我已经proftpd
安装了一段时间了,但从今天起我无法登录 ftp 服务器。我一直收到错误530 login incorrect
。
我proftpd
以调试模式重新启动并在尝试登录时收到以下响应:
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): FTP session opened.
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'USER bernhard' to mod_tls
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'USER bernhard' to mod_core
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'USER bernhard' to mod_core
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'USER bernhard' to mod_delay
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'USER bernhard' to mod_auth
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching CMD command 'USER bernhard' to mod_auth
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching POST_CMD command 'USER bernhard' to mod_delay
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching LOG_CMD command 'USER bernhard' to mod_log
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'PASS (hidden)' to mod_core
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching CMD command 'PASS (hidden)' to mod_auth
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): retrieved UID 500 for user 'bernhard'
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): retrieved group ID: 500
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): retrieved group name: bernhard
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): ROOT PRIVS at mod_auth_pam.c:311
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): RELINQUISH PRIVS at mod_auth_pam.c:481
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): USER bernhard (Login failed): Incorrect password.
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
- srv2.********.nl proftpd[1660] 159.253.3.237 (83.247.33.135[83.247.33.135]): FTP session closed.
答案1
听起来很像你安装的 libpam 在 proftpd 升级时没有升级,可以在升级 proftpd 之前尝试这样做,看看是否能解决问题。
还要特别检查 proftpd.conf
#这需要使用基于 PAM 的身份验证和本地密码
#AuthOrder mod_auth_pam.c* mod_auth_unix.c
^^^并确保conf没有更新为“通用”
答案2
如果这是 RHEL 或 CentOS EL6.x 系统,则修改 PAM 配置非常重要,因为随包裹一起发货不好:
编辑:/etc/pam.d/proftpd
反映:
#%PAM-1.0M-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
#session include system-auth
session required pam_loginuid.so
答案3
需要注意的一点是......pam_shells.so
pam_shells.so - 这要求所有允许的 shell 都在 /etc/shells 中。
对于 NIS,由于我们有许多不同的 Linux 和 Solaris 发行版,所以我们的 NIS shell 都是 /usr/local/bin/
在机器本身上,我们在 /usr/local/bin/ 中创建指向 shell 的软链接。即 /usr/local/bin/bash --> /bin/bash
我被烧毁的地方是......即使 /bin/bash 在 /etc/shells 中,/usr/local/bin/bash 也需要在那里。
这是一个 10 秒钟就能解决的问题,但我花了很长时间才弄明白。
答案4
还要确保主目录实际上归该用户所有..例如,我刚刚尝试通过 ftp 连接到用户 abc,但 /home/abc 归 root 所有,而不是 abc,因此 proftpd 给了我错误的登录信息。