2008年7月31日

[debian-users:50824] proftpd ssl使用時のauthorderがうまくいかない

この度、proftpdでsslを使用し、authorderをmod_auth_file.cに指定しているのです
が、
/var/log/auth.logに

Jul 31 17:36:09 FTP sshd[4173]: Invalid user test from 192.168.5.117
Jul 31 17:36:09 FTP sshd[4173]: Failed none for invalid user test from
192.168.5.117 port 4463 ssh2
Jul 31 17:36:09 FTP sshd[4173]: (pam_unix) check pass; user unknown

Jul 31 17:36:09 FTP sshd[4173]: (pam_unix) authentication failure; logname=
uid=0
euid=0 tty=ssh ruser= rhost=192.168.0.117
Jul 31 17:36:11 FTP sshd[4173]: Failed password for invalid user test from
192.168.5.117 port 4463 ssh2

と出ます

どうもauth_fileの認証になっていないような気がします。
(sshdと出ているので・・・)
どうすればauth_file認証になるか、どなたか教えてください
よろしくお願い致します

また、sshd_configにはallow usersの設定をしております

proftpd.conf
FTP:/etc/proftpd# less /etc/proftpd/proftpd.conf
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off

ServerName "FTP"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

AuthUserFile /etc/proftpd/etc/ftpd.passwd
AuthGroupFile /etc/proftpd/etc/ftpd.group
AuthOrder mod_auth_file.c
RequireValidShell off
UseFtpUsers off

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
PassivePorts 54321 54351

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
#User proftpd
Group nogroup
User nobody

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 002 002
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

LogFormat allinfo "%t: %u(%a [%h]):[%s],%T,%m(%f)"
LogFormat write "%t:%u:%F(%a)"
LogFormat read "%t:%u:%F(%a)"
LogFormat auth "%t:%u(%a[%h])"

ExtendedLog /var/log/proftpd/all.log ALL allinfo
ExtendedLog /var/log/proftpd/write.log WRITE write
ExtendedLog /var/log/proftpd/read.log READ read
ExtendedLog /var/log/proftpd/auth.log AUTH auth

Defaultroot ~/public_html !test
AllowStoreRestart on
AllowRetrieveRestart on
DeleteAbortedStores on

UseReverseDNS off
IdentLookups off
RootLogin off
TimesGMT off

<IfModule mod_tls.c>
#TLSEngine off
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRSACertificateFile /etc/ssl/Server/cert.pem
TLSRSACertificateKeyFile /etc/ssl/Server/private.pem
TLSVerifyClient off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>


投稿者 xml-rpc : 2008年7月31日 18:09
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/75891
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。