I'm running a ProFTP 1.3.3 server on a CentOS 5.5.What has come to my mind in terms of security is to have the server disabling / deactivating account that enters the wrong password, lets say three times.Using MaxLoginAttempts only limits the possible retries on a open connection.
View 2 RepliesI am running CentOS release 5.5 (Final) with PROFTP installed.
I am able to connect to the ftp server from local, but when I try it from dream weaver CS5 it can't connect to the server. I ran a port scan and 21 seems to be open:
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
[Code]....
I have been using proftp for about 8 months. After getting the configuration right, it worked perfectly. It is only used intermittently, so I don't know for sure when the problems started, but I suspect it was triggered by a recent OS upgrade to Ubuntu 10.04 (64 bit). I have proftp set up so that TLS is required on both the data and control channels. The problem is that, after successful login, the server seems to be terminating the session because the client (FileZilla) is attempting to renegotiate something (probably the TLS). The client settings didn't change, nor did the server settings.
I have tried switching off the TLSRequired flag, and am then able to establish a non-secure FTP session which works (but that does not meet my requirements). I wondered whether the OS upgrade had somehow invalidated my TLS certificates, but the symptoms don't seem consistent with that cause. The TLS part of my proftpd.conf file is:
[Code]...
I have a real system user say 'test', created in a number of system groups, up to 3 additional groups (including ftp of course). Its set to the usual standard directory /home/test. But what if I wanted to use /home/test as their home directory but login to what would be unknown to them to be ProFTP to make them go in say [URL] or something random like that, how is this done? Just been through things like this:
Quote:
<VirtualHost 192.168.0.255>
ServerName "ftp.mydomain.com"
ServerAdmin "me@localhost"
[code]....
But nothing seems to work.
How to Nat. I wanted to be able to resolve something like
ftp.myfirstdomain.com to 192.168.0.2
Then ftp.mysecond.com to 192.168.0.3
Just as a random example, I know these cannot be done using name based virtual hosts like in Apache. But I got this working internally using my LAN connection and the 2 IP addresses above, with Bind DNS pointing the dns's to those 2 ip addresses respectively. This worked, yet when I tried connecting from my work place to transfer some files, it kept going to the default user's home directory. Just wanted to get this project finished, 2 domains and one public facing IP address.
have setup proftpd via gadmin, all is well and is activated.This is where im being stupid - what setting do i use in my ftp prog (filezilla)??
host: ive put my ip address (77.xx.xxx.xx)
user name and password
However, i have a number of computers on my network, obviously when i try to ftp into my server how does it know which one to connect to? or is this not required.i need to get this working within the next few hours, or ill be in do-dos.
I want to filter and block failed attempt to access my proftp server. Here are few line from the /var/log/secure file:Quote:
Jan 2 18:38:25 server1 proftpd[17847]: server1.XYZ.com (93.218.93.95[93.218.93.95]) - Maximum login attempts (3) exceeded
Jan 2 18:38:27 server1 proftpd[17864]: server1.XYZ.com (93.218.93.95[93.218.93.95]) -
[code]....
just started using Debian today and I would like to know how can I disable the user acount password, I am the only user on this computer so I would like it to boot strait into my account.
View 3 Replies View RelatedI am using Red Hat LDAP (version 3) and I have passwordLockout set as "on" at global level. Is there a way to disable account lockout for a specific user?
View 1 Replies View RelatedIs there a non-root shell command that can tell me if a user's account is disabled or not? note that there is a fine distinction between LOCKING and DISABLED:
LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd file. On Linux systems that shadow the passwords, this marker flag may be placed in /etc/shadow instead of /etc/passwd. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.
The effect of locking to to prevent the login process from using a supplied password to hash correctly against the saved hash (by virtue of the fact that the pre-pended marker character(s) are not valid output character(s) for the hash, thus no possible input can ever be used to generate a hash that would match it). The effect of disabling is to prevent any process from using an account because the expiration date of the account has already passed.For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. We already know how to disable and enable the account - it requires root access and the use of chage, as shown above.To repeat my question: is there a shell command which can be run without root privileges which can output the status of this account expiration info for a given user? this is intended for use on a Red Hat Enterprise 5.4 system.The output is being returned to a java process which can then parse the output as needed, or make use of the return code.
how do you configure proftp to log MAC address on LAN, not just IP?
View 4 Replies View RelatedI have tried, to set this up, but failed what kind of ftp would you guys recomend, as i have been having slight problems over recent days, with unknowns logging onto my annon ftp server, delt with mind.
I am thinking about a proper login even for the annon account, fairly easy to setup.
I have a few friends that have seen me bypass firewalls with a socks proxy (SSH). I explained on how it works and how secure it is for browsing the Internet and checking your email in public places. I had at least 6 asked me if I could set up an account on my server for them and they would pay me! Now what I wanted to know was how I can set this up in a server and website where they can register an account and pay me through PayPal! I don't need help setting up the site! Just on how to set up the server to automate this. What tools are needed (ex. ISPConfig, jailkit.... stuff like that?) I don't mind doing this manually but if I get more people that would like this I don't really want to do every single one.
View 1 Replies View RelatedCould it be the IMAP file is corrupt?I have set up mail server on Centos to receive via dovecot.One of my user accounts (A single account out of a hundred)cannot receive their mails.
View 3 Replies View RelatedI setup proftp and apache on debian linux. I can go to [URL] and see the it works page but do not know where to beginn with proftp. how do I check to see if the ftp works.
View 8 Replies View RelatedI am using Debian 4 with proftp 1.3.1 The log file shows lots of successful logins from localhost. I never accessed ftp from localhost. Is this normal to happen?
Code:
Feb 14 11:27:22 mymachine proftpd[2453] mymachine.mydomain.com (localhost.localdomain[127.0.0.1]): USER ftpuser: Login successful.
Feb 14 14:27:22 mymachine proftpd[2453] mymachine.mydomain.com (localhost.localdomain[127.0.0.1]): Preparing to chroot to directory '/home/comunicacao/portal'
[code]....
I wanted to use symlinks, in my annon ftp dir. I was running vsftp, but everyone says it can't be done. So I have changed to proftpd. I link to the annon ftp server on my website. I get the dir listing, with symlinks, but try to follow them I get error 550, it don't exist. I have read [URL], but after following the advice here. I get the same error. I have not tried the mount bind option, as I want symlinks or hard links either will do.
View 3 Replies View RelatedI need to add a aditional user account for monitoring web over nagios.
View 2 Replies View RelatedI'm running Debian Testing and am confounded by a new problem.mysql -u root -p works great.mysql -u mythtv -p doesn't. This is a first for me.I did the usual as mysql root: mysql> create user 'mythtv'@'127.0.0.1' identified by 'mythtv';Query OK, 0 rows affected (0.01 sec)
mysql> grant all on *.* to 'mythtv'@'127.0.0.1';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
[code]....
I installed proftpd once before, but i had removed it due to some errors I removed all folder and files linked to proftp, probley not the best thing to do How ever I'm trying to reinstall it againbut it doesn't seem to be installing every thing. My webmin did have it on the server rigth hand panel but now doesn't show How do I install all files needed again
[Code]....
I got Fedora 10 and I installed a proftpd server it works in local network but not from outside. Actually I can see it checks for user and pass but when it has to list the user dir it freeze. The server is behind a router. I am using passive ports 60000-60100 and I forwarded all connections to and from 21 to 60000-60100 onto internal (192.168.0.109) IP address.
[Code]...
I need a good GUI interface for my mail account. Like we use gmail, yahoo, rediff. Is their any free GUI interface.
View 3 Replies View Relatedi cant login into my account.earlier im able to login but now i cant.it error
Error connecting to IMAP server: localhost.
111 : Connection refused
I've successfully joined my 8.04 LTS samba file server to the windows domain. I've read many tutorials like [URL].I used krb5 and winbind and not modern likewise-open. I had successfully got the ticket for the user under whom I was able to join to AD. I'm able to get domain controller information with net ads info. But I can't login to that server through ssh (I'm using Putty at windows XP) with any ADuser credentials. I've tried
windomainADuser
ADuser@windomain
ADuser
I only get user@10.0.0.10'password prompt and access denied.
We have one ftp server. Number of users are using it remotly. My requirement is that suppose any user is not connecting to the server using FTP for 15 days then account should get expired/locked automatically. Is it possible?
View 5 Replies View RelatedI have just installed Centos 5, and created two user account in it. how can i set it up that it will automaticaly boot to one of the user acount upon bootup?
View 2 Replies View RelatedI have a hostname with dyndns and I was wondering if there where a way to make a mail server that works for all my user accounts with the hostname that dyndns gives for free.
View 3 Replies View RelatedI configured LDAP. But added a user mistakenly, how can I delete that user account from LDAP. How to create home directory for LDAP users.......
View 1 Replies View RelatedStartx by non-root user account in red hat linux kernel 2.6. How can I use the command "startx" by other user account such as "oracle"? I cannot startx by user account oracle?
Code:
[oracle@localhost ~]$ startx
Fatal server error:
PAM authentication failed, cannot start X server.
Perhaps you do not have console ownership?
Please consult the The X.Org Foundation support at [URL] for help.
[1]+ Stopped startx
[oracle@localhost ~]$
I have RHEL 5 installed on my PC.After lots of efforts i manage to put it into a domain(by configuring kerbose,winbind and smb).I can see all domaind groups (wbinfo -u/-g).Whenever i tried to login into this machine using domain login, for a first time it create folder in /home/DOMAIN/ and then displays "system sdministrator has disabled your Account"
View 1 Replies View Related