CentOS의 Webmin에서 설정 한 ProFTPD에 로그인 할 수 없습니다.

Question

Webmin이 포함 된 테스트 CentOS 웹 서버에 ProFTPD를 설치했습니다.

ProFTPD를 설치 한 후 FTP를 통해 연결하려고했으나 허용하지 않았습니다. FileZilla 및 서버의 터미널에 연결하려고했습니다. 연결하려면 서버 (root, admin, steven10172)의 모든 사용자를 시도했으며 모두 "530 로그인이 잘못되었습니다."라는 동일한 오류를 반환합니다.

누군가 내가 ftp를 통해 연결할 수없는 이유에 대해 도움을 줄 수 있습니까 ?? (AuthPam에 포함)

오류 메시지 : (AuthPam 오프 포함)

May 23 02:03:34 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17201] 76.209.55.83: ProFTPD killed (signal 15) 
May 23 02:03:34 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17201] 76.209.55.83: ProFTPD 1.3.3g standalone mode SHUTDOWN 
May 23 02:03:36 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17261] 76.209.55.83: ProFTPD 1.3.3g (maint) (built Thu Nov 10 2011 16:20:58 UTC) standalone mode STARTUP 
May 23 02:03:39 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17267] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): FTP session opened. 
May 23 02:03:40 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17267] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): USER root (Login failed): Incorrect password. 
May 23 02:03:42 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17267] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): FTP session closed. 

오류 메시지 :

May 23 02:02:21 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17201] 76.209.55.83: ProFTPD 1.3.3g (maint) (built Thu Nov 10 2011 16:20:58 UTC) standalone mode STARTUP 
May 23 02:02:25 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17207] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): FTP session opened. 
May 23 02:02:26 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17207] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): USER steven10172 (Login failed): No such user found. 
May 23 02:02:29 adsl-76-209-55-83.dsl.emhril.sbcglobal.net proftpd[17207] 76.209.55.83 (::ffff:12.172.237.130[::ffff:12.172.237.130]): FTP session closed. 

/etc/proftpd.conf :

# This is the ProFTPD configuration file 
# 
# See: http://www.proftpd.org/docs/directives/linked/by-name.html 

# Server Config - config used for anything outside a <VirtualHost> or <Global> context 
# See: http://www.proftpd.org/docs/howto/Vhost.html 

ServerName   "ProFTPD server" 
ServerIdent   on "FTP Server ready." 
ServerAdmin   root@localhost 
DefaultServer   on 

# Cause every FTP user except adm to be chrooted into their home directory 
# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to 
# work at session-end time (http://bugzilla.redhat.com/477120) 
VRootEngine   on 
DefaultRoot   ~ !adm 
VRootAlias   /etc/security/pam_env.conf etc/security/pam_env.conf 

# Use pam to authenticate (default) and be authoritative 
AuthPAMConfig   proftpd 
AuthOrder   mod_auth_pam.c* mod_auth_unix.c 
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd 
#PersistentPasswd  off 

# Don't do reverse DNS lookups (hangs on DNS problems) 
UseReverseDNS   off 

# Set the user and group that the server runs as 
User    nobody 
Group    nobody 

# To prevent DoS attacks, set the maximum number of child processes 
# to 20. If you need to allow more than 20 concurrent connections 
# at once, simply increase this value. Note that this ONLY works 
# in standalone mode; in inetd mode you should use an inetd server 
# that allows you to limit maximum number of processes per service 
# (such as xinetd) 
MaxInstances   20 

# Disable sendfile by default since it breaks displaying the download speeds in 
# ftptop and ftpwho 
UseSendfile   off 

# Define the log formats 
LogFormat default "%h %l %u %t \"%r\" %s %b" 
LogFormat auth "%v [%P] %h %t \"%r\" %s" 

# Dynamic Shared Object (DSO) loading 
# See README.DSO and howto/DSO.html for more details 
# 
# General database support (http://www.proftpd.org/docs/contrib/mod_sql.html) 
# LoadModule mod_sql.c 
# 
# Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables 
# (contrib/mod_sql_passwd.html) 
# LoadModule mod_sql_passwd.c 
# 
# Mysql support (requires proftpd-mysql package) 
# (http://www.proftpd.org/docs/contrib/mod_sql.html) 
# LoadModule mod_sql_mysql.c 
# 
# Postgresql support (requires proftpd-postgresql package) 
# (http://www.proftpd.org/docs/contrib/mod_sql.html) 
# LoadModule mod_sql_postgres.c 
# 
# Quota support (http://www.proftpd.org/docs/contrib/mod_quotatab.html) 
# LoadModule mod_quotatab.c 
# 
# File-specific "driver" for storing quota table information in files 
# (http://www.proftpd.org/docs/contrib/mod_quotatab_file.html) 
# LoadModule mod_quotatab_file.c 
# 
# SQL database "driver" for storing quota table information in SQL tables 
# (http://www.proftpd.org/docs/contrib/mod_quotatab_sql.html) 
# LoadModule mod_quotatab_sql.c 
# 
# LDAP support (requires proftpd-ldap package) 
# (http://www.proftpd.org/docs/directives/linked/config_ref_mod_ldap.html) 
# LoadModule mod_ldap.c 
# 
# LDAP quota support (requires proftpd-ldap package) 
# (http://www.proftpd.org/docs/contrib/mod_quotatab_ldap.html) 
# LoadModule mod_quotatab_ldap.c 
# 
# Support for authenticating users using the RADIUS protocol 
# (http://www.proftpd.org/docs/contrib/mod_radius.html) 
# LoadModule mod_radius.c 
# 
# Retrieve quota limit table information from a RADIUS server 
# (http://www.proftpd.org/docs/contrib/mod_quotatab_radius.html) 
# LoadModule mod_quotatab_radius.c 
# 
# Administrative control actions for the ftpdctl program 
# (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html) 
# LoadModule mod_ctrls_admin.c 
# 
# Execute external programs or scripts at various points in the process 
# of handling FTP commands 
# (http://www.castaglia.org/proftpd/modules/mod_exec.html) 
# LoadModule mod_exec.c 
# 
# Support for POSIX ACLs 
# (http://www.proftpd.org/docs/modules/mod_facl.html) 
# LoadModule mod_facl.c 
# 
# Support for using the GeoIP library to look up geographical information on 
# the connecting client and using that to set access controls for the server 
# (http://www.castaglia.org/proftpd/modules/mod_geoip.html) 
# LoadModule mod_geoip.c 
# 
# Configure server availability based on system load 
# (http://www.proftpd.org/docs/contrib/mod_load.html) 
# LoadModule mod_load.c 
# 
# Limit downloads to a multiple of upload volume (see README.ratio) 
# LoadModule mod_ratio.c 
# 
# Rewrite FTP commands sent by clients on-the-fly, 
# using regular expression matching and substitution 
# (http://www.proftpd.org/docs/contrib/mod_rewrite.html) 
# LoadModule mod_rewrite.c 
# 
# Support for the SSH2, SFTP, and SCP protocols, for secure file transfer over 
# an SSH2 connection (http://www.castaglia.org/proftpd/modules/mod_sftp.html) 
# LoadModule mod_sftp.c 
# 
# Use PAM to provide a 'keyboard-interactive' SSH2 authentication method for 
# mod_sftp (http://www.castaglia.org/proftpd/modules/mod_sftp_pam.html) 
# LoadModule mod_sftp_pam.c 
# 
# Use SQL (via mod_sql) for looking up authorized SSH2 public keys for user 
# and host based authentication 
# (http://www.castaglia.org/proftpd/modules/mod_sftp_sql.html) 
# LoadModule mod_sftp_sql.c 
# 
# Provide data transfer rate "shaping" across the entire server 
# (http://www.castaglia.org/proftpd/modules/mod_shaper.html) 
# LoadModule mod_shaper.c 
# 
# Support for miscellaneous SITE commands such as SITE MKDIR, SITE SYMLINK, 
# and SITE UTIME (http://www.proftpd.org/docs/contrib/mod_site_misc.html) 
# LoadModule mod_site_misc.c 
# 
# Provide an external SSL session cache using shared memory 
# (contrib/mod_tls_shmcache.html) 
# LoadModule mod_tls_shmcache.c 
# 
# Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny 
# files, for IP-based access control 
# (http://www.proftpd.org/docs/contrib/mod_wrap.html) 
# LoadModule mod_wrap.c 
# 
# Use the /etc/hosts.allow and /etc/hosts.deny files, or other allow/deny 
# files, as well as SQL-based access rules, for IP-based access control 
# (http://www.proftpd.org/docs/contrib/mod_wrap2.html) 
# LoadModule mod_wrap2.c 
# 
# Support module for mod_wrap2 that handles access rules stored in specially 
# formatted files on disk 
# (http://www.proftpd.org/docs/contrib/mod_wrap2_file.html) 
# LoadModule mod_wrap2_file.c 
# 
# Support module for mod_wrap2 that handles access rules stored in SQL 
# database tables (http://www.proftpd.org/docs/contrib/mod_wrap2_sql.html) 
# LoadModule mod_wrap2_sql.c 
# 
# Provide a flexible way of specifying that certain configuration directives 
# only apply to certain sessions, based on credentials such as connection 
# class, user, or group membership 
# (http://www.proftpd.org/docs/contrib/mod_ifsession.html) 
# LoadModule mod_ifsession.c 

# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html) 
<IfDefine TLS> 
    TLSEngine   on 
    TLSRequired   on 
    TLSRSACertificateFile  /etc/pki/tls/certs/proftpd.pem 
    TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem 
    TLSCipherSuite  ALL:!ADH:!DES 
    TLSOptions   NoCertRequest 
    TLSVerifyClient  off 
    #TLSRenegotiate  ctrl 3600 data 512000 required off timeout 300 
    TLSLog   /var/log/proftpd/tls.log 
    <IfModule mod_tls_shmcache.c> 
    TLSSessionCache  shm:/file=/var/run/proftpd/sesscache 
    </IfModule> 
</IfDefine> 

# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html) 
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd 
<IfDefine DYNAMIC_BAN_LISTS> 
    LoadModule   mod_ban.c 
    BanEngine   on 
    BanLog   /var/log/proftpd/ban.log 
    BanTable   /var/run/proftpd/ban.tab 

    # If the same client reaches the MaxLoginAttempts limit 2 times 
    # within 10 minutes, automatically add a ban for that client that 
    # will expire after one hour. 
    BanOnEvent   MaxLoginAttempts 2/00:10:00 01:00:00 

    # Allow the FTP admin to manually add/remove bans 
    BanControlsACLs  all allow user ftpadm 
</IfDefine> 

# Global Config - config common to Server Config and all virtual hosts 
# See: http://www.proftpd.org/docs/howto/Vhost.html 
<Global> 

    # Umask 022 is a good standard umask to prevent new dirs and files 
    # from being group and world writable 
    Umask    022 

    # Allow users to overwrite files and change permissions 
AllowOverwrite on 
    <Limit ALL SITE_CHMOD> 
    AllowAll 
    </Limit> 
RootLogin on 
UseFtpUsers off 
AuthAliasOnly off 
RequireValidShell off 

</Global> 
SystemLog /var/log/proftpd/errors.log 

# A basic anonymous configuration, with an upload directory 
# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd 
<IfDefine ANONYMOUS_FTP> 
    <Anonymous ~ftp> 
    User   ftp 
    Group   ftp 
    AccessGrantMsg  "Anonymous login ok, restrictions apply." 

    # We want clients to be able to login with "anonymous" as well as "ftp" 
    UserAlias   anonymous ftp 

    # Limit the maximum number of anonymous logins 
    MaxClients   10 "Sorry, max %m users -- try again later" 

    # Put the user into /pub right after login 
    #DefaultChdir  /pub 

    # We want 'welcome.msg' displayed at login, '.message' displayed in 
    # each newly chdired directory and tell users to read README* files. 
    DisplayLogin  /welcome.msg 
    DisplayChdir  .message 
    DisplayReadme  README* 

    # Cosmetic option to make all files appear to be owned by user "ftp" 
    DirFakeUser   on ftp 
    DirFakeGroup  on ftp 

    # Limit WRITE everywhere in the anonymous chroot 
    <Limit WRITE SITE_CHMOD> 
     DenyAll 
    </Limit> 

    # An upload directory that allows storing files but not retrieving 
    # or creating directories. 
    <Directory uploads/*> 
     AllowOverwrite  no 
     <Limit READ> 
     DenyAll 
     </Limit> 

     <Limit STOR> 
     AllowAll 
     </Limit> 
    </Directory> 

    # Don't write anonymous accesses to the system wtmp file (good idea!) 
    WtmpLog   off 

    # Logging for the anonymous transfers 
    ExtendedLog   /var/log/proftpd/access.log WRITE,READ default 
    ExtendedLog   /var/log/proftpd/auth.log AUTH auth 

    </Anonymous> 
</IfDefine> 

Answer 1

webmin을에서 ProFTPD 모듈로 이동하여 Denied FTP Users 아이콘/옵션을 찾으십시오. FTP 서버에 액세스하려는 사용자를 해당 목록에서 제거하십시오. 내가 문제를 일으킨 한 곳.

Answer 2

대부분의 ftp 클라이언트에서 FTP Passive 연결 옵션을 사용하도록 설정 했으므로 선택을 해제하고 연결을 시도하십시오.

Answer 3

이것은 사용자 이름 중 하나 또는 두 개만 지정하면 도움이됩니다 (root accounts are generally barred from FTP access).

... 하나가 FTP를 사용하여 어떤 사업을하거나 너무 많은 권한이 FTP 서버 데몬을 통해 로그인 할 수 할 수있는 사용자의 목록을 표시합니다. 이러한 사용자는 보통 root, daemon, bin, uucp, 및 뉴스를 포함합니다.