我正在尝试使用 Proftpd 配置 SFTP。我已经使用 Unix 用户成功配置了 SFTP,但现在我想使用虚拟用户,因为我将有大量用户需要添加/删除。 我希望用户使用用户名/密码登录。
为此,我首先遵循教程 Using SFTP with ProFTPd然后尝试了其他的。
这是 SFTP 服务器的配置:
Include /etc/proftpd/modules.conf
ServerName "Nom du FTP"
ServerType standalone
DefaultServer on
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
RequireValidShell off
# Set the user and group under which the server will run.
User proftpd
Group nogroup
SFTPEngine on
Port 2222
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/sftp-xferlog
# Host Keys
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
# Auth methods
SFTPAuthMethods password
AuthUserFile /etc/proftpd/sftp.passwd
AuthGroupFile /etc/proftpd/sftp.group
# SFTP specific configuration
DefaultRoot ~
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
我使用命令 ftpasswd --hash 生成了密码。
但是,当我尝试使用 FileZilla 进行连接时,我收到了消息:
Authentification failed
Critical error
Can't establish a connection to the server
当我查看 proftpd 的日志时:
2014-09-08 15:13:53,636 mod_sftp/0.9.9[6343]: error using DisplayLogin 'welcome.msg': No such file or directory
2014-09-08 15:13:53,637 mod_sftp/0.9.9[6343]: sent server version 'SSH-2.0-mod_sftp/0.9.9'
2014-09-08 15:13:53,704 mod_sftp/0.9.9[6343]: received client version 'SSH-2.0-PuTTY_Local:_Jun__1_2014_11:08:49'
2014-09-08 15:13:53,704 mod_sftp/0.9.9[6343]: handling connection from SSH2 client 'PuTTY_Local:_Jun__1_2014_11:08$
2014-09-08 15:13:53,711 mod_sftp/0.9.9[6343]: + Session key exchange: diffie-hellman-group-exchange-sha256
2014-09-08 15:13:53,711 mod_sftp/0.9.9[6343]: + Session server hostkey: ssh-rsa
2014-09-08 15:13:53,711 mod_sftp/0.9.9[6343]: + Session client-to-server encryption: aes256-ctr
2014-09-08 15:13:53,711 mod_sftp/0.9.9[6343]: + Session server-to-client encryption: aes256-ctr
2014-09-08 15:13:53,711 mod_sftp/0.9.9[6343]: + Session client-to-server MAC: hmac-sha2-256
2014-09-08 15:13:53,711 mod_sftp/0.9.9[6343]: + Session server-to-client MAC: hmac-sha2-256
2014-09-08 15:13:53,711 mod_sftp/0.9.9[6343]: + Session client-to-server compression: none
2014-09-08 15:13:53,711 mod_sftp/0.9.9[6343]: + Session server-to-client compression: none
2014-09-08 15:13:54,142 mod_sftp/0.9.9[6343]: sending acceptable userauth methods: password
2014-09-08 15:13:56,764 mod_sftp/0.9.9[6343]: sending userauth failure; remaining userauth methods: password
2014-09-08 15:13:56,764 mod_sftp/0.9.9[6343]: client sent SSH_MSG_IGNORE message (160 bytes)
2014-09-08 15:13:56,832 mod_sftp/0.9.9[6343]: error reading from client (fd 0): Connection reset by peer
2014-09-08 15:13:56,832 mod_sftp/0.9.9[6343]: disconnecting client (Connection reset by peer)
我不明白为什么它不起作用。 如果我只是删除这些行:
AuthUserFile /etc/proftpd/sftp.passwd
AuthGroupFile /etc/proftpd/sftp.group
该连接与 Unix 用户完美配合。 我忘记了什么吗?
我正在使用 Ubuntu 服务器 14.04。
最佳答案
如果您在 proftpd.conf 中使用以下内容会发生什么:
# Tell proftpd to only use the AuthUserFile/AuthGroupFile
AuthOrder mod_auth_file.c
此外,从您的 proftpd.conf 中删除它:
SFTPAuthMethods password
mod_sftp 模块自动发现它可以为客户端提供哪些授权方法。具体来说,'keyboard-interactive' auth 方法通常是客户希望在 'password' 上使用的东西,'keyboard-interactive' 也可以使用您配置的 AuthUserFile。
希望这对您有所帮助!
关于ubuntu - Proftpd - 带虚拟用户的 SFTP,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25885820/