from pure-ftpd to proftpd?

[nobaloney]

There are some threads on converting from proftpd to pure-ftpd, but I haven't found one yet on converting from pure-ftpd.

We have a client who cannot login to pure-ftp. His client attaches but never gets back anythijng at all, and eventually times out. Tried with multiple clients. Logs show the connection, then inactivity, then Logout (though he sees a timeout, not a logout.

Maybe he's in some kind of pure-ftpd specific blocklist, because when I temporarily turn off pure-ftpd and run proftpd, he logs in without a problem.

Do you know where such a list may be located? I can't find anything.

Easiest alternative is likely just using CustomBuild 2 to convert to proftpd, and as far as I can tell, it should be easy enough and just work.

So the purpose of this thread is to ask if anyone knows with certainty if it'll just work; if anyone has tried it and has had any experience with it.

Thanks.

Jeff

 

[wattie]

I confirm that on my freebsd box it was very easy to switch from pureftp to proftp. The default installation of DA installed pureftpd on it but it got issues (something was wrong with the configs, service was not starting, etc). I then jumped on the fast solution - changed options.conf and rebuilt with proftpd - worked like a charm.

 

[nobaloney]

Thanks. did you just do

./build proftpd

or did you need to do anything else?

Jeff

 

[ditto]

You might (or might not) need to kill the pure-ftpd pid that is listening on port 21. I would suggest to change options.conf (set pureftpd to no and proftpd to yes) and then rebuild proftpd, then run:

netstat -pant

And you might get a result like this:

tcp        0      0 :::21                       :::*                        LISTEN      3746/pure-ftpd (SER

If soo, then you take the pid (in this case 3746) and kill it:

kill 3746

Then restart proftpd

Also, when I did this on CentOS with CB 2, I also deleted the following pureftpd files:

/etc/logrotate.d/pure-ftpd
/etc/rc.d/init.d/pure-ftpd
/etc/pureftpd.pdb
/etc/pure-ftpd.pem
/usr/share/man/man8/pure-ftpd.8
/usr/local/directadmin/custombuild/pure-ftpd_freebsd
/usr/local/directadmin/custombuild/pure-ftpd
/usr/local/directadmin/custombuild/pure-ftpd_debian
/usr/sbin/pure-ftpd
/var/lock/subsys/pure-ftpd
/var/run/pure-ftpd
/var/run/pure-ftpd.pid
/var/log/pureftpd.log

 

[nobaloney]

Thanks, ditto.

Here's what I ended up doing:

# cd /etc/rc.d/rc3.d/
# ls -ald *ftp* --color=no
lrwxrwxrwx. 1 root root 17 Sep 19 23:08 K15proftpd -> ../init.d/proftpd
lrwxrwxrwx. 1 root root 19 Sep 19 23:08 S85pure-ftpd -> ../init.d/pure-ftpd

above shows that proftpd is set to not run, and that pure-ftpd is set to run.

Then I changed the options.conf file and afterwards:

# ./build proftpd

Then ran netstat:

# netstat -pant | grep ftp | grep -v grep
tcp        0      0 :::21                       :::*                        LISTEN      540/proftpd

showing proftpd is listening, and pure-ftpd is not.

Then to make sure which one would start at reboot:

# cd /etc/rc.d/rc3.d/
# ls -ald *ftp* --color=no
lrwxrwxrwx 1 root root 19 Nov  8 12:20 K15pure-ftpd -> ../init.d/pure-ftpd
lrwxrwxrwx 1 root root 17 Nov  8 12:20 S85proftpd -> ../init.d/proftpd

Then to see what was running now:

# ps waux | grep ftp | grep -v grep
ftp        540  0.0  0.0 146676  1804 ?        Ss   12:20   0:00 proftpd: (accepting connections)

I left it at that; I didn't remove anything.
My client is checking now.

Again, thanks.

Jeff

 

[Richard G]

Tried with multiple clients.

I wonder... was that visible in the log or checked by you?
The only client I ever experienced login problems with on pure-ftpd was Filezilla.
I don't know of any pure-ftpd specific blocklist, never heard of something like that.

 

[nobaloney]

Our log showed only the connection and then a logout. Nothing else. I don't remember what FTP client he was using but it wasn't Filezilla. I switched back to ProFTPd, and I've had no problems since.

Works for me.

Jeff

 

[kitchin]

Excellent instructions, works great, here are my notes. Let me say up front I have two questions about ProFtpd SFTP also:

1. Does /usr/local/directadmin/data/templates/proftpd.vhosts.conf need to be empty ? See below.
2. Does the firewall need to allow UDP and MESSENGER_TEXT_IN ?

# find /usr/local/directadmin/ -name options.conf
/usr/local/directadmin/custombuild/options.conf

As a DirectAdmin newbie I need to know where these things are.

After "./build proftp" Jeff syas you want this so it will survive a reboot:

# cd /etc/rc.d/rc3.d/
# ls -ald *ftp* --color=no
lrwxrwxrwx 1 root root 19 Nov  8 12:20 K15pure-ftpd -> ../init.d/pure-ftpd
lrwxrwxrwx 1 root root 17 Nov  8 12:20 S85proftpd -> ../init.d/proftpd

Thanks for including that step. Mine indeed was not correct for some reason. Did I build before I edited options.conf ? Fix:

# mv S85pure-ftpd K15pure-ftpd
# mv K15proftpd S85proftpd
# ls -ald *ftp* --color=no

# ps waux | grep ftp | grep -v grep

Note, you will also see any active SFTP connections using the SSH port. That's the simple DA way of doing SFTP, for users with shell privileges.

root     10077  0.0  0.1   8228  1804 ?        Ss   07:42   0:00 /usr/libexec/openssh/sftp-server
ftp      31585  0.0  0.2  16580  3188 ?        SLs  09:11   0:00 proftpd: (accepting connections)
root     32648  0.0  0.1   8220  1724 ?        Ss   09:31   0:00 /usr/libexec/openssh/sftp-server

SFTP

Probably like other people reading this, I'm switching to ProFtp in order to get SFTP working for users without shell. So I'll include my notes on that. The module and instructions were first posted here on the forums in 2009 by Rootbsd and became this help article: http://help.directadmin.com/item.php?id=439

Before step 1 is this requirement:

This assumes you're using the newer unified_ftp_password_file setup for proftpd (you should have an empty proftpd.vhosts.conf file)

The detailed instructions for that are at http://www.directadmin.com/features.php?id=1134 but here's a quick check.

# cd /usr/local/directadmin
# grep -r --include=*.conf  unified_ftp .
./data/templates/directadmin.conf:unified_ftp_password_file=1
./conf/directadmin.conf:unified_ftp_password_file=1

So it's on, yet proftpd.vhosts.conf is not empty:

# find / -name  proftpd.vhosts.conf -ls
14550497    0 -rw-r--r--   1 root     root            0 May 19 05:34 /etc/proftpd.vhosts.conf
14681526    4 -rw-r--r--   1 diradmin diradmin      147 May 18 18:24 /usr/local/directadmin/data/templates/proftpd.vhosts.conf

One is empty, one is not. Is something bad going to happen next time I restart DirectAdmin or rebuild it? Don't know.

Next is "Step 1" in the help article: activate TJ Saunders's mod_sftp plugin for ProFtpd. Do that by wget'ting the config from files1.directadmin.com and building.

Step 2 is putting your IP in the config files.

Step 3 is restarting proftpd and checking it via "telnet localhost 23".

service proftpd restart

Firewall

Port 23 was blocked (except localhost) so I looked at the csf firewall controlled by the DirectAdmin GUI, at DirectAdmin / Admin / ConfigServer Security & Firewall ( CMD_PLUGINS_ADMIN/csf/index.html ).
I searched for 21 and added ",23" everywhere I saw it:

TCP_IN 
TCP_OUT
UDP_IN
UDP_OUT
TCP6_IN
TCP6_OUT
UDP6_IN
UDP6_OUT
MESSENGER_TEXT_IN

The UDP's and MESSENGER_TEXT_IN may not be needed ?


Change Port

Port 23 is actually the default telnet port. I guess whoever chose it knew there wouldn't be a telnetd listener on a DA server? And if they chose a 4-digit port there was a chance of a conflict. Or they pictured different firewall rules.

I decided to change 23 to an unused 4-digit port. So I edited:

/etc/proftpd.sftp.conf

and the firewall rules in DA and restarted proftpd.

 

[kitchin]

service proftpd restart

Typo of course. Can't edit posts.

 

[nobaloney]

I can. I just fixed it for you .

Jeff

 

[darkbear]

Could anyone collating the information for some1 like me is the newbie and want to change back from pureftpd -> proftp, thank you

 

[nobaloney]

It's been over a year since I had to do it, but I just looked at my post #5, above, again, and following the instruction in it worked for me. It should work for you as well.

Jeff

 

[zEitEr]

Jeff,

The user darkbear opened a separate thread here:

http://forum.directadmin.com/showthread.php?t=50621&p=260619

and it was already answered and seems now to be fully resolved.

 

[nobaloney]

Thanks, Alex. I didn't notice that until after I had replied to this thread.

@darkbear: in the future please do not double post.

This thread is now closed; if anyone needs to give or get more information on this subject, please open a new thread.

Jeff