Ftp

登錄成功後有時 ProFTPD 會話立即關閉

  • January 21, 2016

我正在使用的版本:

ProFTPD Version: 1.3.3c (maint)
 Scoreboard Version: 01040003
 Built: Wed Dec 1 2010 16:41:40 ICT

Loaded modules:
 mod_cap/1.0
 mod_ldap/2.8.22
 mod_auth_pam/1.1
 mod_ident/1.0
 mod_facts/0.1
 mod_delay/0.6
 mod_site.c
 mod_log.c
 mod_ls.c
 mod_auth.c
 mod_auth_file/0.8.3
 mod_auth_unix.c
 mod_xfer.c
 mod_core.c

我的proftpd.conf

# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName          "ProFTPD Default Installation"
ServerType          standalone
DefaultServer           on

# Port 21 is the standard FTP port.
Port                21

# Don't use IPv6 support by default.
UseIPv6             off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask               002

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances            30

# Set the user and group under which the server will run.
User                nobody
Group               nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite      on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
 DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
 User              ftp
 Group             ftp

 # We want clients to be able to login with "anonymous" as well as "ftp"
 UserAlias         anonymous ftp

 # Limit the maximum number of anonymous logins
 MaxClients            10

 # We want 'welcome.msg' displayed at login, and '.message' displayed
 # in each newly chdired directory.
 DisplayLogin          welcome.msg
 DisplayChdir          .message

 # Limit WRITE everywhere in the anonymous chroot
 <Limit WRITE>
   DenyAll
 </Limit>
</Anonymous>


# ProFTPd LDAP Module
<IfModule mod_ldap.c>
   AuthOrder       mod_ldap.c
   LDAPServer      ldap.domain.com
   LDAPAttr        uid cn
#   LDAPAttr        uidNumber cn
#   LDAPAttr        gidNumber cn
   LDAPDNInfo      cn=anonymous,ou=it,dc=domain,dc=com xxx
   LDAPDoAuth      on ou=it,dc=domain,dc=com (cn=%u)
   RequireValidShell off
   #LDAPDoUIDLookups on ou=it,dc=domain,dc=com (cn=%u)
   LDAPDefaultUID  99
   LDAPDefaultGID  99
   LDAPAuthBinds   on
   #LDAPDoGIDLookups        off
   LDAPDefaultAuthScheme   clear
   PersistentPasswd        off
   LDAPGenerateHomedir     on  0755
   CreateHome              on  0755
   LDAPGenerateHomedirPrefix /home/proftpd
   LDAPForceGeneratedHomedir on
   DefaultRoot     ~
</IfModule>

<IfModule mod_delay.c>
   DelayEngine off
</IfModule>

# Define the log formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

連接成功時的調試資訊:

Preparing to chroot to directory '/home/proftpd/quanta'
Environment successfully chroot()ed
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER quanta: Login successful.
dispatching PRE_CMD command 'PWD' to mod_core
dispatching PRE_CMD command 'PWD' to mod_core
dispatching CMD command 'PWD' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching LOG_CMD command 'PWD' to mod_log
dispatching PRE_CMD command 'TYPE I' to mod_core
dispatching PRE_CMD command 'TYPE I' to mod_core
dispatching CMD command 'TYPE I' to mod_xfer
dispatching LOG_CMD command 'TYPE I' to mod_log
dispatching PRE_CMD command 'PASV' to mod_core
dispatching PRE_CMD command 'PASV' to mod_core
dispatching CMD command 'PASV' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
Entering Passive Mode (192,168,3,204,136,35).
dispatching LOG_CMD command 'PASV' to mod_log
dispatching PRE_CMD command 'MLSD' to mod_core
dispatching PRE_CMD command 'MLSD' to mod_core
dispatching CMD command 'MLSD' to mod_facts
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
passive data connection opened - local  : 192.168.3.204:34851
passive data connection opened - remote : 192.168.3.40:57622

超時時會顯示這個:

Preparing to chroot to directory '/home/proftpd/quanta'
Environment successfully chroot()ed
in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER quanta: Login successful.
mod_ldap/2.8.22: successfully unbound
mod_ldap/2.8.22: not unbinding to an already unbound connection.
FTP session closed.

在客戶端,FileZilla 顯示:

Status: Connecting to 192.168.3.204:21...
Status: Connection established, waiting for welcome message...
Response:   220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [192.168.3.204]
Command:    USER quanta
Response:   331 Password required for quanta
Command:    PASS ********
Error:  Connection timed out
Error:  Could not connect to server

這個問題的原因可能是什麼?

LDAPServer      ldap.domain.com

我建立了一個本地 DNS,dnsmasq這個域是通過另一台伺服器解析的。這是身份驗證緩慢的原因。使用 IP 地址而不是域解決了我的問題。

引用自:https://serverfault.com/questions/350252