Hi Tiago,

Thanks so much for your suggestions! Please see inline.

On Wed, Mar 22, 2017 at 9:08 AM, Tiago Macedo <tmac...@igc.gulbenkian.pt>
wrote:

> Hi Rui,
>
> Are you trying to set up proftpd (with sftp) to use galaxy user
> credentials read from a postgresql database? Do you have the postgresql
> part working on regular ftp?
>

Yes, that's what I'm trying to achieve. And yes, it works with regular ftp.


>
> 1- The proftpd version on ubuntu 16.04's repository works fine, you don't
> need to compile it yourself (unless you really want/have to). An apt
> install proftpd-basic proftpd-mod-pgsql would do it.
>
> 2- The user and group under which proftpd runs are defined in
> proftpd.conf. You didn't show that part of your file, but it's these two
> lines:
> User                            proftpd
> Group                           nogroup
>
> 3- I see you're missing:
> #Before the <IfModule mod_sftp.c>
> LoadModule      mod_sql_postgres.c
> LoadModule      mod_sql_passwd.c
>

When I tried to add these two lines, it always says:

fatal: unknown configuration directive 'LoadModule'

Is there anything I'm missing?


>
> AuthPAM                         off
>
> #Within the <IfModule mod_sftp.c>
> TLSProtocol TLSv1
>

Do we really have to specify TLS, or we don't need that?

Cheers,
Rui


>
> I suppose you can specify tls 1.1 or 1.2 here, but never really tried it.
>
> In my setup I also commented out the AuthOrder line.
>
> I guess these changes should do it.
>
>
> Best,
> Tiago
>
>
>
>
>
>
>
> On 22-03-2017 08:29, Rui Wang wrote:
>
> Hi Folks,
>
> I'm trying to set up the ftp for the local galaxy instance. I got the
> regular ftp working, but not the sftp. After a few hours attempts, I'm
> wondering what I'm missing. Here is the related info:
>
> 1. Configure the build
>
> install_user=bioinfoadmin install_group=bioinfoadmin ./configure
> --prefix=/media/libraryfiles/proftpd --enable-openssl
> --with-modules=mod_sql:mod_sql_postgres:mod_sql_passwd
> --with-modules=mod_sftp:mod_tls
> make
> make install
>
> 2. Start the server
>
> sudo sbin/proftpd --config /media/libraryfiles/proftpd/etc/proftpd.conf
> -n -d 10
>
> I notice that even though I start it using sudo, the real user that is
> running proftpd is 'nobody'.
>
> 3. Config file snippet, I inserted the following piece to the original
> config file, Add 'VirtualHost' or no doesn't change anything in result
>
> <IfModule mod_sftp.c>
>
>         SFTPEngine on
>         Port 2222
>         SFTPLog /var/log/proftpd/sftp.log
>         AuthOrder mod_auth_unix.c mod_sql.c
>
>         # Configure both the RSA and DSA host keys, using the same host key
>         # files that OpenSSH uses.
>         SFTPHostKey /etc/ssh/ssh_host_rsa_key
>         SFTPHostKey /etc/ssh/ssh_host_dsa_key
>
>         #SFTPAuthMethods publickey
>         SFTPAuthMethods password
>
>         # Enable compression
>         SFTPCompression delayed
>
> </IfModule>
>
> Now when I start the server, and then when I try to test the login, I got
> this:
>
> $ sftp -P 2222 localhost
> packet_write_wait: Connection to 127.0.0.1 port 2222: Broken pipe
> Couldn't read packet: Connection reset by peer
>
> Accordingly, I got the following segfault in log:
>
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65: ROOT PRIVS
> at main.c:1227
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65: RELINQUISH
> PRIVS at main.c:1231
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65: no matching
> vhost found for 127.0.0.1#2222, using 'ProFTPD Default Installation'
> listening on wildcard address
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ROOT PRIVS at main.c:1034
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): SETUP PRIVS at main.c:1039
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): session requested from client in unknown class
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): performing module session initializations
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): mod_cap/1.1: adding CAP_SETUID and CAP_SETGID
> capabilities
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ROOT PRIVS at mod_sftp.c:1674
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): RELINQUISH PRIVS at mod_sftp.c:1677
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ROOT PRIVS at keys.c:2001
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): RELINQUISH PRIVS at keys.c:2008
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ROOT PRIVS at keys.c:703
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): RELINQUISH PRIVS at keys.c:710
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ROOT PRIVS at keys.c:703
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): RELINQUISH PRIVS at keys.c:710
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ROOT PRIVS at keys.c:2001
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): RELINQUISH PRIVS at keys.c:2008
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): mod_sql/4.3: defaulting to 'postgres' backend
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): mod_ident/1.0: ident lookup disabled
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ROOT PRIVS at mod_delay.c:1756
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): RELINQUISH PRIVS at mod_delay.c:1759
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ROOT PRIVS at mod_auth.c:140
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): opening scoreboard '/media/libraryfiles/proftpd/
> var/proftpd.scoreboard'
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): RELINQUISH PRIVS at mod_auth.c:142
> 2017-03-22 00:51:14,786 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): AuthOrder in effect, resetting auth module order
> 2017-03-22 00:51:14,787 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): connected - local  : 127.0.0.1:2222
> 2017-03-22 00:51:14,787 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): connected - remote : 127.0.0.1:58014
> 2017-03-22 00:51:14,787 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): SSH2 session opened.
> 2017-03-22 00:51:14,787 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): dispatching LOG_CMD command 'KEXINIT' to mod_sql
> 2017-03-22 00:51:14,787 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): dispatching LOG_CMD command 'KEXINIT' to mod_log
> 2017-03-22 00:51:14,787 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): dispatching LOG_CMD command 'ECDH_INIT' to mod_sql
> 2017-03-22 00:51:14,787 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): dispatching LOG_CMD command 'ECDH_INIT' to mod_log
> 2017-03-22 00:51:14,789 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ProFTPD terminating (signal 11)
> 2017-03-22 00:51:14,789 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): ProFTPD terminating (signal 11)
> 2017-03-22 00:51:14,789 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): mod_sftp/0.9.9: scrubbing 2 passphrases from memory
> 2017-03-22 00:51:14,789 cal-hsl-65 proftpd[56922] cal-hsl-65
> (localhost[127.0.0.1]): SSH2 session closed.
>
> Seems that it is connected in the middle...
>
> And the /var/log/proftpd/sftp.log shows things like(many identical
> snippets, I just picked one randomly):
>
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]: sent server version
> 'SSH-2.0-mod_sftp/0.9.9'
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]: received client version
> 'SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1'
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]: handling connection from
> SSH2 client 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.1'
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]:  + Session key exchange:
> ecdh-sha2-nistp256
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]:  + Session server hostkey:
> ssh-rsa
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]:  + Session client-to-server
> encryption: aes128-ctr
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]:  + Session server-to-client
> encryption: aes128-ctr
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]:  + Session client-to-server
> MAC: umac...@openssh.com
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]:  + Session server-to-client
> MAC: umac...@openssh.com
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]:  + Session client-to-server
> compression: none
> 2017-03-22 01:16:06,753 mod_sftp/0.9.9[58288]:  + Session server-to-client
> compression: none
>
> The version of proftpd is 1.3.5d on ubuntu 16.04.2. Not sure if anyone has
> seen this before. Any input will be greatly appreciated.
>
> Thanks,
> Rui
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>   https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
>   http://galaxyproject.org/search/
>
>
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>   https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
>   http://galaxyproject.org/search/
>
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/

Reply via email to