Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
rsk
 Post subject:
PostPosted: Wed Sep 22, 2010 7:04 pm 
Offline
Senior Member
User avatar

Joined: Tue Nov 24, 2009 1:59 pm
Posts: 362
Former usually is easier to detach from system user accounts, and you seem to be wanting such separation. Latter requires user to be able to log in via SSH, after all.
Top
   
Reply with quote  
cimenta
 Post subject:
PostPosted: Thu Sep 23, 2010 9:47 am 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
drake127 wrote:
Still, you don't need to mess with ACL (for something that can be done without them).

...

I believe it is exactly what you need. It can be done without redundancy but you can play with that later (as well as with getting rid of one-user-running-it-approach).


I did what you suggested and when I sure core FTP I get

Code:
Resolving mydomain.com...  
Connect socket #736 to xx.xx.xx.xx, port 21...
Can't establish connection --> mydomain.com:21 @ Thu Sep 23 23:36:20 2010   (10054-38)
An existing connection was forcibly closed by the remote host. 


ps aux |grep ftp gives me
Code:
root     26716  0.0  0.3   6248  1532 ?        Ss   23:28   0:00 pure-ftpd (SERVER)


ps aux|grep mysql gives me
Code:
mysql    26563  0.0  3.6 129228 18764 ?        Ssl  23:12   0:00 /usr/sbin/mysqld



I cannot find anything in /var/log/messages

Any idea how I can make it work ?

Thank you

R
Top
   
Reply with quote  
drake127
 Post subject:
PostPosted: Thu Sep 23, 2010 7:31 pm 
Offline
Senior Member

Joined: Sat Nov 15, 2008 4:24 pm
Posts: 55
Location: Czech Republic
netstat -at?
Top
   
Reply with quote  
cimenta
 Post subject:
PostPosted: Thu Sep 23, 2010 7:45 pm 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
drake127 wrote:
netstat -at?


Code:
tcp        0      0 localhost:9000          *:*                     LISTEN     
tcp        0      0 localhost:mysql         *:*                     LISTEN     
tcp        0      0 *:www                   *:*                     LISTEN     
tcp        0      0 localhost:ftp           *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 localhost:postgresql    *:*                     LISTEN     
tcp        0     48 mydomain:ssh              202-xxx-80-xxx.pe:54270 ESTABLISHED
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN

using filezilla ftp over implicit tls
Code:
Status:   Resolving address of rsness.com
Status:   Connecting to 97.xx.xxx.xx:990...
Error:   Connection timed out
Error:   Could not connect to server

and over explicit tls
Code:
Status:   Resolving address of rsness.com
Status:   Connecting to 97.xxx.xxx.xx:xxx...
Status:   Connection established, waiting for welcome message...
Error:   Connection closed by server
Error:   Could not connect to server



Last edited by cimenta on Thu Sep 23, 2010 9:16 pm, edited 1 time in total.

Top
   
Reply with quote  
drake127
 Post subject:
PostPosted: Thu Sep 23, 2010 8:50 pm 
Offline
Senior Member

Joined: Sat Nov 15, 2008 4:24 pm
Posts: 55
Location: Czech Republic
You can't listen on localhost. You need to change -S parameter to your public IP address.
Top
   
Reply with quote  
cimenta
 Post subject:
PostPosted: Thu Sep 23, 2010 8:58 pm 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
drake127 wrote:
You can't listen on localhost. You need to change -S parameter to your public IP address.


looks much better. Using TFP over explicit TLS

Code:
Status:   Resolving address of mydomain.com
Status:   Connecting to 97.xxx.xxx.xxx:21...
Status:   Connection established, waiting for welcome message...
Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:   220-You are user number 1 of 50 allowed.
Response:   220-Local time is now 10:56. Server port: 21.
Response:   220-This is a private system - No anonymous login
Response:   220 You will be disconnected after 15 minutes of inactivity.
Command:   AUTH TLS
Response:   500 Command not understood.
Command:   AUTH SSL
Response:   500 Command not understood.
Error:   Critical error
Error:   Could not connect to server
Top
   
Reply with quote  
drake127
 Post subject:
PostPosted: Thu Sep 23, 2010 9:29 pm 
Offline
Senior Member

Joined: Sat Nov 15, 2008 4:24 pm
Posts: 55
Location: Czech Republic
Did you specify -Y 3? If so, can you confirm that your build has compiled support for TLS/SSL? Are you aware you need to correctly set up SSL certficate (/etc/ssl/private/pure-ftpd.pem on my distro).
Top
   
Reply with quote  
cimenta
 Post subject:
PostPosted: Thu Sep 23, 2010 9:42 pm 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
drake127 wrote:
Did you specify -Y 3? If so, can you confirm that your build has compiled support for TLS/SSL? Are you aware you need to correctly set up SSL certficate (/etc/ssl/private/pure-ftpd.pem on my distro).


I am doing exactly what you said :-)

now I am running the server by

Code:
/usr/local/sbin/pure-ftpd -S xx.xx.xx.xx,21 -p 49152:50174 -B -l mysql:/etc/pure-ftpd/mysql.conf -u 2000 -0 -4 -A -E -H -U 137:027 -Y 3


I followed the steps from pure-ftpd.org to create the certificate

Code:
-rw------- 1 root root 2071 Sep 23 23:27 /etc/ssl/private/pure-ftpd.pem


So I compile my own build by

Code:
./configure --with-mysql --with-cookie --with-throttling --with-ratios --with-tls
make install-strip


and I set up the mySQL exactly as you said.

PS
Thank you for helping me out

R.


Last edited by cimenta on Thu Sep 23, 2010 10:12 pm, edited 1 time in total.

Top
   
Reply with quote  
cimenta
 Post subject:
PostPosted: Thu Sep 23, 2010 9:51 pm 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
how can I debug this? I tried -d switch but there is nothing special in /var/log/messages except

Code:
Sep 24 11:34:25 server pure-ftpd: (?@xx.xx.xx.xx) [INFO] New connection from xx.xx.xx.xx
Sep 24 11:34:25 server pure-ftpd: (?@xx.xx.xx.xx) [INFO] Logout.


Last edited by cimenta on Thu Sep 23, 2010 10:16 pm, edited 1 time in total.

Top
   
Reply with quote  
drake127
 Post subject:
PostPosted: Thu Sep 23, 2010 10:06 pm 
Offline
Senior Member

Joined: Sat Nov 15, 2008 4:24 pm
Posts: 55
Location: Czech Republic
You seem to use client which doesn't support TLS/SSL. I tried to connect to your server and TLS session was succesfully established. See your log.

Edit: You may want to remove your IP from previous post. ;-)
Top
   
Reply with quote  
cimenta
 Post subject:
PostPosted: Thu Sep 23, 2010 10:15 pm 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
drake127 wrote:
You seem to use client which doesn't support TLS/SSL. I tried to connect to your server and TLS session was succesfully established. See your log.
I am using FileZilla2. Which one did you use? And what 'type of connection/server type' did you use?

drake127 wrote:
Edit: You may want to remove your IP from previous post. ;-)

thank you :roll:

Code:
Sep 24 12:02:45 server pure-ftpd: (?@xx.xx.xx.xx) [INFO] New connection from xx.xx.xx.xx
Sep 24 12:02:46 server pure-ftpd: (?@xx.xx.xx.xx) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-SHA, 256 secret bits cipher
Sep 24 12:02:48 server pure-ftpd: (?@xx.xx.xx.xx) [INFO] Logout.
Sep 24 12:02:55 server pure-ftpd: (?@xx.xx.xx.xx) [INFO] New connection from xx.xx.xx.xx
Sep 24 12:02:59 server pure-ftpd: (?@xx.xx.xx.xx) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with DHE-RSA-AES256-SHA, 256 secret bits cipher
Sep 24 12:03:08 server pure-ftpd: (?@xx.xx.xx.xx) [WARNING] Authentication failed for user [d127-test]
Sep 24 12:07:21 server pure-ftpd: (?@xx.xx.xx.xx) [INFO] Logout.
Top
   
Reply with quote  
drake127
 Post subject:
PostPosted: Thu Sep 23, 2010 10:22 pm 
Offline
Senior Member

Joined: Sat Nov 15, 2008 4:24 pm
Posts: 55
Location: Czech Republic
I used Total Commnader 7.55 with OpenSSL 1.0 binaries. There are not many options, just one checkbox.

In Filezilla you may have option to use Explicit or implicit TLS (SSL). Just play with it a little. I failed on authentication (naturally) so server is working to that point just fine.
Top
   
Reply with quote  
cimenta
 Post subject:
PostPosted: Thu Sep 23, 2010 10:38 pm 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
drake127 wrote:
I used Total Commnader 7.55 with OpenSSL 1.0 binaries. There are not many options, just one checkbox.
I am on mac right now so cannot try TC. I tried also Secure FTP 2.6 with the same result.
drake127 wrote:
In Filezilla you may have option to use Explicit or implicit TLS (SSL). Just play with it a little. I failed on authentication (naturally) so server is working to that point just fine.

FileZilla with explicit TLS gives me

Quote:
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 12:35. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: AUTH TLS
Response: 500 Command not understood.
Command: AUTH SSL
Response: 500 Command not understood.
Error: Critical error
Error: Could not connect to server


with explicit I get ... Note the port number. It seems to me that pure-ftpd is not listening there

Code:
Status:    Resolving address of rsness.com
Status:    Connecting to xx.xx.xx.xx:990...
Error:    Connection timed out
Error:    Could not connect to server
Top
   
Reply with quote  
cimenta
 Post subject: test account
PostPosted: Thu Sep 23, 2010 10:45 pm 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
I created a test account if you want to try out ...

Thank you

R.
Top
   
Reply with quote  
cimenta
 Post subject:
PostPosted: Fri Sep 24, 2010 12:16 am 
Offline
Senior Member

Joined: Fri Aug 20, 2010 3:12 am
Posts: 68
so I tried

- FileZilla
- secure ftp
- cyberduck

on OSX

and TC 7.5 on win

all with the same result. I'd say that the authentication part is not working properly but have no idea how I can investigate that more.

Interesting is that when you tried to log in there was more info in the log file. Even your test user name. I have never got that....
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 6 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group