[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:50824] proftpd ssl使用時のauthorderがうまくいかない

From: "kame-gmail" <kame.yo4@xxxxxxxxx>
Subject: [debian-users:50824] proftpd ssl使用時のauthorderがうまくいかない
Date: Thu, 31 Jul 2008 18:09:55 +0900
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :message-id:mime-version:content-type:content-transfer-encoding :x-mailer:thread-index:x-mimeole; bh=LTrHHxC7RPuRL8477Lzgqx1QwhJ/YWWDEDSfr9TJ1UI=; b=gxfug0s7MJBT1nosVuiwByrc17NiojLEh4dLaWriIwLDdUlmWjuM3zLp9f+7S0UM0B GM1Cq0GGIidIZOXNDyE/3owgrnXOmXW78QRRmVHepOlpcR1//4vdOxm8cqTj8PNnIKUh ZMfIeGc1G9WvE8x6BNskQ/Sv5NCb1xCc9psKc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:message-id:mime-version:content-type :content-transfer-encoding:x-mailer:thread-index:x-mimeole; b=D5aCeVaQF195yNPjz59/Hb3fkyD8vifdAGWdkvqUpX3nAgcNaA+sGPt0YP9sUE/j6N NzaWYvA1ZYijabGNM2gkVzNqGe0n8NJoOsBxu1IRluW8NI3b3/DgbQxeLQcsc/FUnetu VfUbbSyAnLgbAGsExzGvCCJuDv8XF3AOikFGk=
List-help: <mailto:debian-users-ctl@debian.or.jp?body=help>
List-id: debian-users.debian.or.jp
List-owner: <mailto:debian-users-admin@debian.or.jp>
List-post: <mailto:debian-users@debian.or.jp>
List-software: fml [fml 4.0.3 release (20011202/4.0.3)]
List-unsubscribe: <mailto:debian-users-ctl@debian.or.jp?body=unsubscribe>
Thread-index: Acjy7S5jlktjQEZGS5mkulDGhJ++zg==
X-mimeole: Produced By Microsoft MimeOLE V6.00.2900.3198
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 4.0.3 release (20011202/4.0.3)]; post only (only members can post)
X-spam-checker-version: SpamAssassin 3.1.7-deb (2006-10-05) on osdn.debian.or.jp
X-spam-level:
X-spam-status: No, score=-0.9 required=10.0 tests=KI,SUBJECT_ENCODED_TWICE autolearn=disabled version=3.1.7-deb
Message-id: <00df01c8f2ed$30069d90$7500a8c0@xxxxxxxxxxxxx>
X-mail-count: 50824
X-mailer: Microsoft Office Outlook 11

この度、proftpdでsslを使用し、authorderをmod_auth_file.cに指定しているのです
が、
/var/log/auth.logに

Jul 31 17:36:09 FTP sshd[4173]: Invalid user test from 192.168.5.117
Jul 31 17:36:09 FTP sshd[4173]: Failed none for invalid user test from
192.168.5.117 port 4463 ssh2
Jul 31 17:36:09 FTP sshd[4173]: (pam_unix) check pass; user unknown
Jul 31 17:36:09 FTP sshd[4173]: (pam_unix) authentication failure; logname=
uid=0
euid=0 tty=ssh ruser= rhost=192.168.0.117
Jul 31 17:36:11 FTP sshd[4173]: Failed password for invalid user test from
192.168.5.117 port 4463 ssh2

と出ます

どうもauth_fileの認証になっていないような気がします。
（sshdと出ているので・・・）
どうすればauth_file認証になるか、どなたか教えてください
よろしくお願い致します

また、sshd_configにはallow usersの設定をしております

proftpd.conf
FTP:/etc/proftpd# less /etc/proftpd/proftpd.conf
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                         off

ServerName                      "FTP"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

AuthUserFile            /etc/proftpd/etc/ftpd.passwd
AuthGroupFile           /etc/proftpd/etc/ftpd.group
AuthOrder               mod_auth_file.c
RequireValidShell               off
UseFtpUsers                     off

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

# Port 21 is the standard FTP port.
Port                            21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
 PassivePorts                    54321 54351

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
#User                           proftpd
Group                           nogroup
User                            nobody

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           002  002
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd              off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile                   off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

LogFormat allinfo "%t: %u(%a [%h]):[%s],%T,%m(%f)"
LogFormat write "%t:%u:%F(%a)"
LogFormat read "%t:%u:%F(%a)"
LogFormat auth "%t:%u(%a[%h])"

ExtendedLog /var/log/proftpd/all.log ALL allinfo
ExtendedLog /var/log/proftpd/write.log WRITE write
ExtendedLog /var/log/proftpd/read.log READ read
ExtendedLog /var/log/proftpd/auth.log AUTH auth

Defaultroot     ~/public_html !test
AllowStoreRestart on
AllowRetrieveRestart on
DeleteAbortedStores on

UseReverseDNS                   off
IdentLookups                    off
RootLogin                       off
TimesGMT                        off

<IfModule mod_tls.c>
#TLSEngine off
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRSACertificateFile /etc/ssl/Server/cert.pem
TLSRSACertificateKeyFile /etc/ssl/Server/private.pem
TLSVerifyClient off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

Follow-Ups:
- [debian-users:50825] Re: proftpd ssl使用時のauthorderがうまくいかない
  - From: Hideki Yamane

Prev by Date: [debian-users:50823] Re: java5 or 6::non-free
Next by Date: [debian-users:50825] Re: proftpd ssl使用時のauthorderがうまくいかない
Previous by thread: [debian-users:50823] Re: java5 or 6::non-free
Next by thread: [debian-users:50825] Re: proftpd ssl使用時のauthorderがうまくいかない
Index(es):
- Date
- Thread