problem with pure-ftp

Discussion in 'Installation/Configuration' started by Oitsuki, Oct 15, 2018.

Tags:
  1. Oitsuki

    Oitsuki Member

    Hello,
    I don't know what happen, but pure-ftp has stopped.

    My log :

    Code:
    Oct 15 14:52:52 xxxxxxxx systemd[1]: Started pure-ftpd-mysql.service.
    Oct 15 14:52:52 xxxxxxxx pure-ftpd: ([email protected]?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem
    Oct 15 14:53:01 xxxxxxxx CRON[2585]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Oct 15 14:53:01 xxxxxxxx CRON[2586]: (root) CMD (/usr/local/rtm/bin/rtm 39 > /dev/null 2> /dev/null)
    Oct 15 14:53:01 xxxxxxxx CRON[2584]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Oct 15 14:53:09 xxxxxxxx pure-ftpd: ([email protected]) [INFO] New connection from 104.158.87.181
    Oct 15 14:53:09 xxxxxxxx pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please reconnect using TLS security mechanisms.
    Oct 15 14:53:09 xxxxxxxx ntpd[641]: 12.167.151.1 local addr 94.23.214.34 -> <null>
    Oct 15 14:53:33 xxxxxxxx pure-ftpd: ([email protected]) [INFO] New connection from 104.158.87.181
    Oct 15 14:53:33 xxxxxxxx pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please reconnect using TLS security mechanisms.
    Oct 15 14:54:01 xxxxxxxx CRON[2708]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Oct 15 14:54:01 xxxxxxxx CRON[2707]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Oct 15 14:54:01 xxxxxxxx CRON[2706]: (root) CMD (/usr/local/rtm/bin/rtm 39 > /dev/null 2> /dev/null)
    Oct 15 14:55:01 xxxxxxxx CRON[2834]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Oct 15 14:55:01 xxxxxxxx CRON[2835]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Oct 15 14:55:01 xxxxxxxx CRON[2836]: (getmail) CMD (/usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null)
    Oct 15 14:55:01 xxxxxxxx CRON[2842]: (root) CMD (/usr/local/rtm/bin/rtm 39 > /dev/null 2> /dev/null)
    Oct 15 14:55:03 xxxxxxxx pure-ftpd: ([email protected]::1) [INFO] New connection from ::1
    Oct 15 14:55:03 xxxxxxxx pure-ftpd: ([email protected]::1) [INFO] Logout.
    Oct 15 14:55:03 xxxxxxxx dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=</tlBn0V4opYAAAAAAAAAAAAAAAAAAAAB>
    Oct 15 14:55:03 xxxxxxxx dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<J9pBn0V42oQAAAAAAAAAAAAAAAAAAAAB>
    Oct 15 14:55:03 xxxxxxxx postfix/smtpd[3029]: warning: cannot load 1024-bit DH parameters from file /etc/ssl/private/dhparams.pem: No such file or directory -- using compiled-in defaults
    Oct 15 14:55:03 xxxxxxxx postfix/smtpd[3029]: connect from localhost[::1]
    Oct 15 14:55:03 xxxxxxxx postfix/smtpd[3029]: lost connection after CONNECT from localhost[::1]
    Oct 15 14:55:03 xxxxxxxx postfix/smtpd[3029]: disconnect from localhost[::1] commands=0/0
    Oct 15 14:55:05 xxxxxxxx dovecot: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=<[email protected]>, method=PLAIN, rip=38.126.119.72, lip=94.23.214.34, session=<dFkcn0V427UmfndI>
     
    
    Tk for your help
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Looks like certificate problem. Have you created Let's Encrypt certificates or self-signed?
     
  3. Oitsuki

    Oitsuki Member

    I do that :
    At the origin, I don't know
    I try this
    openssl dhparam -out /etc/ssl/private/pure-ftpd-dhparams.pem 2048
    ok for pure ftp but
    I have always this pb :
    Oct 15 15:11:18 xxxxxx pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please reconnect using TLS security mechanisms.
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  5. Oitsuki

    Oitsuki Member

    There the result : do see anything :

    Code:
    ##### SERVER #####
    IP-address (as per hostname): ***.***.***.***
    [WARN] could not determine server's ip address by ifconfig
    [INFO] ISPConfig is installed.
    
    ##### ISPCONFIG #####
    ISPConfig version is 3.1.13
    
    
    ##### VERSION CHECK #####
    
    [INFO] php (cli) version is 7.0.30-0+deb9u1
    
    ##### PORT CHECK #####
    
    
    ##### MAIL SERVER CHECK #####
    
    
    ##### RUNNING SERVER PROCESSES #####
    
    [INFO] I found the following web server(s):
        Apache 2 (PID 1112)
    [INFO] I found the following mail server(s):
        Postfix (PID 1037)
    [INFO] I found the following pop3 server(s):
        Dovecot (PID 742)
    [INFO] I found the following imap server(s):
        Dovecot (PID 742)
    [INFO] I found the following ftp server(s):
        PureFTP (PID 4984)
    
    ##### LISTENING PORTS #####
    (seulement        ()
    Adresse        (distante)
    [localhost]:10027        (1037/master)
    [anywhere]:587        (1037/master)
    [localhost]:11211        (559/memcached)
    [anywhere]:110        (742/dovecot)
    [anywhere]:143        (742/dovecot)
    [anywhere]:465        (1037/master)
    [anywhere]:21        (4984/pure-ftpd)
    ***.***.***.***:53        (557/named)
    [localhost]:53        (557/named)
    [anywhere]:22        (735/sshd)
    [anywhere]:25        (1037/master)
    [localhost]:953        (557/named)
    [anywhere]:993        (742/dovecot)
    [anywhere]:995        (742/dovecot)
    [localhost]:8998        (561/php-fpm:)
    [localhost]:10024        (1290/amavisd-new)
    [localhost]:10025        (1037/master)
    [localhost]:10026        (1290/amavisd-new)
    [localhost]:3306        (730/mysqld)
    *:*:*:*::*:587        (1037/master)
    [localhost]10        (742/dovecot)
    [localhost]43        (742/dovecot)
    *:*:*:*::*:80        (1112/apache2)
    *:*:*:*::*:8080        (1112/apache2)
    *:*:*:*::*:465        (1037/master)
    *:*:*:*::*:8081        (1112/apache2)
    *:*:*:*::*:21        (4984/pure-ftpd)
    *:*:*:*::*:53        (557/named)
    *:*:*:*::*:22        (735/sshd)
    *:*:*:*::*:25        (1037/master)
    *:*:*:*::*:953        (557/named)
    *:*:*:*::*:443        (1112/apache2)
    *:*:*:*::*:993        (742/dovecot)
    *:*:*:*::*:995        (742/dovecot)
    *:*:*:*::*:10024        (1290/amavisd-new)
    *:*:*:*::*:10026        (1290/amavisd-new)
    
    
    
    
    ##### IPTABLES #####
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination         
    f2b-pureftpd  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 21
    f2b-dovecot-pop3imap  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 110,995,143,993
    f2b-postfix  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25,465,587
    f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain f2b-dovecot-pop3imap (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-postfix (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-pureftpd (1 references)
    target     prot opt source               destination         
    RETURN     all  --  [anywhere]/0            [anywhere]/0           
    
    Chain f2b-sshd (1 references)
    target     prot opt source               destination         
    REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
    RETURN     all  --  [anywhere]/0            [anywhere]/0      
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

     
  7. Oitsuki

    Oitsuki Member

    Debian 9.5 and isp config 3.1.12
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You wrote
    But you can connect with ftp. You even get a warning from ftp.
    What is pb?
     
  9. Oitsuki

    Oitsuki Member

    Filezilla does'nt want; I delete a ftp account, recreate it, same thing does'nt access
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The warning means server does not accept weak cipher. This is a good thing. That is how you should configure the server.
    Are you using very old version of Filezilla? Are you trying to use insecure FTP? What setting do you use when connecting from Filezilla?
     
  11. Oitsuki

    Oitsuki Member

    For filezila 3.33
    cryptage : ftp explicit on TLS. I tried different choice, always the same pb.
    authentification normal
     
  12. Oitsuki

    Oitsuki Member

    I tried by command, result
    Could be a certificate on my computer ?
    Code:
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 1 of 50 allowed.
    220-Local time is now 16:36. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    Name (clicshopping.com:oitsuki): xxxxxxxx
    421-Sorry, cleartext sessions and weak ciphers are not accepted on this server.
    421 Please reconnect using TLS security mechanisms.
    Login failed.
     
  13. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I repeat: what is pb? Are you not writing full words and should have written "problem"?
     
  14. Oitsuki

    Oitsuki Member

    What is pb ? pb = problem sorry.
     
  15. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I suspect you have done mistakes in Perfect Server quide chapter
    14 Install PureFTPd and Quota
    Check the setup.
     
  16. Oitsuki

    Oitsuki Member

    I recreate the certificate like explain section 14:
    https://www.howtoforge.com/tutorial...-stretch-apache-bind-dovecot-ispconfig-3-1/2/

    same problem
    result
    Code:
     Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -A -b -J ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA -H -D -8 UTF-8 -Y 2 -u 1000 -E -B
    Oct 15 16:57:20 ns304677 systemd[1]: Started pure-ftpd-mysql.service.
    
    pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please reconnect using TLS security mechanisms.
    
    
     
  17. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Have you checked you have done correctly all of chapter 14?
    What about this part:
    Code:
    chmod 600 /etc/ssl/private/pure-ftpd.pem
     
  18. Oitsuki

    Oitsuki Member

    yes, there my all certificates

    Code:
    -rw-r--r-- 1 root root     3164 juil. 22 00:37 apache.pem
    -rw------- 1 root root     1460 juil. 22 00:37 dovecot.pem
    -rw------- 1 root root     1704 juil. 22 00:37 xxxxxxx.ip-xx-23-xxxx.eu.key
    -rw-r--r-- 1 root root      424 oct.  15 15:10 pure-ftpd-dhparams.pem
    -rw------- 1 root root     3172 oct.  15 16:57 pure-ftpd.pem
    -rw-r----- 1 root ssl-cert 1704 juil. 22 00:29 ssl-cert-snakeoil.key
    
     
  19. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Are you sure you have restarted pure-ftpd?
     
  20. Oitsuki

    Oitsuki Member

    etc/ssl/private# /etc/init.d/pure-ftpd-mysql restart
    [ ok ] Restarting pure-ftpd-mysql (via systemctl): pure-ftpd-mysql.service.
    don't want.
     

Share This Page