4

我刚刚在包含 Webmin 的测试 CentOS 网络服务器上安装了 ProFTPD。

安装 ProFTPD 后,我尝试通过 FTP 连接,但它不允许我连接。我尝试连接服务器上的 FileZilla 和终端。要连接,我尝试了服务器上的所有用户(root、admin、steven10172),并且所有用户都返回相同的错误“530 登录不正确”。

有人可以帮我解释为什么我无法通过 ftp 连接吗?

错误消息(启用 AuthPam):

May 23 02:03:34 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17201] 76.209.55.83: ProFTPD killed (signal 15)
May 23 02:03:34 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17201] 76.209.55.83: ProFTPD 1.3.3g standalone mode SHUTDOWN
May 23 02:03:36 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17261] 76.209.55.83: ProFTPD 1.3.3g (maint) (built Thu Nov 10 2011 16:20:58 UTC) standalone mode STARTUP
May 23 02:03:39 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17267] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): FTP session opened.
May 23 02:03:40 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17267] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): USER root (Login failed): Incorrect password.
May 23 02:03:42 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17267] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): FTP session closed.

错误消息(AuthPam 关闭):

May 23 02:02:21 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17201] 76.209.55.83: ProFTPD 1.3.3g (maint) (built Thu Nov 10 2011 16:20:58 UTC) standalone mode STARTUP
May 23 02:02:25 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17207] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): FTP session opened.
May 23 02:02:26 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17207] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): USER steven10172 (Login failed): No such user found.
May 23 02:02:29 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17207] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): FTP session closed.

/etc/proftpd.conf:

# This is the ProFTPD configuration file
#
# See: http://www.proftpd.org/docs/directives/linked/by-name.html

# Server Config - config used for anything outside a <VirtualHost> or <Global> context
# See: http://www.proftpd.org/docs/howto/Vhost.html

ServerName          "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
DefaultServer           on

# Cause every FTP user except adm to be chrooted into their home directory
# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
# work at session-end time (http://bugzilla.redhat.com/477120)
VRootEngine         on
DefaultRoot         ~ !adm
VRootAlias          /etc/security/pam_env.conf etc/security/pam_env.conf

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig           proftpd
AuthOrder           mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
#PersistentPasswd       off

# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS           off

# Set the user and group that the server runs as
User                nobody
Group               nobody

# To prevent DoS attacks, set the maximum number of child processes
# to 20.  If you need to allow more than 20 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode; in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances            20

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile         off

# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

# Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details
#
# General database support (http://www.proftpd.org/docs/contrib/mod_sql.html)
#   LoadModule mod_sql.c
#
# Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables
# (contrib/mod_sql_passwd.html)
#   LoadModule mod_sql_passwd.c
#
# Mysql support (requires proftpd-mysql package)
# (http://www.proftpd.org/docs/contrib/mod_sql.html)
#   LoadModule mod_sql_mysql.c
#
# Postgresql support (requires proftpd-postgresql package)
# (http://www.proftpd.org/docs/contrib/mod_sql.html)
#   LoadModule mod_sql_postgres.c
#
# Quota support (http://www.proftpd.org/docs/contrib/mod_quotatab.html)
#   LoadModule mod_quotatab.c
#
# File-specific "driver" for storing quota table information in files
# (http://www.proftpd.org/docs/contrib/mod_quotatab_file.html)
#   LoadModule mod_quotatab_file.c
#
# SQL database "driver" for storing quota table information in SQL tables
# (http://www.proftpd.org/docs/contrib/mod_quotatab_sql.html)
#   LoadModule mod_quotatab_sql.c
#
# LDAP support (requires proftpd-ldap package)
# (http://www.proftpd.org/docs/directives/linked/config_ref_mod_ldap.html)
#   LoadModule mod_ldap.c
#
# LDAP quota support (requires proftpd-ldap package)
# (http://www.proftpd.org/docs/contrib/mod_quotatab_ldap.html)
#   LoadModule mod_quotatab_ldap.c
#
# Support for authenticating users using the RADIUS protocol
# (http://www.proftpd.org/docs/contrib/mod_radius.html)
#   LoadModule mod_radius.c
#
# Retrieve quota limit table information from a RADIUS server
# (http://www.proftpd.org/docs/contrib/mod_quotatab_radius.html)
#   LoadModule mod_quotatab_radius.c
#
# Administrative control actions for the ftpdctl program
# (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html)
#   LoadModule mod_ctrls_admin.c
#
# Execute external programs or scripts at various points in the process
# of handling FTP commands
# (http://www.castaglia.org/proftpd/modules/mod_exec.html)
#   LoadModule mod_exec.c
#
# Support for POSIX ACLs
# (http://www.proftpd.org/docs/modules/mod_facl.html)
#   LoadModule mod_facl.c
#
# Support for using the GeoIP library to look up geographical information on
# the connecting client and using that to set access controls for the server
# (http://www.castaglia.org/proftpd/modules/mod_geoip.html)
#   LoadModule mod_geoip.c
#
# Configure server availability based on system load
# (http://www.proftpd.org/docs/contrib/mod_load.html)
#   LoadModule mod_load.c
#
# Limit downloads to a multiple of upload volume (see README.ratio)
#   LoadModule mod_ratio.c
#
# Rewrite FTP commands sent by clients on-the-fly,
# using regular expression matching and substitution 
# (http://www.proftpd.org/docs/contrib/mod_rewrite.html)
#   LoadModule mod_rewrite.c
#
# Support for the SSH2, SFTP, and SCP protocols, for secure file transfer over
# an SSH2 connection (http://www.castaglia.org/proftpd/modules/mod_sftp.html)
#   LoadModule mod_sftp.c
#
# Use PAM to provide a 'keyboard-interactive' SSH2 authentication method for
# mod_sftp (http://www.castaglia.org/proftpd/modules/mod_sftp_pam.html)
#   LoadModule mod_sftp_pam.c
#
# Use SQL (via mod_sql) for looking up authorized SSH2 public keys for user
# and host based authentication
# (http://www.castaglia.org/proftpd/modules/mod_sftp_sql.html)
#   LoadModule mod_sftp_sql.c
#
# Provide data transfer rate "shaping" across the entire server
# (http://www.castaglia.org/proftpd/modules/mod_shaper.html)
#   LoadModule mod_shaper.c
#
# Support for miscellaneous SITE commands such as SITE MKDIR, SITE SYMLINK,
# and SITE UTIME (http://www.proftpd.org/docs/contrib/mod_site_misc.html)
#   LoadModule mod_site_misc.c
#
# Provide an external SSL session cache using shared memory
# (contrib/mod_tls_shmcache.html)
#   LoadModule mod_tls_shmcache.c
#
# Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny
# files, for IP-based access control
# (http://www.proftpd.org/docs/contrib/mod_wrap.html)
#   LoadModule mod_wrap.c
#
# Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny
# files, as well as SQL-based access rules, for IP-based access control
# (http://www.proftpd.org/docs/contrib/mod_wrap2.html)
#   LoadModule mod_wrap2.c
#
# Support module for mod_wrap2 that handles access rules stored in specially
# formatted files on disk
# (http://www.proftpd.org/docs/contrib/mod_wrap2_file.html)
#   LoadModule mod_wrap2_file.c
#
# Support module for mod_wrap2 that handles access rules stored in SQL
# database tables (http://www.proftpd.org/docs/contrib/mod_wrap2_sql.html)
#   LoadModule mod_wrap2_sql.c
#
# Provide a flexible way of specifying that certain configuration directives
# only apply to certain sessions, based on credentials such as connection
# class, user, or group membership
# (http://www.proftpd.org/docs/contrib/mod_ifsession.html)
#   LoadModule mod_ifsession.c

# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html)
<IfDefine TLS>
  TLSEngine         on
  TLSRequired           on
  TLSRSACertificateFile     /etc/pki/tls/certs/proftpd.pem
  TLSRSACertificateKeyFile  /etc/pki/tls/certs/proftpd.pem
  TLSCipherSuite        ALL:!ADH:!DES
  TLSOptions            NoCertRequest
  TLSVerifyClient       off
  #TLSRenegotiate       ctrl 3600 data 512000 required off timeout 300
  TLSLog            /var/log/proftpd/tls.log
  <IfModule mod_tls_shmcache.c>
    TLSSessionCache     shm:/file=/var/run/proftpd/sesscache
  </IfModule>
</IfDefine>

# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
  LoadModule            mod_ban.c
  BanEngine         on
  BanLog            /var/log/proftpd/ban.log
  BanTable          /var/run/proftpd/ban.tab

  # If the same client reaches the MaxLoginAttempts limit 2 times
  # within 10 minutes, automatically add a ban for that client that
  # will expire after one hour.
  BanOnEvent            MaxLoginAttempts 2/00:10:00 01:00:00

  # Allow the FTP admin to manually add/remove bans
  BanControlsACLs       all allow user ftpadm
</IfDefine>

# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>

  # Umask 022 is a good standard umask to prevent new dirs and files
  # from being group and world writable
  Umask             022

  # Allow users to overwrite files and change permissions
AllowOverwrite on
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
RootLogin on
UseFtpUsers off
AuthAliasOnly off
RequireValidShell off

</Global>
SystemLog /var/log/proftpd/errors.log

# A basic anonymous configuration, with an upload directory
# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
<IfDefine ANONYMOUS_FTP>
  <Anonymous ~ftp>
    User            ftp
    Group           ftp
    AccessGrantMsg      "Anonymous login ok, restrictions apply."

    # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias           anonymous ftp

    # Limit the maximum number of anonymous logins
    MaxClients          10 "Sorry, max %m users -- try again later"

    # Put the user into /pub right after login
    #DefaultChdir       /pub

    # We want 'welcome.msg' displayed at login, '.message' displayed in
    # each newly chdired directory and tell users to read README* files. 
    DisplayLogin        /welcome.msg
    DisplayChdir        .message
    DisplayReadme       README*

    # Cosmetic option to make all files appear to be owned by user "ftp"
    DirFakeUser         on ftp
    DirFakeGroup        on ftp

    # Limit WRITE everywhere in the anonymous chroot
    <Limit WRITE SITE_CHMOD>
      DenyAll
    </Limit>

    # An upload directory that allows storing files but not retrieving
    # or creating directories.
    <Directory uploads/*>
      AllowOverwrite        no
      <Limit READ>
        DenyAll
      </Limit>

      <Limit STOR>
        AllowAll
      </Limit>
    </Directory>

    # Don't write anonymous accesses to the system wtmp file (good idea!)
    WtmpLog         off

    # Logging for the anonymous transfers
    ExtendedLog         /var/log/proftpd/access.log WRITE,READ default
    ExtendedLog         /var/log/proftpd/auth.log AUTH auth

  </Anonymous>
</IfDefine>
4

4 回答 4

1

似乎该用户未包含在 proftpd 用户列表中。它是 proftd 最新版本的默认安全程序。

要手动启用它,

  • 在 webmin 默认页面的“服务器状态”部分(单击“webmin”获取此页面),单击“ProFTPD FTP 服务器”。这将打开 Proftpd 模块。

  • 在“全局配置部分”中,单击“编辑配置文件”

  • 在编辑器中找到该行umask 22

  • 使用 webmin 用户名添加以下行。这将允许 webmin 用户使用 ftp 和 sftp

    umask 22 AllowOverwrite yes <Limit ALL SITE_CHMOD> DenyAll AllowUser webminuser1 webminuser2 </Limit>

保存文件并重新启动proftpd。

**

或者

**

使用默认 webmin 配置为用户启用 proftpd:删除并全新安装 proftpd。

yum install proftpd

并启动服务,service proftpd start

通过 telnet 检查您的 ftp 连接。telnet <ipaddress> 21

如果 telnet 连接,进入 webmin 菜单,webmin->webmin 配置->webmin 模块

在 Install from 部分,在 www.webmin.com 的 Standard 模块上,选择 proftpd 模块(您可以尝试在框中输入,但最好单击地球图标以选择 proftpd)

选择 Proftpd 后,选中忽略依赖项选项,并选中授予所有 Webmin 用户的访问权限,然后单击安装模块按钮重新启动系统以使更改生效。

尝试使用用户名和密码连接 ftpclient。它应该工作!

于 2019-08-22T19:34:33.853 回答
0

webmin中,转到您的ProFTPD模块并查找 的图标/选项Denied FTP Users。从该列表中删除您希望访问 FTP 服务器的所有用户。一个地方我遇到了麻烦。

于 2012-06-04T06:02:51.503 回答
0

在大多数 ftp 客户端中,默认启用 FTP Passive 连接选项,因此只需取消选择它然后尝试连接。

于 2014-04-16T16:23:52.393 回答
-1

虽然这仅对您指定的一两个用户名有帮助,​​但root 帐户通常被禁止访问 FTP

... 不使用 ftp 或拥有太多权限而无法通过 FTP 服务器守护进程登录的用户列表。此类用户通常包括 root、daemon、bin、uucp 和 news。

于 2014-10-06T19:00:18.400 回答