from pure-ftpd to proftpd?

Status
Not open for further replies.

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
There are some threads on converting from proftpd to pure-ftpd, but I haven't found one yet on converting from pure-ftpd.

We have a client who cannot login to pure-ftp. His client attaches but never gets back anythijng at all, and eventually times out. Tried with multiple clients. Logs show the connection, then inactivity, then Logout (though he sees a timeout, not a logout.

Maybe he's in some kind of pure-ftpd specific blocklist, because when I temporarily turn off pure-ftpd and run proftpd, he logs in without a problem.

Do you know where such a list may be located? I can't find anything.

Easiest alternative is likely just using CustomBuild 2 to convert to proftpd, and as far as I can tell, it should be easy enough and just work.

So the purpose of this thread is to ask if anyone knows with certainty if it'll just work; if anyone has tried it and has had any experience with it.

Thanks.

Jeff
 

wattie

Verified User
Joined
May 31, 2008
Messages
1,038
Location
Bulgaria
I confirm that on my freebsd box it was very easy to switch from pureftp to proftp. The default installation of DA installed pureftpd on it but it got issues (something was wrong with the configs, service was not starting, etc). I then jumped on the fast solution - changed options.conf and rebuilt with proftpd - worked like a charm.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Thanks. did you just do
Code:
./build proftpd
or did you need to do anything else?

Jeff
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,507
You might (or might not) need to kill the pure-ftpd pid that is listening on port 21. I would suggest to change options.conf (set pureftpd to no and proftpd to yes) and then rebuild proftpd, then run:

Code:
netstat -pant
And you might get a result like this:

Code:
tcp        0      0 :::21                       :::*                        LISTEN      3746/pure-ftpd (SER
If soo, then you take the pid (in this case 3746) and kill it:

Code:
kill 3746
Then restart proftpd

Also, when I did this on CentOS with CB 2, I also deleted the following pureftpd files:

Code:
/etc/logrotate.d/pure-ftpd
/etc/rc.d/init.d/pure-ftpd
/etc/pureftpd.pdb
/etc/pure-ftpd.pem
/usr/share/man/man8/pure-ftpd.8
/usr/local/directadmin/custombuild/pure-ftpd_freebsd
/usr/local/directadmin/custombuild/pure-ftpd
/usr/local/directadmin/custombuild/pure-ftpd_debian
/usr/sbin/pure-ftpd
/var/lock/subsys/pure-ftpd
/var/run/pure-ftpd
/var/run/pure-ftpd.pid
/var/log/pureftpd.log
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Thanks, ditto.

Here's what I ended up doing:
Code:
# cd /etc/rc.d/rc3.d/
# ls -ald *ftp* --color=no
lrwxrwxrwx. 1 root root 17 Sep 19 23:08 K15proftpd -> ../init.d/proftpd
lrwxrwxrwx. 1 root root 19 Sep 19 23:08 S85pure-ftpd -> ../init.d/pure-ftpd
above shows that proftpd is set to not run, and that pure-ftpd is set to run.

Then I changed the options.conf file and afterwards:
Code:
# ./build proftpd
Then ran netstat:
Code:
# netstat -pant | grep ftp | grep -v grep
tcp        0      0 :::21                       :::*                        LISTEN      540/proftpd
showing proftpd is listening, and pure-ftpd is not.

Then to make sure which one would start at reboot:
Code:
# cd /etc/rc.d/rc3.d/
# ls -ald *ftp* --color=no
lrwxrwxrwx 1 root root 19 Nov  8 12:20 K15pure-ftpd -> ../init.d/pure-ftpd
lrwxrwxrwx 1 root root 17 Nov  8 12:20 S85proftpd -> ../init.d/proftpd
Then to see what was running now:
Code:
# ps waux | grep ftp | grep -v grep
ftp        540  0.0  0.0 146676  1804 ?        Ss   12:20   0:00 proftpd: (accepting connections)
I left it at that; I didn't remove anything.
My client is checking now.

Again, thanks.

Jeff
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,272
Location
Maastricht
Tried with multiple clients.
I wonder... was that visible in the log or checked by you?
The only client I ever experienced login problems with on pure-ftpd was Filezilla.
I don't know of any pure-ftpd specific blocklist, never heard of something like that.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Our log showed only the connection and then a logout. Nothing else. I don't remember what FTP client he was using but it wasn't Filezilla. I switched back to ProFTPd, and I've had no problems since.

Works for me.

Jeff
 

kitchin

Verified User
Joined
May 21, 2014
Messages
27
Excellent instructions, works great, here are my notes. Let me say up front I have two questions about ProFtpd SFTP also:

1. Does /usr/local/directadmin/data/templates/proftpd.vhosts.conf need to be empty ? See below.
2. Does the firewall need to allow UDP and MESSENGER_TEXT_IN ?

Code:
# find /usr/local/directadmin/ -name options.conf
/usr/local/directadmin/custombuild/options.conf
As a DirectAdmin newbie I need to know where these things are.

After "./build proftp" Jeff syas you want this so it will survive a reboot:

Code:
# cd /etc/rc.d/rc3.d/
# ls -ald *ftp* --color=no
lrwxrwxrwx 1 root root 19 Nov  8 12:20 K15pure-ftpd -> ../init.d/pure-ftpd
lrwxrwxrwx 1 root root 17 Nov  8 12:20 S85proftpd -> ../init.d/proftpd
Thanks for including that step. Mine indeed was not correct for some reason. Did I build before I edited options.conf ? Fix:
Code:
# mv S85pure-ftpd K15pure-ftpd
# mv K15proftpd S85proftpd
# ls -ald *ftp* --color=no
Code:
# ps waux | grep ftp | grep -v grep
Note, you will also see any active SFTP connections using the SSH port. That's the simple DA way of doing SFTP, for users with shell privileges.
Code:
root     10077  0.0  0.1   8228  1804 ?        Ss   07:42   0:00 /usr/libexec/openssh/sftp-server
ftp      31585  0.0  0.2  16580  3188 ?        SLs  09:11   0:00 proftpd: (accepting connections)
root     32648  0.0  0.1   8220  1724 ?        Ss   09:31   0:00 /usr/libexec/openssh/sftp-server

SFTP

Probably like other people reading this, I'm switching to ProFtp in order to get SFTP working for users without shell. So I'll include my notes on that. The module and instructions were first posted here on the forums in 2009 by Rootbsd and became this help article: http://help.directadmin.com/item.php?id=439

Before step 1 is this requirement:
This assumes you're using the newer unified_ftp_password_file setup for proftpd (you should have an empty proftpd.vhosts.conf file)
The detailed instructions for that are at http://www.directadmin.com/features.php?id=1134 but here's a quick check.
Code:
# cd /usr/local/directadmin
# grep -r --include=*.conf  unified_ftp .
./data/templates/directadmin.conf:unified_ftp_password_file=1
./conf/directadmin.conf:unified_ftp_password_file=1
So it's on, yet proftpd.vhosts.conf is not empty:
Code:
# find / -name  proftpd.vhosts.conf -ls
14550497    0 -rw-r--r--   1 root     root            0 May 19 05:34 /etc/proftpd.vhosts.conf
14681526    4 -rw-r--r--   1 diradmin diradmin      147 May 18 18:24 /usr/local/directadmin/data/templates/proftpd.vhosts.conf
One is empty, one is not. Is something bad going to happen next time I restart DirectAdmin or rebuild it? Don't know.

Next is "Step 1" in the help article: activate TJ Saunders's mod_sftp plugin for ProFtpd. Do that by wget'ting the config from files1.directadmin.com and building.

Step 2 is putting your IP in the config files.

Step 3 is restarting proftpd and checking it via "telnet localhost 23".
Code:
service proftpd restart

Firewall

Port 23 was blocked (except localhost) so I looked at the csf firewall controlled by the DirectAdmin GUI, at DirectAdmin / Admin / ConfigServer Security & Firewall ( CMD_PLUGINS_ADMIN/csf/index.html ).
I searched for 21 and added ",23" everywhere I saw it:

Code:
TCP_IN 
TCP_OUT
UDP_IN
UDP_OUT
TCP6_IN
TCP6_OUT
UDP6_IN
UDP6_OUT
MESSENGER_TEXT_IN
The UDP's and MESSENGER_TEXT_IN may not be needed ?


Change Port

Port 23 is actually the default telnet port. I guess whoever chose it knew there wouldn't be a telnetd listener on a DA server? And if they chose a 4-digit port there was a chance of a conflict. Or they pictured different firewall rules.

I decided to change 23 to an unused 4-digit port. So I edited:

Code:
/etc/proftpd.sftp.conf
and the firewall rules in DA and restarted proftpd.
 

darkbear

Verified User
Joined
Jan 31, 2013
Messages
45
Could anyone collating the information for some1 like me is the newbie and want to change back from pureftpd -> proftp, thank you
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
It's been over a year since I had to do it, but I just looked at my post #5, above, again, and following the instruction in it worked for me. It should work for you as well.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Thanks, Alex. I didn't notice that until after I had replied to this thread.

@darkbear: in the future please do not double post.

This thread is now closed; if anyone needs to give or get more information on this subject, please open a new thread.

Jeff
 
Status
Not open for further replies.
Top