The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> System Administration
> FTP Help
|
Need Help Getting ProFTPd Started with XINETD
Discuss Need Help Getting ProFTPd Started with XINETD in the FTP Help forum on Dev Shed.
Need Help Getting ProFTPd Started with XINETD FTP Help forum discussing FTP practices, tips and solutions for problems with FTP on multiple platforms. File Transfer Protocol (FTP) was designed specifically for transferring files from one machine to another.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
July 22nd, 2002, 11:33 PM
|
|
Contributing User
|
|
Join Date: Nov 2001
Posts: 212
Time spent in forums: 2 h 42 m 35 sec
Reputation Power: 12
|
|
Need Help Getting ProFTPd Started with XINETD
I just installed proftpd server to replace wuftpd because I want to make sure my server is more secure. I was able to get it started yesterday and connected, but now for some reason I can't get it to start. I have it set up to start through XINETD but for some reason it never does. Can somebody look through my settings and let me know if you can find why it isn't working?
Note: I'm not sure if this is why it isn't working but I do not have any files under /etc/xinetd.d named proftpd. If this could be the problem, how do I get it to show up? I used the default ./configure when installing proftpd.
File: /etc/xinetd.conf
Code:
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 25
log_type = FILE /var/log/servicelog
log_on_success = HOST PID
log_on_failure = HOST RECORD
cps = 25 30
}
service ftp
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/in.proftpd
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
bind = MYISPSIPADDRESS
}
service ssh
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/sshd
}
File: /usr/local/etc/proftpd.conf
Code:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "mydomain.com"
ServerType inetd
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# Normally, we want files to be overwriteable.
<Directory /usr/local/private>
AllowOverwrite on
</Directory>
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 25
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
AllowRetrieveRestart on
AllowStoreRestart on
DefaultTransferMode ascii
IdentLookups off
MaxClients 5
ShowSymlinks on
ShowDotFiles on
AllowOverwrite on
RootLogin off
TimeoutLogin 0
TimeoutNoTransfer 0
TimeoutStalled 0
UseReverseDNS off
Files in.proftpd and proftpd are located in the /usr/sbin directory.
I've tried restarting xinetd with /etc/rc.d/init.d/xinetd restart and it comes up with this error:
/etc/rc.d/init.d/xinetd: config:: command not found
Here's what comes up when I run netstat-at so I know the FTP server is not running:
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:mysql *:* LISTEN
tcp 0 0 *:pop3 *:* LISTEN
tcp 0 0 *:10000 *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
Any ideas?
John Saunders
|
July 23rd, 2002, 12:47 PM
|
|
Contributing User
|
|
Join Date: Oct 2000
Location: Back in the real world.
|
|
Quote:
user = root
server = /usr/local/sbin/in.proftpd
...
Files in.proftpd and proftpd are located in the /usr/sbin directory
|
first mistake: if you want security, donīt run the service as root
second mistake: look at the two paths again... they should match, no?
donīt know if this solves the ::config problem, but give it a try!
|
July 23rd, 2002, 01:04 PM
|
|
Contributing User
|
|
Join Date: Nov 2001
Posts: 212
Time spent in forums: 2 h 42 m 35 sec
Reputation Power: 12
|
|
Hello M.Hirsch:
Thanks for your reply. I was able to get the config :: problem fixed by re-commenting the lines at the top of the xinetd.conf file. Regarding your security suggestion, should I just create seperate users like sshd and ftp and run these services using those instead of root?
I just double checked and my sshd and proftpd files are in /usr/local/sbin, nothing with those names are under /usr/sbin. I believe I had specified in the ./configure when installing those was to install them under /usr/local/sbin instead of the default.
I think the reason I couldn't get it started was because I had SSHD starting in a seperate boot command. I disabled it so it could only start through XINETD and when I restarted, I could connect via FTP but not SSHD. Now the SSHD server doesn't appear to be starting because I can't connect using SecureFTP.
Do you think SSHD wasn't compiled with the --enable=tcp-wrappers option? If so, how can I check this?
Here is what I have in the /etc/xinetd.conf file now:
Code:
#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 25
log_type = FILE /var/log/servicelog
log_on_success = HOST PID
log_on_failure = HOST RECORD
cps = 25 30
}
service ftp
{
protocol = tcp
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/proftpd
log_on_success += HOST PID
}
service ssh
{
flags = REUSE
protocol = tcp
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/sshd
}
This is what is in etc/ssh/sshd_conf:
Code:
# $OpenBSD: sshd_config,v 1.56 2002/06/20 23:37:12 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#Compression yes
#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/local/libexec/sftp-server
IgnoreRhosts yes
RhostsRSAAuthentication yes
RhostsAuthentication yes
IgnoreUserKnownHosts no
PrintMotd yes
StrictModes yes
RSAAuthentication yes
PermitRootLogin yes
PermitEmptyPasswords no
PasswordAuthentication yes
#CheckMail no
Do you see anything that is causing SSHD to not start?
John
|
July 23rd, 2002, 01:12 PM
|
|
Contributing User
|
|
Join Date: Oct 2000
Location: Back in the real world.
|
|
to the separate user question: yes, if it is not already there, create a user "ftpd" and group "ftpd". donīt use "ftp"! it is the user for anonymous ftp.
the rest: uh, sorry, no.
works standalone but not in xinetd? i canīt tell how to find out the .configure options either 
your "netstat -at", with the new config?
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
