Ubuntu :: Secure Ftp - 530 Non-anonymous Sessions Must Use Encryption
Feb 11, 2010
I have configured vsftpd on Ubuntu 9.04 and it is working fine. I have configured non-anonymous ftp so that only few of us can acces that ftp. Now I want to secure it using ssl. so I have changed the vsftpd.conf file and entered the following lines in it.
I'm having problems establishing secure sessions with my bank's online banking service provider. I've already contacted their local tech and together we were unable to solve the problem. I've tried deleting my cookies, session store, cache, and none of it worked. He's currently forwarding our conversation to the service provider's tech support line, but who knows what will come of it. Or even if they will offer support for an iceweasel user. I'm using Iceweasel 3.6.4~build2-1 out of the experimental repo.
I'm able to login successfully to online banking site to view my list of accounts, however if I try going any further than that, I'm redirected to an error message page that tells me a security error has occurred - the online session has expired. I get this on browser profiles 1, 2, and 3, however I do not get the error message on profile '0' (default) or on newly created profiles. And as mentioned earlier, I've tried deleting all persistent data (cookies, session, cache) on a non-working profile and the problem still exists. Let me know if I can provide any more information.
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I've managed to set up a ftp server with gadmin-proftpd, i need to access the "Downloads" folder from the "Home Folder" but it won't allow me, I've set up the login fine, I just can't get it to show the directory.
Status: Connecting to Status: Connection established, waiting for welcome message... Response: 220 My FTP Server Command: USER rLLZORS
In my house I have a small computer running ubuntu karmic that works as a server/media center.
I would like to have a folder (my ~/public folder) openly available to the entire world via anonymous ftp.
I have read somewhere that the defauld vsftpd config is basically this: no local user login, anon only and sharing a folder called /home/ftp, but I can't get this to work.
Hope you can help me out. I'm trying to setup a "drop-box" on ubuntu 9.10 server with vsftpd. I'm able to login and land in the /home/user directory, however I cannot write anything.
how to add files (and where) for anonymous download. I installed vsftpd and configure /etc/vsftpd.conf file...just few common options like allowing anonymous,download,upload. And now i can login with anonymous. But i dont know what to do next, i want to try to download and upload files.
I set up an FTP server with two separate directories. One of them is mine, and the other one is shared (for anonymous ftp). The layout is like this.
/home/hallvor <---- this is my ftp directory where I keep my private files. I am the only user. /home/ftp <---- this is the shared ftp directory with anonymous login.
Whenever I transfer files from my ftp directory to the public /home/ftp, I would like to: prevent anonymous users from deleting files in /home/ftp or uploading their own files to that directory (read only) What permissions must I set? I think this is all a bit confusing. I tried to chmod /home/ftp to 644 and change ownership to root, but that made it impossible to even log on anonymously.
Running Debian 5. I have a small server that needs to provide anonymous ftp service (download only) to the folks in my dept (we have a firewall that will keep outsiders out, so I'm not worried about outside folks getting to the files). The question is: which anonymous ftp server should I install? Something that can be installed via "apt-get install xyzzy", where I can edit the /etc/xyzzy.conf file to point to the /home/ftp directory, and start/stop it with /etc/init.d/xyzzy start|stop|restart command.
vsftpd is working fine in my network with anonymous user but i need to access that from out-side all the setting is done on the router. I am getting page to access ftp form out-side but only for ftp users not anonymous user how i will give permeation to access ftp to anonymous user ?
Does RHEL install using FTP support username/password without the GUI? I need to secure my RHEL network FTP hosted from Windows 2k3r2 Weird problem happened... maybe my code is wrong in default.cfg:
I'm trying to use Nautilus's connect to server to connect to an ftp server, but I'm having a problem. The username on the ftp server is "anonymous", but it requires a password. When Nautilus sees "anonymous" as the username it assumes it's dealing with a public ftp server and doesn't prompt for a password, and then, of course, I fail to connect.
I've tried modifying the .gtk-bookmarks file to account for this, but this leads to another problem. The password opens with a / and for whatever reason, this leads to Nautilus popping up an error: "Could not connect to ftp://anonymous:0/[rest of password]@[server]". It's adding a "0" to the beginning of my password for some reason. Is there any way to fix this without changing the password?
Does anyone know how to make an anonymous email service like Dodgeit,com? Basically where users can go thru a web login to check any mailbox name they want at yourdomain.com.
I know you can do it thru Postfix, what other setup is needed? Any easy way of going about this?
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
I have a text based game installed on a Linux server, and I would like to allow logins on that server via SSH, but with restrictions.The login should go directly to the game which reads keyboard input from stdin. If the game quits the user should be immediately disconnected from the server. Alternately, if the user logs in there should only be one command available to the user, the game.I have thought about using a web based interface to the game, but there is something about playing the game in a terminal that just feels right.Please don't reply with "this is a bad idea..." or its variants because that is an easy out. I just want to know if anyone knows of a solution.
obviously it's at least difficult but I'm interested in knowing if it's theoretically possible to allow anonymous users of vsftpd to upload to the same directory that anon_root is set to. If it's not then it's no big deal, I'm just trying to get a sense of the range of possibilities.
i'm using ftp server with RHEL-5.1 now i wish to an anonymous user can create and upload some file on my ftp server... for this i configure the entries in /etc/vsftpd/vsftpd.conf
anonymous_enable=YES # Uncomment this to allow local users to log in. local_enable=YES
Fresh Slack 13.0 64bit with default proftpd installation allows to log-in the anononymous user only. All the shell users (having valid shell in /etc/passwd) are rejected.
I just want to configure Vsftpd to allow users to have total access to the FTP server. The server and users are all on a private LAN behind a router with no access from the Net, so I don't need any security. The following basic configuration doesn't allow uploading files after I log on as anonymous/whatever:
Here's what happens when I log on as anonymous/whatever and try to upload a file: > ftp server Connected to server. 220 (vsFTPd 2.0.5) Name (server:root): anonymous 331 Please specify the password. Password:<whatever> 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
ftp> ls -al 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. drwxr-xr-x 3 0 0 4096 Mar 13 11:19 . drwxr-xr-x 3 0 0 4096 Mar 13 11:19 .. drwxr-xr-x 2 0 0 4096 May 25 2010 pub 226 Directory send OK.
ftp> put /var/tmp/ftp local: /var/tmp/ftp remote: /var/tmp/ftp 200 PORT command successful. Consider using PASV. 553 Could not create file.
This is on Centos 5.3 by the way..... I had a DVD and, well, just wanted to test some things.. I'm aware that this is not the latest release.
And, by the way (I just read an earlier post) I've added the username and password with which I'm trying to login (..hello?).
I'm at work and I don't have a copy of my Vsftpd configuration file (don't wanna edit this whole thing - actually there is a copy, below). I've used Slackware for years and never had any issues with Vsftpd - it just works. I am trying Centos because I need help with upgrading my mail server (qmail) and there's not much help for Slackware users. Also, I used to run RHEL3 and had vsftpd working fine (had to copy some file to /etc/pam.d) but it worked famously. I compiled all my web server stuff (just don't like these default things where I have no idea how things are integrated) and I'm hung up on - of all things - vsftpd.
Anyway....When I try to log into my ftp server I get "KERBEROS_V4 rejected as an authentication type" and only the anonymous account works. Any other logins produce an error (incorrect login - see ya' later). I have SE Linux and the firewall OFF. I don't recall the directive, precisely, but my vsftpd.conf file is set allow local users to connect. I installed with yum and it added some lines at the bottom (one was about a user list and the other was about PAM). I've got a chroot list and a user list although it's not clear to me precisely where the user list should be placed. I actually uninstalled the RPM and compiled, too. I've done everything but call an exorcist. And I've found tons of posts regarding this on the net and none of the fixes worked. Man - on slackware you type "make" and "make install" (I build it with tcp_wrappers) and you're off to the races.
Actually - I did upload the vsftpd.conf file to work (where I'm at, now). Minus lines that were commented out it looks like this:
Could it, possibly, be something about how I am adding the user, the shell type, etc? I know that in Redhat I used to type "/usr/sbin/useradd -d /home/someuser joe". I've done it that way and I've also done it like so: "useradd -d /home/schmoe -s /bin/bash schmoe".
I have a test server (2.6.18-194.el5) that allows automated tools from Windows 7/Windows Server 2008 to access the filesystem (anonymous NFS access) via Samba (3.5.4-0.70.el5_6.1). Documentation on the smbusers file on samba.org seems a little thin.
* why is it necessary map unix users to samba users?
* what purpose does this mapping serve?
* does the umask of the unix user limit the samba user it is mapped to when creating files/directories? what about anonomous access?
* why are files created via anonymous access owned by 'nobody'?
* how can I control what user and permissions files/directories are created with?
I just opened an (unmanaged) VPS account and and have been encountering nothing but problems with trying to get Apache up and running (its something I've done many times before).Basically the inital error was with LDAP not having enough space, so I disabled the related extensions and Apache still would not run. Looking at the log, it contains: (28)No space left on device: Unable to create scoreboard (anonymous shared memory failure)
I am attempting to configure vsftpd to allow anonymous users to PUT files into a shared incoming directory. This would be like a dropbox for my customers. Ideally, the incoming directory's contents would not be viewable by the users.
I believe that refused connection is due to the PAM configuration for vsftpd.
May 4 08:03:16 WSVM-S1-1 sshd[1512]: Invalid user anonymous from xxx.xxx.xxx.xxx May 4 08:03:16 WSVM-S1-1 sshd[1513]: input_userauth_request: invalid user anonymous May 4 08:03:16 WSVM-S1-1 sshd[1512]: pam_unix(sshd:auth): check pass; user unknown
I'm trying adjust my proftpd server's settings, that anonymous users could download what they need smoothly.
A small problem made me so bemused:
In the configuration file of proftpd, I place the following setting section in the <anonymous> section,
Code:
After restarting the proftpd server and applying the configuration, I try downloading a file in IE browser. Sometimes, it prompts a saveas dialog, and everything was okay.
However, it occasionally prompts a login form instead of a SaveAs dialog. This makes our customers confused greatly.
So, how could I prevent browser from prompting login form when anonymous users try to download files from our ftp server?
