init scripts on Redhat8 instead of doing a proper systemd integration. IIRC there are some templates in the proftp source package, which you can use. Further I'd expect that proftp is packaged for Redhat, but I did not check. Hilmar |