Re: [galaxy-dev] ProFTPD Config Issues
Hi Joahcim, Thanks so much for your reply. The problem has actually been resolved thanks to a response from Federico Zambelli. Embarrassingly, it did not occur to me that because the passwords had been created while PBKDF2 encryption was enabled, that I would need to reset them after disabling it :P. The FTP server appears to be working fine now. Thanks, Adam On 09/05/2013 03:21 AM, Joachim Jacob | VIB | wrote: > Hi Adam, > > > I remembered having a hard time getting this to work. After it worked, > networkadmins decided to disallow ftp connections at our university due > to security concerns... > > I do not remember the solution (...), but I can share my config files (I > am using apache instead of nginx): > > This is my working 'proftp.conf': > > # This is the ProFTPD configuration file > # Server Config - config used for anything outside a or > context > > ServerName"BITS Galaxy FTP" > ServerIdenton "Welcome to BITS Galaxy FTP server." > ServerTypestandalone > #ServerAdminroot@localhost > #Umask0066 > SyslogFacility DAEMON > SyslogLevel debug > DefaultRoot~ !adm > CreateHome on 700 uid 600 gid 601 > PassivePorts39000 4 > MaxInstances30 > Usergalaxy > Group galaxy > #UseFtpUsers off > #AuthPAMoff > > # Don't do reverse DNS lookups (hangs on DNS problems) > UseReverseDNSoff > MaxInstances20 > > # Define the log formats > LogFormatdefault"%h %l %u %t \"%r\" %s %b" > LogFormatauth"%v [%P] %h %t \"%r\" %s" > > # General database support > (http://www.proftpd.org/docs/contrib/mod_sql.html) > #LoadModule mod_sql.c > > # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables > #LoadModule mod_sql_passwd.c > > # Postgresql support (requires proftpd-postgresql package) > # (http://www.proftpd.org/docs/contrib/mod_sql.html) > # LoadModule mod_sql_postgres.c > > ># Allow users to overwrite files and change permissions >AllowOverwrite on >AllowStoreRestart on > ># Bar use of SITE CHMOD > > DenyAll > > ># Bar use of RETR (download) since this is not a public file drop > > DenyAll > > >SQLLogFile /var/log/proftpd/proftpd.log > ># get FTP connection over SSH >DefaultServeron >SFTPEngine on >SFTPLog /var/log/proftpd-sftp.log >Port 8822 > ># Set up mod_sql_password - Galaxy passwords are stored as > hex-encoded SHA1 >SQLPasswordEngine on >SQLPasswordEncoding hex >RequireValidShell off > ># Set up mod_sql to authenticate against the Galaxy database >SQLEngine on >SQLBackend postgres >SQLConnectInfo galaxydb@127.0.0.1 galaxyftp ** >SQLAuthTypesSHA1 >SQLAuthenticate users > ># An empty directory in case chroot fails >SQLDefaultHomedir /mnt/galaxytemp/ftptmp >SQLDefaultGID 601 >SQLDefaultUID 600 >SQLMinID 95 ># Define a custom query for lookup that returns a passwd-like entry. > UID and GID should match your Galaxy user. >SQLUserInfo custom:/LookupGalaxyUser >SQLNamedQuery LookupGalaxyUser SELECT > "email,password,'600','601','/mnt/galaxydb/ftp/%U','/bin/bash' FROM > galaxy_user WHERE email='%U'" > > > Good luck, > > Joachim > > Joachim Jacob > Contact details: http://www.bits.vib.be/index.php/about/80-team > > > On 09/05/2013 02:46 AM, Panzer, Adam wrote: >> Hello Devs, >> >> I've been trying for a while now to get ProFTPD working for our local >> instance. I have: >> 1) Modified pg_hba.conf >> 2) Set up the ProFTPD config files >> 3) Disabled PBKDF2 password encryption by adding use_pbkdf2 = false to >> universe_wsgi.ini >> >> I've read through the posts from others with this issue and made sure to >> avoid some of the common pitfalls like forgetting to install/enable >> mod_sql.c, mod_sql_postgres.c, and LoadModule mod_sql_passwd.c or having >> an incorrect/<999 uid/gid in proftpd.conf. Even so, when I attempt to >> access the server through FileZilla, it continues to kick back login >> errors for all users: >> >> Status:Resolving address of localhost >> Status:Connecting to 127.0.0.1:21... >> Status:Connection established, waiting for welcome message... >> Response:220 ProFTPD 1.3.4a Server (Jay2) [:::127.0.0.1] >> Command:USER panze...@kids.wustl.edu >> Response:331 Password required for panze...@kids.wustl.edu >> Command:PASS *** >> Response:530 Login incorrect. >> Error:Critical error >> Error:
Re: [galaxy-dev] ProFTPD Config Issues
Hello Adam, maybe this is a stupid question, but do you have reset the password for the user you are attempting to login via proftd after you disabled PBKDF2 in universe_wsgi.ini? If not, the password is still encoded with PBKDF2 in the db and thus it will never work with SHA1 authentication. Best, Federico Il 05/09/13 02.46, Panzer, Adam ha scritto: Hello Devs, I've been trying for a while now to get ProFTPD working for our local instance. I have: 1) Modified pg_hba.conf 2) Set up the ProFTPD config files 3) Disabled PBKDF2 password encryption by adding use_pbkdf2 = false to universe_wsgi.ini I've read through the posts from others with this issue and made sure to avoid some of the common pitfalls like forgetting to install/enable mod_sql.c, mod_sql_postgres.c, and LoadModule mod_sql_passwd.c or having an incorrect/<999 uid/gid in proftpd.conf. Even so, when I attempt to access the server through FileZilla, it continues to kick back login errors for all users: Status:Resolving address of localhost Status:Connecting to 127.0.0.1:21... Status:Connection established, waiting for welcome message... Response:220 ProFTPD 1.3.4a Server (Jay2) [:::127.0.0.1] Command:USER panze...@kids.wustl.edu Response:331 Password required for panze...@kids.wustl.edu Command:PASS *** Response:530 Login incorrect. Error:Critical error Error:Could not connect to server I have included the contents of the relevant config files and logs below. The proftpd log says that the user name is wrong, but the sqllog seems to indicate a successful hit on the user but a failed password authentication (again, despite disabling PBKDF2). I would be most grateful if someone could tell me what I'm doing wrong. Thanks, Adam - PACKAGE VERSIONS - PostgreSQL 9.2 Nginx 1.1.19 ProFTPD 1.3.4a - PG_HBA.CONF - local all all trust hostall all 127.0.0.1/32trust hostall all ::1/128 trust hostall all 0.0.0.0/0 md5 - PROFTPD.CONF - Include /etc/proftpd/modules.conf UseIPv6on IdentLookupsoff ServerTypestandalone DeferWelcomeoff MultilineRFC2228on DefaultServeron ShowSymlinkson TimeoutNoTransfer600 TimeoutStalled600 TimeoutIdle1200 DisplayLoginwelcome.msg DisplayChdir .message true ListOptions"-l" DenyFilter\*.*/ Port21 PassivePorts 3 4 MaxInstances30 Usergalaxy Groupgalaxy Umask077 AllowOverwriteon AuthOrdermod_sql.c SQLDefaultGID1001 SQLDefaultUID1001 TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log QuotaEngine off Ratios off DelayEngine on ControlsEngineoff ControlsMaxClients2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket/var/run/proftpd/proftpd.sock AdminControlsEngine off Include /etc/proftpd/conf.d/ - GALAXY.CONF (galaxy specific conf.d ProFTPD config file) - ServerName"Jay2" DefaultRoot ~ CreateHome on dirmode 700 AllowOverwrite on AllowStoreRestart on DenyAll DenyAll AuthPAM off SQLPasswordEngine on SQLPasswordEncoding hex SQLEngine on SQLBackend postgres SQLConnectInfo galaxy@localhost:5432 galaxy galaxy SQLAuthTypesSHA1 SQLAuthenticate users SQLDefaultHomedir /var/lib/proftpd/empty SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email,password,'1001','1001','/home/galaxy/galaxy-supp/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLLogFile /var/log/proftpd/sqlLog.txt - PROFTPD.LOG - Sep 04 19:03:51 PCF10-WKS1572 proftpd[4846] PCF10-WKS1572 (localhost[127.0.0.1]): FTP session closed. Sep 04 19:14:57 PCF10-WKS1572 proftpd[5034] PCF10-WKS1572 (localhost[127.0.0.1]): FTP session opened. Sep 04 19:14:57 PCF10-WKS1572 proftpd[5034] PCF10-WKS1572 (localhost[127.0.0.1]): USER panze...@kids.wustl.edu (Login failed): No such user found. - SQLLOG.TXT - Sep 04 19:14:57 mod_sql/4.3[5034]: defaulting to 'postgres' backend Sep 04 19:14:57 mod_sql/4.3[5034]: backend module 'mod_sql_postgres/4.0.4' Sep 04 19:14:57 mod_sql/4.3[5034]: backend api'mod_sql_api_v1' Sep 04 19:14:57 mod_sql/4.3[5034]: >>> sql_sess_init Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_defineconnection Sep 04 19:14:57 mod_sql/4.3[5034]: name: 'default'
Re: [galaxy-dev] ProFTPD Config Issues
Hi Adam, I remembered having a hard time getting this to work. After it worked, networkadmins decided to disallow ftp connections at our university due to security concerns... I do not remember the solution (...), but I can share my config files (I am using apache instead of nginx): This is my working 'proftp.conf': # This is the ProFTPD configuration file # Server Config - config used for anything outside a or context ServerName"BITS Galaxy FTP" ServerIdenton "Welcome to BITS Galaxy FTP server." ServerTypestandalone #ServerAdminroot@localhost #Umask0066 SyslogFacility DAEMON SyslogLevel debug DefaultRoot~ !adm CreateHome on 700 uid 600 gid 601 PassivePorts39000 4 MaxInstances30 Usergalaxy Group galaxy #UseFtpUsers off #AuthPAMoff # Don't do reverse DNS lookups (hangs on DNS problems) UseReverseDNSoff MaxInstances20 # Define the log formats LogFormatdefault"%h %l %u %t \"%r\" %s %b" LogFormatauth"%v [%P] %h %t \"%r\" %s" # General database support (http://www.proftpd.org/docs/contrib/mod_sql.html) #LoadModule mod_sql.c # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables #LoadModule mod_sql_passwd.c # Postgresql support (requires proftpd-postgresql package) # (http://www.proftpd.org/docs/contrib/mod_sql.html) # LoadModule mod_sql_postgres.c # Allow users to overwrite files and change permissions AllowOverwrite on AllowStoreRestart on # Bar use of SITE CHMOD DenyAll # Bar use of RETR (download) since this is not a public file drop DenyAll SQLLogFile /var/log/proftpd/proftpd.log # get FTP connection over SSH DefaultServeron SFTPEngine on SFTPLog /var/log/proftpd-sftp.log Port 8822 # Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1 SQLPasswordEngine on SQLPasswordEncoding hex RequireValidShell off # Set up mod_sql to authenticate against the Galaxy database SQLEngine on SQLBackend postgres SQLConnectInfo galaxydb@127.0.0.1 galaxyftp ** SQLAuthTypesSHA1 SQLAuthenticate users # An empty directory in case chroot fails SQLDefaultHomedir /mnt/galaxytemp/ftptmp SQLDefaultGID 601 SQLDefaultUID 600 SQLMinID 95 # Define a custom query for lookup that returns a passwd-like entry. UID and GID should match your Galaxy user. SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email,password,'600','601','/mnt/galaxydb/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" Good luck, Joachim Joachim Jacob Contact details: http://www.bits.vib.be/index.php/about/80-team On 09/05/2013 02:46 AM, Panzer, Adam wrote: Hello Devs, I've been trying for a while now to get ProFTPD working for our local instance. I have: 1) Modified pg_hba.conf 2) Set up the ProFTPD config files 3) Disabled PBKDF2 password encryption by adding use_pbkdf2 = false to universe_wsgi.ini I've read through the posts from others with this issue and made sure to avoid some of the common pitfalls like forgetting to install/enable mod_sql.c, mod_sql_postgres.c, and LoadModule mod_sql_passwd.c or having an incorrect/<999 uid/gid in proftpd.conf. Even so, when I attempt to access the server through FileZilla, it continues to kick back login errors for all users: Status:Resolving address of localhost Status:Connecting to 127.0.0.1:21... Status:Connection established, waiting for welcome message... Response:220 ProFTPD 1.3.4a Server (Jay2) [:::127.0.0.1] Command:USER panze...@kids.wustl.edu Response:331 Password required for panze...@kids.wustl.edu Command:PASS *** Response:530 Login incorrect. Error:Critical error Error:Could not connect to server I have included the contents of the relevant config files and logs below. The proftpd log says that the user name is wrong, but the sqllog seems to indicate a successful hit on the user but a failed password authentication (again, despite disabling PBKDF2). I would be most grateful if someone could tell me what I'm doing wrong. Thanks, Adam - PACKAGE VERSIONS - PostgreSQL 9.2 Nginx 1.1.19 ProFTPD 1.3.4a - PG_HBA.CONF - local all all trust hostall all 127.0.0.1/32trust hostall all ::1/128 trust hostall all 0.0.0
[galaxy-dev] ProFTPD Config Issues
Hello Devs, I've been trying for a while now to get ProFTPD working for our local instance. I have: 1) Modified pg_hba.conf 2) Set up the ProFTPD config files 3) Disabled PBKDF2 password encryption by adding use_pbkdf2 = false to universe_wsgi.ini I've read through the posts from others with this issue and made sure to avoid some of the common pitfalls like forgetting to install/enable mod_sql.c, mod_sql_postgres.c, and LoadModule mod_sql_passwd.c or having an incorrect/<999 uid/gid in proftpd.conf. Even so, when I attempt to access the server through FileZilla, it continues to kick back login errors for all users: Status:Resolving address of localhost Status:Connecting to 127.0.0.1:21... Status:Connection established, waiting for welcome message... Response:220 ProFTPD 1.3.4a Server (Jay2) [:::127.0.0.1] Command:USER panze...@kids.wustl.edu Response:331 Password required for panze...@kids.wustl.edu Command:PASS *** Response:530 Login incorrect. Error:Critical error Error:Could not connect to server I have included the contents of the relevant config files and logs below. The proftpd log says that the user name is wrong, but the sqllog seems to indicate a successful hit on the user but a failed password authentication (again, despite disabling PBKDF2). I would be most grateful if someone could tell me what I'm doing wrong. Thanks, Adam - PACKAGE VERSIONS - PostgreSQL 9.2 Nginx 1.1.19 ProFTPD 1.3.4a - PG_HBA.CONF - local all all trust hostall all 127.0.0.1/32trust hostall all ::1/128 trust hostall all 0.0.0.0/0 md5 - PROFTPD.CONF - Include /etc/proftpd/modules.conf UseIPv6on IdentLookupsoff ServerTypestandalone DeferWelcomeoff MultilineRFC2228on DefaultServeron ShowSymlinkson TimeoutNoTransfer600 TimeoutStalled600 TimeoutIdle1200 DisplayLoginwelcome.msg DisplayChdir .message true ListOptions"-l" DenyFilter\*.*/ Port21 PassivePorts 3 4 MaxInstances30 Usergalaxy Groupgalaxy Umask077 AllowOverwriteon AuthOrdermod_sql.c SQLDefaultGID1001 SQLDefaultUID1001 TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log QuotaEngine off Ratios off DelayEngine on ControlsEngineoff ControlsMaxClients2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket/var/run/proftpd/proftpd.sock AdminControlsEngine off Include /etc/proftpd/conf.d/ - GALAXY.CONF (galaxy specific conf.d ProFTPD config file) - ServerName"Jay2" DefaultRoot ~ CreateHome on dirmode 700 AllowOverwrite on AllowStoreRestart on DenyAll DenyAll AuthPAM off SQLPasswordEngine on SQLPasswordEncoding hex SQLEngine on SQLBackend postgres SQLConnectInfo galaxy@localhost:5432 galaxy galaxy SQLAuthTypesSHA1 SQLAuthenticate users SQLDefaultHomedir /var/lib/proftpd/empty SQLUserInfo custom:/LookupGalaxyUser SQLNamedQuery LookupGalaxyUser SELECT "email,password,'1001','1001','/home/galaxy/galaxy-supp/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'" SQLLogFile /var/log/proftpd/sqlLog.txt - PROFTPD.LOG - Sep 04 19:03:51 PCF10-WKS1572 proftpd[4846] PCF10-WKS1572 (localhost[127.0.0.1]): FTP session closed. Sep 04 19:14:57 PCF10-WKS1572 proftpd[5034] PCF10-WKS1572 (localhost[127.0.0.1]): FTP session opened. Sep 04 19:14:57 PCF10-WKS1572 proftpd[5034] PCF10-WKS1572 (localhost[127.0.0.1]): USER panze...@kids.wustl.edu (Login failed): No such user found. - SQLLOG.TXT - Sep 04 19:14:57 mod_sql/4.3[5034]: defaulting to 'postgres' backend Sep 04 19:14:57 mod_sql/4.3[5034]: backend module 'mod_sql_postgres/4.0.4' Sep 04 19:14:57 mod_sql/4.3[5034]: backend api'mod_sql_api_v1' Sep 04 19:14:57 mod_sql/4.3[5034]: >>> sql_sess_init Sep 04 19:14:57 mod_sql/4.3[5034]: entering postgres cmd_defineconnection Sep 04 19:14:57 mod_sql/4.3[5034]: name: 'default' Sep 04 19:14:57 mod_sql/4.3[5034]: user: 'galaxy' Sep 04 19:14:57 mod_sql/4.3[5034]: host: 'localhost' Sep 04 19:14:57 mod_sql/4.3[5034]:db: 'galaxy' Sep 04 19:14:57 mod_sql/4.3[5034]: port: '5432' Sep 04 19:14:57 mod_sql/4.3[5034]: ttl: '0' Sep 04 19:14:57 mod_sql/4.3[5034]: exiting postgres cmd_defineconnection Sep 04 19:14:57 mod_sql/4.3[5034]: