Ftp
登錄成功後有時 ProFTPD 會話立即關閉
我正在使用的版本:
ProFTPD Version: 1.3.3c (maint) Scoreboard Version: 01040003 Built: Wed Dec 1 2010 16:41:40 ICT Loaded modules: mod_cap/1.0 mod_ldap/2.8.22 mod_auth_pam/1.1 mod_ident/1.0 mod_facts/0.1 mod_delay/0.6 mod_site.c mod_log.c mod_ls.c mod_auth.c mod_auth_file/0.8.3 mod_auth_unix.c mod_xfer.c mod_core.c
我的
proftpd.conf
:# This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerType standalone DefaultServer on # Port 21 is the standard FTP port. Port 21 # Don't use IPv6 support by default. UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 002 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30 # Set the user and group under which the server will run. User nobody Group nobody # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. #DefaultRoot ~ # Normally, we want files to be overwriteable. AllowOverwrite on # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> # A basic anonymous configuration, no upload directories. If you do not # want anonymous users, simply delete this entire <Anonymous> section. <Anonymous ~ftp> User ftp Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Limit the maximum number of anonymous logins MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayChdir .message # Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAll </Limit> </Anonymous> # ProFTPd LDAP Module <IfModule mod_ldap.c> AuthOrder mod_ldap.c LDAPServer ldap.domain.com LDAPAttr uid cn # LDAPAttr uidNumber cn # LDAPAttr gidNumber cn LDAPDNInfo cn=anonymous,ou=it,dc=domain,dc=com xxx LDAPDoAuth on ou=it,dc=domain,dc=com (cn=%u) RequireValidShell off #LDAPDoUIDLookups on ou=it,dc=domain,dc=com (cn=%u) LDAPDefaultUID 99 LDAPDefaultGID 99 LDAPAuthBinds on #LDAPDoGIDLookups off LDAPDefaultAuthScheme clear PersistentPasswd off LDAPGenerateHomedir on 0755 CreateHome on 0755 LDAPGenerateHomedirPrefix /home/proftpd LDAPForceGeneratedHomedir on DefaultRoot ~ </IfModule> <IfModule mod_delay.c> DelayEngine off </IfModule> # Define the log formats LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log
連接成功時的調試資訊:
Preparing to chroot to directory '/home/proftpd/quanta' Environment successfully chroot()ed in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'. dispatching POST_CMD command 'PASS (hidden)' to mod_cap mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep' dispatching POST_CMD command 'PASS (hidden)' to mod_delay dispatching POST_CMD command 'PASS (hidden)' to mod_log dispatching POST_CMD command 'PASS (hidden)' to mod_ls dispatching POST_CMD command 'PASS (hidden)' to mod_auth dispatching POST_CMD command 'PASS (hidden)' to mod_xfer dispatching POST_CMD command 'PASS (hidden)' to mod_core dispatching LOG_CMD command 'PASS (hidden)' to mod_log dispatching LOG_CMD command 'PASS (hidden)' to mod_auth USER quanta: Login successful. dispatching PRE_CMD command 'PWD' to mod_core dispatching PRE_CMD command 'PWD' to mod_core dispatching CMD command 'PWD' to mod_core in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'. dispatching LOG_CMD command 'PWD' to mod_log dispatching PRE_CMD command 'TYPE I' to mod_core dispatching PRE_CMD command 'TYPE I' to mod_core dispatching CMD command 'TYPE I' to mod_xfer dispatching LOG_CMD command 'TYPE I' to mod_log dispatching PRE_CMD command 'PASV' to mod_core dispatching PRE_CMD command 'PASV' to mod_core dispatching CMD command 'PASV' to mod_core in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'. Entering Passive Mode (192,168,3,204,136,35). dispatching LOG_CMD command 'PASV' to mod_log dispatching PRE_CMD command 'MLSD' to mod_core dispatching PRE_CMD command 'MLSD' to mod_core dispatching CMD command 'MLSD' to mod_facts in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'. passive data connection opened - local : 192.168.3.204:34851 passive data connection opened - remote : 192.168.3.40:57622
超時時會顯示這個:
Preparing to chroot to directory '/home/proftpd/quanta' Environment successfully chroot()ed in dir_check_full(): path = '/', fullpath = '/home/proftpd/quanta/'. dispatching POST_CMD command 'PASS (hidden)' to mod_cap mod_cap/1.0: capabilities '= cap_net_bind_service,cap_audit_write+ep' dispatching POST_CMD command 'PASS (hidden)' to mod_delay dispatching POST_CMD command 'PASS (hidden)' to mod_log dispatching POST_CMD command 'PASS (hidden)' to mod_ls dispatching POST_CMD command 'PASS (hidden)' to mod_auth dispatching POST_CMD command 'PASS (hidden)' to mod_xfer dispatching POST_CMD command 'PASS (hidden)' to mod_core dispatching LOG_CMD command 'PASS (hidden)' to mod_log dispatching LOG_CMD command 'PASS (hidden)' to mod_auth USER quanta: Login successful. mod_ldap/2.8.22: successfully unbound mod_ldap/2.8.22: not unbinding to an already unbound connection. FTP session closed.
在客戶端,FileZilla 顯示:
Status: Connecting to 192.168.3.204:21... Status: Connection established, waiting for welcome message... Response: 220 ProFTPD 1.3.3c Server (ProFTPD Default Installation) [192.168.3.204] Command: USER quanta Response: 331 Password required for quanta Command: PASS ******** Error: Connection timed out Error: Could not connect to server
這個問題的原因可能是什麼?
LDAPServer ldap.domain.com
我建立了一個本地 DNS,
dnsmasq
這個域是通過另一台伺服器解析的。這是身份驗證緩慢的原因。使用 IP 地址而不是域解決了我的問題。