Ftp – ProFTPd with sftp first login fails, seconds succeeds

ftpproftpdsftp

We are working with ProFTPd and SFTP module enabled. We have a problem with using the sftp module.

When we try to connect to server in FileZilla we need to enter the password to the server twice, upon connection and upon each file upload, which is very undesired. How can we help this? any idea's? suggestions?

when we use the interactive login type in FileZilla, it works when we enter the username and password twice.

Best Answer

If you're experiencing the same issue as I am you will find in your server's auth log that proftpd first tries pam_unix before falling back to the configured authentication method. For me I am using authuserfile and not Unix authentication. As with you my first attempts always fail and the second attempts always succeed.

The proftpd documentation would have you believe that AuthPAM off disables pam authentication entirely. I find this to be inaccurate as proftpd continues to try pam even with AuthPAM off and PersistendPassed off.

I recompiled proftpd without pam and now I can login the first time. The problem is that most distributions ship binary packages and may not even give you this ability. If that is the case then you could always modify pam to use the authentication method you require.

Related Solutions

Ubuntu – How to set up an sftp user to login with a password to an EC2 ubuntu server

In order to accomplish what you wish, you need to do two different things

Change sshd config to accept passwords

I shall say first of all that it's a bad idea to do this, I would rather generate a certificate for your user than activate passwords, nonetheless if you want to do so just edit /etc/ssh/sshd_config and change or uncomment it so it shows PasswordAuthentication yes. Once that is done restart sshd service ssh restart

Let users just FTP using sftp and not have shell

In order to acomplish that you need to install rsh (resticted shell) and change the user shell to it chsh username

Linux – ProFTPd – Cannot login at all, constant 530 error

I think that listing invalid shells like /sbin/nologin as valid ones is not the proper way to go (they have been removed on purpose), and neither is allowing the FTP users to log in to the system when they should not be allowed to do so.

IMHO the best way to go is to simply configure ProFTPD not to require a valid shell for the FTP users.

Simply add the directive RequireValidShell off to section in your proftpd.conf and reload/restart ProFTPD.

<Global>
...
RequireValidShell off
</Global>

In case you are using PAM authentication in your ProFTPD (you probably are since it's on by default), you might also need to disable the requirement for valid shell in PAM settings. In my case, I had to comment out the below line from my ProFTPD's PAM config file (/etc/pam.d/proftpd)

#auth       required     pam_shells.so

Best Answer

Related Solutions

Ubuntu – How to set up an sftp user to login with a password to an EC2 ubuntu server

Linux – ProFTPd – Cannot login at all, constant 530 error

Related Topic