Solved ProFTPD issue with sftp

bibiugly · Mar 18, 2021

Today, I install mod_sftp into ProFTPD with the following instructions:

General FTP | Directadmin Docs

The installation went well (figure 1).

Screen Shot 2021-03-19 at 2.25.04 AM.png

However, at the telnet step, everything is not correct (Figure 2).

Screen Shot 2021-03-19 at 2.26.04 AM.png

And then I try to use FileZilla to connect sftp to port 23 and it doesn't work.

Screen Shot 2021-03-19 at 2.35.30 AM.png

I also turned off Firewall and telnet to port 23 using Ping.eu tool, port 23 is open.
Hope I will receive your support.
I love DirectAdmin.

k1l0b1t · Mar 18, 2021

It looks like it's listening for regular FTP connections on port 23 somehow, odd. Can you share the content of /etc/proftpd.sftp.conf?

factor · Mar 18, 2021

It is set up to listen on port 23. If you have telnet installed on you server might be a conflict.

Code:

cd /usr/local/directadmin/custombuild
./build update
./build set ftpd proftpd
./build proftpd
cd /usr/local/directadmin/custombuild
./build update
./build set ftpd proftpd
mkdir -p custom/proftpd/conf
wget -O custom/proftpd/configure.proftpd http://files.directadmin.com/services/all/sftp/configure.proftpd.sftp
wget -O custom/proftpd/conf/proftpd.conf http://files.directadmin.com/services/all/sftp/proftpd.conf
chmod 755 custom/proftpd/configure.proftpd
wget -O /etc/proftpd.sftp.conf http://files.directadmin.com/services/all/sftp/proftpd.sftp.conf
./build proftpd

Make sure you dont have Port 23 set in SSHd config either its not needed.

I have to eat be back later to help you more @bibiugly

bibiugly · Mar 18, 2021

k1l0b1t said:
It looks like it's listening for regular FTP connections on port 23 somehow, odd. Can you share the content of /etc/proftpd.sftp.conf?

This is content in file, everything is default:

Code:

<IfModule mod_sftp.c>
<VirtualHost 0.0.0.0>
    # The SFTP configuration
    Port 23

    AuthUserFile    /etc/proftpd.passwd
    TransferLog      /var/log/proftpd/xferlog.legacy
    ExtendedLog     /var/log/proftpd/103.110.86.87.bytes WRITE,READ userlog   

    SFTPEngine on

    SFTPLog /var/log/proftpd/sftp.log
    SFTPHostKey /etc/ssh/ssh_host_rsa_key
    SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys

    SFTPClientMatch ".*WS_FTP.*" channelWindowSize 1GB    #WS_FTP initial window size
    SFTPClientMatch ".*ClientSftp" sftpProtocolVersion 3  #CuteFTPPro8
    SFTPClientMatch ".*WinSCP.*" sftpProtocolVersion 3    #upload/download fix for WinSCP
    SFTPClientMatch ".*SecureBlackbox.*" sftpProtocolVersion 3
    SFTPClientMatch "1.0" sftpProtocolVersion 3 channelWindowSize 1GB
    SFTPClientMatch ".*J2SSH_Maverick.*" channelWindowSize 1GB
    SFTPClientMatch ".*WeOnlyDo.*" sftpProtocolVersion 3 channelWindowSize 1GB
    SFTPClientMatch ".*EldoS.SSHBlackbox.3.*" sftpProtocolVersion 3 channelWindowSize 1GB
    SFTPClientMatch ".*IP.Works.*" channelWindowSize 1GB
</VirtualHost>
</IfModule>

bibiugly · Mar 18, 2021

bdacus01 said:
It is set up to listen on port 23. If you have telnet installed on you server might be a conflict.

Code:

cd /usr/local/directadmin/custombuild ./build update ./build set ftpd proftpd ./build proftpd cd /usr/local/directadmin/custombuild ./build update ./build set ftpd proftpd mkdir -p custom/proftpd/conf wget -O custom/proftpd/configure.proftpd http://files.directadmin.com/services/all/sftp/configure.proftpd.sftp wget -O custom/proftpd/conf/proftpd.conf http://files.directadmin.com/services/all/sftp/proftpd.conf chmod 755 custom/proftpd/configure.proftpd wget -O /etc/proftpd.sftp.conf http://files.directadmin.com/services/all/sftp/proftpd.sftp.conf ./build proftpd

Make sure you dont have Port 23 set in SSHd config either its not needed.

I have to eat be back later to help you more @bibiugly

I'm sure port 23 doesn't have any service yet.
I'll try your code and get back to you soon.

bibiugly · Mar 18, 2021

I tried your code, but things still don't work out yet.
Below are all of my ports in use:

Code:

[root@labda custombuild]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:2210            0.0.0.0:*               LISTEN      24096/sshd
tcp        0      0 0.0.0.0:7080            0.0.0.0:*               LISTEN      17055/openlitespeed
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      14289/exim
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      17055/openlitespeed
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      14289/exim
tcp        0      0 103.110.86.XX:53        0.0.0.0:*               LISTEN      23329/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      23329/named
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      14289/exim
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      23329/named
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      17055/openlitespeed
tcp6       0      0 :::2210                 :::*                    LISTEN      24096/sshd
tcp6       0      0 :::3306                 :::*                    LISTEN      1078/mysqld
tcp6       0      0 :::2222                 :::*                    LISTEN      13574/directadmin
tcp6       0      0 :::21                   :::*                    LISTEN      16360/proftpd: (acc
tcp6       0      0 :::23                   :::*                    LISTEN      16360/proftpd: (acc
tcp6       0      0 ::1:953                 :::*                    LISTEN      23329/named
udp        0      0 0.0.0.0:443             0.0.0.0:*                           17055/openlitespeed
udp        0      0 0.0.0.0:443             0.0.0.0:*                           17055/openlitespeed
udp        0      0 0.0.0.0:43790           0.0.0.0:*                           17068/openlitespeed
udp        0      0 0.0.0.0:46940           0.0.0.0:*                           17067/openlitespeed
udp        0      0 0.0.0.0:7080            0.0.0.0:*                           17055/openlitespeed
udp        0      0 0.0.0.0:7080            0.0.0.0:*                           17055/openlitespeed
udp        0      0 103.110.86.XX:53        0.0.0.0:*                           23329/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           23329/named
udp        0      0 127.0.0.1:323           0.0.0.0:*                           566/chronyd
udp6       0      0 ::1:323                 :::*                                566/chronyd
[root@labda custombuild]#

Thank you for your enthusiasm.

k1l0b1t · Mar 19, 2021

Odd... It is proftpd running on 23, so that's something. What does "service proftpd status" say (after a restart of proftpd), that sometimes contains sefull info

bibiugly · Mar 19, 2021

k1l0b1t said:
Odd... It is proftpd running on 23, so that's something. What does "service proftpd status" say (after a restart of proftpd), that sometimes contains sefull info

Here's all the information you need, hopefully you can find it:

Code:

[root@labda custombuild]# service proftpd status -l
Redirecting to /bin/systemctl status  -l proftpd.service
● proftpd.service - ProFTPD FTP Server
   Loaded: loaded (/etc/systemd/system/proftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2021-03-19 12:17:35 +07; 50min ago
  Process: 16358 ExecStart=/usr/sbin/proftpd $PROFTPD_OPTIONS (code=exited, status=0/SUCCESS)
  Process: 16356 ExecStartPre=/usr/bin/mkdir -p /var/run/proftpd (code=exited, status=0/SUCCESS)
Main PID: 16360 (proftpd)
   CGroup: /system.slice/proftpd.service
           └─16360 proftpd: (accepting connections

Mar 19 12:17:35 labda.domain.com systemd[1]: Stopped ProFTPD FTP Server.
Mar 19 12:17:35 labda.domain.com systemd[1]: Starting ProFTPD FTP Server...
Mar 19 12:17:35 labda.domain.com proftpd[16358]: 2021-03-19 12:17:35,102 labda.domain.com proftpd[16358]: fatal: SFTPHostKey: unable to check '/etc/ssh/ssh_host_rsa_key': No such file or directory on line 13 of '/etc/proftpd.sftp.conf'
Mar 19 12:17:35 labda.domain.com proftpd[16358]: 2021-03-19 12:17:35,102 labda.domain.com proftpd[16358]: warning: unable to include '/etc/proftpd.sftp.conf': Operation not permitted
Mar 19 12:17:35 labda.domain.com proftpd[16358]: 2021-03-19 12:17:35,109 labda.domain.com proftpd[16358] 127.0.0.1: mod_sftp/1.0.1: Server 'ProFTPd': ListOptions directive is not supported by mod_sftp, and will be ignored
Mar 19 12:17:35 labda.domain.com systemd[1]: Started ProFTPD FTP Server.
[root@labda custombuild]#

bibiugly · Mar 19, 2021

I have found the answer for myself. After running the following two commands everything worked perfectly:

Code:

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
chmod 600 /etc/ssh/ssh_host_rsa_key
service proftpd restart

factor · Mar 19, 2021

bibiugly said:
everything is default

@bibiugly

Your ip is in the config file and it not redacted.

Please edit the post for safety

Glad you got it fixed.

k1l0b1t · Mar 19, 2021

bibiugly said:
I have found the answer for myself. After running the following two commands everything worked perfectly:

Code:

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa chmod 600 /etc/ssh/ssh_host_rsa_key service proftpd restart

Glad you found it!

bibiugly · Apr 8, 2021

bdacus01 said:
@bibiugly

Your ip is in the config file and it not redacted.

Please edit the post for safety

Glad you got it fixed.

Thank you.

Solved ProFTPD issue with sftp

bibiugly

Verified User

k1l0b1t

Verified User

factor

Verified User

bibiugly

Verified User

bibiugly

Verified User

bibiugly

Verified User

k1l0b1t

Verified User

bibiugly

Verified User

bibiugly

Verified User

factor

Verified User

k1l0b1t

Verified User

bibiugly

Verified User