Forum Debian Users Gang

ukasz · 2008-06-16 01:11:04

Witam

od jakiegos czasu mam duzy problem z proftpd. jesli jest wlaczone szyfrowanie to zrywa polaczenie. nie wiem co jest tego powodem. wersja testing debiana i zawsze najnowsze pakiety.

moze znacie rownie bogatego w funkcje ftpa ktory korzysta z kont systemowych i ma dzialajace szyfrowanie ?

proftpd.log

Kod:

Jun 15 20:44:08 serwer proftpd[31888] ukasz.net.pl (xxxxxx]): FTP session opened.
Jun 15 20:44:18 serwer proftpd[31888] ukasz.net.pl (xxxxxx]): USER xxxx: Login successful.
Jun 15 20:44:18 serwer proftpd[31888] ukasz.net.pl (xxxxxx]): Preparing to chroot to directory '/home/priv'
Jun 15 20:44:21 serwer proftpd[31888] ukasz.net.pl (xxxxxx]): mod_tls/2.1.2: unexpected OpenSSL error, disconnecting
Jun 15 20:44:21 serwer proftpd[31888] ukasz.net.pl (xxxxxx]): mod_tls/2.1.2: SSL_shutdown error [1]: (unknown)
Jun 15 20:44:21 serwer proftpd[31888] ukasz.net.pl (xxxxxx]): FTP session closed.
Jun 15 20:44:21 serwer proftpd[31890] ukasz.net.pl (xxxxxx]): FTP session opened.
Jun 15 20:44:21 serwer proftpd[31890] ukasz.net.pl (xxxxxx]): USER xxxx: Login successful.
Jun 15 20:44:21 serwer proftpd[31890] ukasz.net.pl (xxxxxx]): Preparing to chroot to directory '/home/priv'
Jun 15 20:44:23 serwer proftpd[31890] ukasz.net.pl (xxxxxx]): mod_tls/2.1.2: unexpected OpenSSL error, disconnecting
Jun 15 20:44:23 serwer proftpd[31890] ukasz.net.pl (xxxxxx]): mod_tls/2.1.2: SSL_shutdown error [1]: (unknown)
Jun 15 20:44:23 serwer proftpd[31890] ukasz.net.pl (xxxxxx]): FTP session closed.

tls.log

Kod:

May 06 23:39:30 mod_tls/2.1.2[17643]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
May 06 23:39:30 mod_tls/2.1.2[17643]: TLS/TLS-C requested, starting TLS handshake
May 06 23:39:30 mod_tls/2.1.2[17643]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits)
May 06 23:39:30 mod_tls/2.1.2[17643]: Protection set to Private
May 06 23:39:30 mod_tls/2.1.2[17643]: starting TLS negotiation on data connection
May 06 23:39:31 mod_tls/2.1.2[17643]: TLSv1/SSLv3 data connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits)
May 06 23:39:31 mod_tls/2.1.2[17643]: panic: SSL_ERROR_SYSCALL, line 3006: Broken pipe
May 06 23:39:31 mod_tls/2.1.2[17643]: unexpected OpenSSL error, disconnecting
May 06 23:39:31 mod_tls/2.1.2[17643]: SSL_shutdown error [1]:

proftpd.conf

Kod:

Include /etc/proftpd/modules.conf

TLSProtocol                             SSLv23

<global>
ListOptions             "-lALh"
ServerIdent                     off
DeferWelcome                    on
allowretrieverestart            on
allowstorerestart               on
AllowOverwrite                  on
RequireValidShell               off
PassivePorts                    4500 4900
TimeoutNoTransfer               360
TimeoutStalled                  360
TimeoutIdle                     360
TimeoutLogin                    20
ShowSymlinks                    on
UseSendFile                     on
Umask                           022  022
AllowForeignAddress             off
MaxLoginAttempts                3
identlookups                    off
TLSTimeoutHandshake                     20
TLSOptions                              NoCertRequest
TLSVerifyClient                         off
TLSRenegotiate                          required no
TLSEngine                               on
TLSRSACertificateFile                   /root/server.crt
TLSRSACertificateKeyFile                /root/server.key

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteLog /var/log/proftpd/rewrite.log

    # Define a map that uses the internal "replaceall" function
    RewriteMap replace int:replaceall

    # We only want to use this rule on STOR commands
    RewriteCondition %m STOR

    # Apply the map to the command parameters
    RewriteRule ^(.*) "${replace:/$1/ /_}"

  </IfModule>

</global>

UseIPv6                         no
ServerType                      standalone
MultilineRFC2228                on
DefaultServer                   on
usereversedns                   off
ScoreboardFile                  /var/run/proftpd/proftpd.scoreboard
DenyFilter                              \*.*/
maxclientsperhost               1
maxclientsperuser               1
maxhostsperuser                 1
MaxInstances                    30
User                                    proftpd
Group                                   nogroup

#TransferLog    /var/log/proftpd/xferlog
SystemLog       /var/log/proftpd/proftpd.log
#TLSLog         /var/log/proftpd/tls.log

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress             1.2.3.4


<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>



###########   HOSTING   ###################

<virtualhost ukasz.net.pl>
TransferLog                     /var/log/proftpd/hosting/xfer.log
#ServerLog                      /var/log/proftpd/hosting/proftpd.log
TLSLog                          /var/log/proftpd/hosting/tls.log
TLSRequired                     off

#AuthOrder                      mod_sql.c
#SQLBackend                     mysql
#SQLEngine                      on
#SQLAuthenticate                on
#SQLAuthTypes                   Crypt Plaintext
#SQLConnectInfo                 hosting@ukasz.net.pl hosting obiwan
#SQLUserInfo                    ftpuser userid passwd uid gid homedir shell
#SQLGroupInfo                   ftpgroup groupname gid members
#SQLLogFile                     /var/log/proftpd/proftpd.sql

Authpam                         on
AuthpamConfig                   hosting
port                            21
DefaultRoot                     ~

<Directory />
        HideFiles               welcome.msg|^\..*|fuckoff.msg
        HideNoAccess            on
    <Limit ALL>
        IgnoreHidden            on
    </Limit>
</Directory>
</virtualhost>

###############  UKASZ  ######################

<virtualhost ukasz.net.pl>
TransferLog                     /var/log/proftpd/priv/xfer.log
#ServerLog                      /var/log/proftpd/priv/proftpd.log
TLSLog                          /var/log/proftpd/priv/tls.log
TLSRequired                     on

DefaultChdir                    /home
Authpam                         on
AuthPamConfig                   proftpd
port                            5418
defaultroot                     /home/priv

<Directory />
    HideFiles welcome.msg|^\..*|quota.user|quota.group|fuckoff.msg
        HideNoAccess            on
    <Limit ALL>
        IgnoreHidden            on
    </Limit>
</Directory>

</virtualhost>

Ostatnio edytowany przez ukasz (2008-08-23 20:17:13)

adam05 · 2008-06-19 09:39:54

Skompiluj proftpd z obsługą mod_tls/2.1.2

P.S Sprawdź czy w ogóle masz ten mod.

Pozdrawiam

Ostatnio edytowany przez adam05 (2008-06-19 09:40:44)

ukasz · 2008-08-21 16:14:06

mod mam. uzywam teraz wersji 1.3.1-13 i dziala wszystko jak nalezy.

Forum Debian Users Gang

Ogłoszenie

#1 2008-06-16 01:11:04

ukasz - Użytkownik

[SOLVED] proftpd i szyfrowanie. zrywa polaczenie

Kod:

Kod:

Kod:

#2 2008-06-19 09:39:54

adam05 - Adamin

Re: [SOLVED] proftpd i szyfrowanie. zrywa polaczenie

#3 2008-08-21 16:14:06

ukasz - Użytkownik

Re: [SOLVED] proftpd i szyfrowanie. zrywa polaczenie

Stopka forum