Question
ProFTPD login failing with 530
- Posted August 31, 2014
I have the $5 plan. I used the default Ubuntu/Apache box. Then I installed ProFTPd (following the Digital Ocean tutorial). Everything worked well; I SFTP accessed it with Filezilla (via the not recommended use the root account as I have nothing up yet really; I’m just testing right now).
Then I added a new user account and was attempting to log in with that with the insecure plain ftp protocol. It returned 530 (on the password). So I restarted ProFTPd a few times and confirmed I’d done everything as directed in the tutorial. So what can I do to enable access there?
Further Note: SFTP access isn’t actually interfacing with ProFTPd since it works when the service is stopped.
I’m basically a Ubuntu neophyte - but very experienced with Windows and windows batch files, python, configuration files, Apache set up etc. so I can easily follow any directions.
- little log snippet:
2014-08-31 11:08:12,495 BriarMoonDesign proftpd[9347] BriarMoonDesign <removed for privacy>): USER <removed for security but correct> (Login failed): Incorrect password. 2014-08-31 11:08:13,076 BriarMoonDesign proftpd[9347] BriarMoonDesign (<removed for privacy>): FTP session closed.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hello. After hours and hours of trying out solutions i finally found one that worked on multiple vps’es.
Here are the following steps:
nano /etc/shells
add the following to the end of the file
/bin/false
Now create an account using:
useradd USERNAME -d /home/USERNAME -s /bin/false
Give the user a password
passwd USERNAME
create a folder for the user.
mkdir /home/USERNAME
Give the ownership to the user
chown -R USERNAME:USERNAME /home/USERNAME
you are done right now it should work if you followed the steps correctly
Thank you so much JudgeDot. You are perfect :-)
For anyone with the 530 login error here is a config file that works ! God bless
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "Debian"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell on
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Logging onto /var/log/lastlog is enabled but set to off by default
#UseLastlog on
# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
#SetEnv TZ :/etc/localtime
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://www.securityfocus.com/bid/11430/discuss
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
#
# Useful to keep VirtualHost/VirtualRoot directives separated
#
#Include /etc/proftpd/virtuals.conf
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
# DL / UP
AllowStoreRestart On
AllowRetrieveRestart On
# Include other custom configuration files
Include /etc/proftpd/conf.d/
code
I have the same problem after update Proftpd to 1.3.4, here what’s fixed it:
Comment lines AuthPAMConfig and AuthOrder in /etc/proftpd.conf and restart server
# Use pam to authenticate (default) and be authoritative
#AuthPAMConfig proftpd
#AuthOrder mod_auth_pam.c* mod_auth_unix.c
This comment has been deleted
First quick thing to debug this is to make sure your user isn’t listed in /etc/ftpusers Contrary to what it sounds like, users listed in that file are not allowed to log in via FTP. Also, make sure that the following line is uncommented:
DefaultRoot ~
Though more generally, I’d strongly encourage you to access the server using SFTP. In fact, since you can already access the server over SSH there is nothing else you need to setup! FTP clients like Filezilla support this out of the box.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
This comment has been deleted