naytsyrhc Posted September 30, 2014 Share Posted September 30, 2014 Hi there, just wanted to share some information about setting up proftpd as sftp server with froxlor users. I searched for this solution but couldn't find anything that suited my needs. So, what I wanted to achieve was the following: Using Froxlor FTP-Account management No SSH Access for FTP-Users Chroot for FTP-Users No FTP Protocol (to avoid Firewall-Config-Nightmares) No interference with standard ssh access The setup was quite easy/straight-forward: 1st edit /etc/proftpd/modules.conf and add following line: LoadModule mod_sftp.c 2nd edit /etc/proftpd/sql.conf and add following line: Include /etc/proftpd/sftp.conf 3rd create file /etc/proftpd/sftp.conf with following content: <IfModule mod_sftp.c> SFTPEngine on SFTPLog /var/log/proftpd/sftp.log SFTPHostKey /etc/ssh/ssh_host_dsa_key SFTPHostKey /etc/ssh/ssh_host_rsa_key </IfModule> 4th restart proftpd: service proftpd restart Now your users are able to login to SFTP using standard FTP Port 21 (and you only need to open that port in your firewall), SSH File Transfer Protocol and will only be able to write to the FTP-Directory (i.e. customers home). Hope this helps someone. Link to comment Share on other sites More sharing options...
0 BryDoll Posted February 20, 2015 Share Posted February 20, 2015 I think this is exactly what I was looking for. Thank you! Link to comment Share on other sites More sharing options...
0 zeeshan030 Posted April 10, 2015 Share Posted April 10, 2015 Secondly, I want to add the ability to "publish" DNS zones to an external server. For example... I have several Froxlor hosting servers each with their own DNS zones. I also have dedicated public DNS servers that will do the actual work. Froxlor would connect to these DNS servers and setup slave zones on them. Link to comment Share on other sites More sharing options...
0 apollox Posted November 12, 2015 Share Posted November 12, 2015 Hi, thanks for the config, exactly this I was searching for. But it do not work, I get only a "Protocol error" when I try to connect. Here is the log of the connection attempt: Nov 12 18:36:33 mod_sftp/0.9.8[28999]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey Nov 12 18:36:33 mod_sftp/0.9.8[28999]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey Nov 12 18:36:33 mod_sftp/0.9.8[28999]: error using DisplayLogin 'welcome.msg': No such file or directory Nov 12 18:36:33 mod_sftp/0.9.8[28999]: received client version 'SSH-2.0-WinSCP_release_5.7.6' Nov 12 18:36:33 mod_sftp/0.9.8[28999]: handling connection from SSH2 client 'WinSCP_release_5.7.6' Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session key exchange: diffie-hellman-group-exchange-sha256 Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session server hostkey: ssh-rsa Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session client-to-server encryption: aes256-ctr Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session server-to-client encryption: aes256-ctr Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session client-to-server MAC: hmac-sha1 Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session server-to-client MAC: hmac-sha1 Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session client-to-server compression: none Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session server-to-client compression: none Nov 12 18:36:36 mod_sftp/0.9.8[28999]: authentication request for user 'apollox' blocked by 'USER' handler Nov 12 18:36:36 mod_sftp/0.9.8[28999]: disconnecting (Protocol error) EDIT: Problem solved Link to comment Share on other sites More sharing options...
0 DavidCK Posted May 12, 2016 Share Posted May 12, 2016 Hi there, just wanted to share some information about setting up proftpd as sftp server with froxlor users. I searched for this solution but couldn't find anything that suited my needs. So, what I wanted to achieve was the following: Using Froxlor FTP-Account management No SSH Access for FTP-Users Chroot for FTP-Users No FTP Protocol (to avoid Firewall-Config-Nightmares) No interference with standard ssh access The setup was quite easy/straight-forward: 1st edit /etc/proftpd/modules.conf and add following line: LoadModule mod_sftp.c 2nd edit /etc/proftpd/sql.conf and add following line: Include /etc/proftpd/sftp.conf 3rd create file /etc/proftpd/sftp.conf with following content: <IfModule mod_sftp.c> SFTPEngine on SFTPLog /var/log/proftpd/sftp.log SFTPHostKey /etc/ssh/ssh_host_dsa_key SFTPHostKey /etc/ssh/ssh_host_rsa_key </IfModule> 4th restart proftpd: service proftpd restart Now your users are able to login to SFTP using standard FTP Port 21 (and you only need to open that port in your firewall), SSH File Transfer Protocol and will only be able to write to the FTP-Directory (i.e. customers home). Hope this helps someone. Hello Men, one question. This works with the port 21 or 22? regards, Link to comment Share on other sites More sharing options...
0 d00p Posted May 13, 2016 Share Posted May 13, 2016 Hello Men, one question. This works with the port 21 or 22? regards, First post, at the end: Now your users are able to login to SFTP using standard FTP Port 21 (and you only need to open that port in your firewall), SSH File Transfer Protocol and will only be able to write to the FTP-Directory (i.e. customers home). Link to comment Share on other sites More sharing options...
0 greatunknown Posted February 9, 2019 Share Posted February 9, 2019 The settings seem to work, but in FileZilla and WinSCP I get disconnections when transferring files. Is there a solution? Zitat Error: Network error: Software caused connection abort Error: File transfer failed Link to comment Share on other sites More sharing options...
0 d00p Posted February 9, 2019 Share Posted February 9, 2019 Take a look at the server logs to check what the problem is Link to comment Share on other sites More sharing options...
0 Shockdoc1 Posted June 2 Share Posted June 2 Am 12.11.2015 um 18:47 schrieb apollox: Hi, thanks for the config, exactly this I was searching for. But it do not work, I get only a "Protocol error" when I try to connect. Here is the log of the connection attempt: Nov 12 18:36:33 mod_sftp/0.9.8[28999]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey Nov 12 18:36:33 mod_sftp/0.9.8[28999]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey Nov 12 18:36:33 mod_sftp/0.9.8[28999]: error using DisplayLogin 'welcome.msg': No such file or directory Nov 12 18:36:33 mod_sftp/0.9.8[28999]: received client version 'SSH-2.0-WinSCP_release_5.7.6' Nov 12 18:36:33 mod_sftp/0.9.8[28999]: handling connection from SSH2 client 'WinSCP_release_5.7.6' Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session key exchange: diffie-hellman-group-exchange-sha256 Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session server hostkey: ssh-rsa Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session client-to-server encryption: aes256-ctr Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session server-to-client encryption: aes256-ctr Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session client-to-server MAC: hmac-sha1 Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session server-to-client MAC: hmac-sha1 Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session client-to-server compression: none Nov 12 18:36:33 mod_sftp/0.9.8[28999]: + Session server-to-client compression: none Nov 12 18:36:36 mod_sftp/0.9.8[28999]: authentication request for user 'apollox' blocked by 'USER' handler Nov 12 18:36:36 mod_sftp/0.9.8[28999]: disconnecting (Protocol error) EDIT: Problem solved How did you solve it? Having the same issue not being able to login via SFTP. Having the same error: authentication request for user 'xxx' blocked by 'USER' handler Link to comment Share on other sites More sharing options...
0 Shockdoc1 Posted June 2 Share Posted June 2 Got it working myself, TLS was running in parallel resulting in a conflict. Disabling TLS solved the issue #Include /etc/proftpd/tls.conf Link to comment Share on other sites More sharing options...
Question
naytsyrhc
Hi there,
just wanted to share some information about setting up proftpd as sftp server with froxlor users.
I searched for this solution but couldn't find anything that suited my needs.
So, what I wanted to achieve was the following:
The setup was quite easy/straight-forward:
1st edit /etc/proftpd/modules.conf and add following line:
2nd edit /etc/proftpd/sql.conf and add following line:
3rd create file /etc/proftpd/sftp.conf with following content:
4th restart proftpd:
Now your users are able to login to SFTP using standard FTP Port 21 (and you only need to open that port in your firewall), SSH File Transfer Protocol and will only be able to write to the FTP-Directory (i.e. customers home).
Hope this helps someone.
Link to comment
Share on other sites
9 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now