PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : kein FTP-Access



Newbie2001
21.03.02, 17:46
Hallo!
Ich habe vor kurzem einen FTP-Server aufgesetzt (ProFTPD) wenn ich nun jedoch ftp://rechnername oder ftp://ip eingebe dann erhalte ich folgende Meldung: The FTP-Session was terminated. Was bedeutet das ?
Hier meine proftpd.conf:

# This is a basic ProFTPD configuration file. It establishes a single
# server and a single anonymous login. It assumes that you have a
# user/group "nobody"/"nogroup" for normal operation and anon.

# !!! PLEASE read the documentation of proftpd !!!
#
# You can find the documentation in /usr/doc/packages/proftpd/,
# http://www.proftpd.org/ and don't forget to read carefully
# and _follow_ hints on http://www.proftpd.net/security.html.

ServerName "Net-Automation ftp-server"
#ServerType inetd

ServerType standalone
ServerAdmin webmaster@net-automation.de
#
# uncomment, if you want to hide the servers name:
#
ServerIdent on "FTP Server ready"
DeferWelcome on

# Enable PAM for authentication...
#
AuthPAM on

# Setting this directive to on will cause authentication to fail
# if PAM authentication fails. The default setting, off, allows
# other modules and directives such as AuthUserFile and friends
# to authenticate users.
#
AuthPAMAuthoritative off

# This directive allows you to specify the PAM service name used
# in authentication (default is "proftpd" on SuSE Linux).
# You have to setup the service in the /etc/pam.d/<other_name>.
#
AuthPAMConfig proftpd

# Port 21 is the standard FTP port.
Port 21

# disable listen on 0.0.0.0:21 - the port (and IP) should
# be specified explicitly in each VirtualHost definition
#
#Port 0

# listen for each (additional) address explicitly that is
# specified (via Bind and Port) in a VirtualHost definition
#
#SocketBindTight on


# Umask 022 is a good standard umask to prevent new dirs
# and files from being group and world writable.
Umask 022

# Set the user and group that the server normally runs at.
User wwwrun
Group nogroup

# Normally, we want files to be overwriteable.
<Directory /httpd>
AllowOverwrite on
HiddenStor off
GroupOwner nogroup
UserOwner wwwrun
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores on
HideNoAccess on
#HideNoAccess on
</Directory>

# protect .ftpaccess and similar - see also PathDenyFilter

# It is a very good idea to allow only filenames containing normal
# alphanumeric characters for uploads (and not shell code...);
# see also the PathDenyFilter option
PathAllowFilter ".*/[a-zA-Z0-9~ \*\/,_.-]+$"
AllowForeignAddress on
AllowRetrieveRestart on
AllowStoreRestart on
<Anonymous /httpd/pub>
User ftp
Group public
</Anonymous>
DeleteAbortedStores on
HiddenStor off
LoginPasswordPrompt on
AccessDenyMsg "You failed to login"
AccessGrantMsg "You succeeded to login"
AllowOverwrite on
Classes off
RootLogin on
AnonymousGroup ""nogroup, public""
AuthAliasOnly off

# Do not allow to pass printf-Formats (see also AllowFilter option):
<VirtualHost 192.168.100.1>
ServerName "Intranet"
AllowForeignAddress on
AllowRetrieveRestart on
AllowStoreRestart on
DeferWelcome on
DefaultServer on
<Directory /httpd>
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores on
HideNoAccess on
AllowOverwrite on
GroupOwner nogroup
UserOwner wwwrun
</Directory>
RootLogin on
</VirtualHost>

Wo muss ich das Problem suchen ?
Danke für eure Antworten

DerLipper[TuX]
21.03.02, 18:52
1. gib mal in der konsole ftp deinrechnername ein. wenn das geht läuft der proftpd.

2. wenn nicht: telnet deinrechnername 21 -> bei erfolgreichem login läuft der ftp-server

3. hast du ne fw laufen? falls ja, mal gesperrte ports prüfen.

Newbie2001
21.03.02, 20:32
nunja, ich kann mich nun zwar mit dem FTP-Server verbinden, allerdings kann ich mich weder mit Username und Passwort noch als Anonymous einloggen.
inzwischen konnte ich in der Logfile folgende Zeile als Grund für dieses Verhalten ausfindig machen:

Mar 21 19:57:15 webserver proftpd[8183]: webserver.local (192.168.100.2[192.168.100.2]) - FTP session opened.
Mar 21 19:57:15 webserver proftpd[8183]: webserver.local (192.168.100.2[192.168.100.2]) - USER root: user is not a UserAlias from 192.168.100.2 [192.168.100.2] to 192.168.100.1:21
Mar 21 19:57:15 webserver proftpd[8183]: webserver.local (192.168.100.2[192.168.100.2]) - FTP session closed.
Mar 21 19:57:16 webserver proftpd[8184]: webserver.local (192.168.100.2[192.168.100.2]) - FTP session opened.
Mar 21 19:57:16 webserver proftpd[8184]: webserver.local (192.168.100.2[192.168.100.2]) - USER root: user is not a UserAlias from 192.168.100.2 [192.168.100.2] to 192.168.100.1:21
Mar 21 19:57:16 webserver proftpd[8184]: webserver.local (192.168.100.2[192.168.100.2]) - FTP session closed.
Mar 21 19:57:17 webserver proftpd[8185]: webserver.local (192.168.100.2[192.168.100.2]) - FTP session opened.
Mar 21 19:57:17 webserver proftpd[8185]: webserver.local (192.168.100.2[192.168.100.2]) - USER root: user is not a UserAlias from 192.168.100.2 [192.168.100.2] to 192.168.100.1:21
Mar 21 19:57:17 webserver proftpd[8185]: webserver.local (192.168.100.2[192.168.100.2]) - FTP session closed.

Kann jemand damit etwas anfangen ? Mir sagt dieser Eintrag nämlich gar nichts.

DerLipper[TuX]
21.03.02, 21:41
ja by default kann man sich per se niemals als root in einen ftp einloggen.

schau mal in /etc/ftpusers rein. Da sind alle user gelistet, die sich nicht auf den ftp connecten dürfen!

Ciao,
Marko

Newbie2001
21.03.02, 22:20
ich hab den kompletten Inhalt der /etc/ftpusers schon gelöscht bringt trotzdem nix. Meine aktuelle proftpd.conf sieht folgendermaßen aus. Ausserdem wundert es mich, dass ich ich nichtmal mit Anonymous connecten kann.

# This is a basic ProFTPD configuration file. It establishes a single
# server and a single anonymous login. It assumes that you have a
# user/group "nobody"/"nogroup" for normal operation and anon.

# !!! PLEASE read the documentation of proftpd !!!
#
# You can find the documentation in /usr/doc/packages/proftpd/,
# http://www.proftpd.org/ and don't forget to read carefully
# and _follow_ hints on http://www.proftpd.net/security.html.

ServerName "Net-Automation ftp-server"
#ServerType inetd

ServerType standalone
ServerAdmin webmaster@net-automation.de
#
# uncomment, if you want to hide the servers name:
#
ServerIdent on "FTP Server ready"
DeferWelcome on

# Enable PAM for authentication...
#
AuthPAM on

# Setting this directive to on will cause authentication to fail
# if PAM authentication fails. The default setting, off, allows
# other modules and directives such as AuthUserFile and friends
# to authenticate users.
#
AuthPAMAuthoritative off

# This directive allows you to specify the PAM service name used
# in authentication (default is "proftpd" on SuSE Linux).
# You have to setup the service in the /etc/pam.d/<other_name>.
#
AuthPAMConfig proftpd

# Port 21 is the standard FTP port.
Port 21

# disable listen on 0.0.0.0:21 - the port (and IP) should
# be specified explicitly in each VirtualHost definition
#
#Port 0

# listen for each (additional) address explicitly that is
# specified (via Bind and Port) in a VirtualHost definition
#
#SocketBindTight on


# Umask 022 is a good standard umask to prevent new dirs
# and files from being group and world writable.
Umask 022

# Set the user and group that the server normally runs at.
User wwwrun
Group nogroup

# Normally, we want files to be overwriteable.
<Directory /httpd>
AllowOverwrite on
GroupOwner nogroup
UserOwner wwwrun
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores on
HideNoAccess on
#HideNoAccess on
</Directory>

# protect .ftpaccess and similar - see also PathDenyFilter

# It is a very good idea to allow only filenames containing normal
# alphanumeric characters for uploads (and not shell code...);
# see also the PathDenyFilter option
PathAllowFilter ".*/[a-zA-Z0-9~ \*\/,_.-]+$"
AllowRetrieveRestart on
AllowStoreRestart on
<Anonymous /httpd/pub>
User ftp
Group public
</Anonymous>
LoginPasswordPrompt on
AccessDenyMsg "You failed to login"
AccessGrantMsg "You succeeded to login"
AllowOverwrite on
RootLogin on
AuthAliasOnly off

# Do not allow to pass printf-Formats (see also AllowFilter option):
<VirtualHost 192.168.100.1>
ServerName "192.168.100.1"
AllowRetrieveRestart on
AllowStoreRestart on
DeferWelcome on
DefaultServer on
<Directory /httpd>
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores on
AllowOverwrite on
GroupOwner nogroup
UserOwner wwwrun
HiddenStor off
HideNoAccess off
</Directory>
RootLogin on
AuthAliasOnly on
RequireValidShell off
UseFtpUsers off
LoginPasswordPrompt on
AllowOverwrite on
Group root
User root
<Anonymous /httpd/pub>
User ftp
Group public
RootLogin on
AnonRequirePassword off
AuthAliasOnly off
AuthUsingAlias off
UseFtpUsers off
LoginPasswordPrompt off
AllowOverwrite off
DeleteAbortedStores on
HiddenStor off
HideNoAccess off
ShowSymlinks on
DirFakeGroup off
AllowRetrieveRestart on
AllowStoreRestart on
</Anonymous>
</VirtualHost>

Und wie gehts etz weiter ?

face
22.03.02, 16:49
hab genau das selbe problem :-((((((

Newbie2001
22.03.02, 21:31
ok habe das problem jetzt slebst gelöst.