ProFTPD is running but in Webmin shows [Start Server] button

All Virtualmin test servers have enabled FTP feature.

In Dashboard in Servers Status section ProFTPD FTP Server appears as not started. I clicked on start button and nothing was happening.

I opened a Terminal window then I checked if this service is running. Systemctl reported as active and running.

I went into Webmin -> Servers -> ProFTPD Server and I clicked on Start Server button. Nothing happened.

Status: 
Closed (fixed)

Comments

What I did next. I stopped proftd.service from Terminal then I tried to start it from Webmin interface. It stays about 1,5 minute then status remains as before (Start Server).

Checking again the service status in Terminal it seems Webmin started the service but it did not update its status into the interface.

Ilia's picture
Submitted by Ilia on Fri, 01/03/2020 - 05:30

Assigned: Unassigned »
Status: Active » Needs review

By any chance do you have status set to Active (exited)? State active (exited) means that systemd has run the commands but it couldn't detect, if there is an active daemon to keep track of. It should be no output of this command ps aux |grep proftpd in your case, by the way.

Did you configure it manually? There should be some status available, try running systemctl status proftpd in the console.

I will pass it to Jamie for review, because I could also reproduce it on my Debian 10 virtual-machine.

It is a VM for testing Debian 10 with the latest Virtualmin. As a rule I do not install anything else or change files when testing. Just doing tasks like a normal user who is using the browser interface and making notes about any issue. I can do deep investigation but also following the same rules.

ProFTPd from Debian 10 repository installed by Virtualmin script works without any issue. There are not errors in logs. You can start/stop it from Terminal. Webmin can start this service if it was stopped before but it doesn't see it as running. I did not check Webmin logs yest but I will today.

Here is the output as you requested. Those errors are not affecting the service running but creates trouble with Webmin.

root@server:~# systemctl status proftpd
● proftpd.service - LSB: Starts ProFTPD daemon
   Loaded: loaded (/etc/init.d/proftpd; generated)
   Active: active (exited) since Sun 2020-01-05 05:43:54 EST; 2min 59s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 488 ExecStart=/etc/init.d/proftpd start (code=exited, status=0/SUCCESS)

Jan 05 05:43:54 server proftpd[488]: 2020-01-05 05:43:54,729 server proftpd[496]: mod_dso/0.5: module 'mod_tls.c' already loaded
Jan 05 05:43:54 server proftpd[488]: 2020-01-05 05:43:54,812 server proftpd[496]: mod_tls/2.7: NoCertRequest TLSOption is deprecated
Jan 05 05:43:54 server proftpd[488]: 2020-01-05 05:43:54,812 server proftpd[496]: mod_dso/0.5: module 'mod_sftp.c' already loaded
Jan 05 05:43:54 server proftpd[488]: Wrong passphrase for this key.  Please try again.
Jan 05 05:43:54 server proftpd[488]: Wrong passphrase for this key.  Please try again.
Jan 05 05:43:54 server proftpd[488]: Wrong passphrase for this key.  Please try again.
Jan 05 05:43:54 server proftpd[488]: 2020-01-05 05:43:54,817 server proftpd[496] server.mmsport.net: mod_sftp/1.0.0: error reading passphrase for SFTPHostKey '/etc/proftpd/ssh_host_rsa_key': (unknown)
Jan 05 05:43:54 server proftpd[488]: 2020-01-05 05:43:54,817 server proftpd[496] server.mmsport.net: mod_sftp/1.0.0: unable to use key in SFTPHostKey '/etc/proftpd/ssh_host_rsa_key', exiting
Jan 05 05:43:54 server proftpd[488]: .
Jan 05 05:43:54 server systemd[1]: Started LSB: Starts ProFTPD daemon.

Following your link I implemented as follows by editing the file /etc/proftpd/conf.d/virtualmin.conf

line 10:

#TLSOptions                    NoCertRequest

lines 28 and 29:

#  SFTPHostKey /etc/proftpd/ssh_host_rsa_key
#  SFTPHostKey /etc/proftpd/ssh_host_ecdsa_key

I restarted the service then I click in Webmin interface on start button. Now the service appears as running in Dashboard and also in its section I see the [Stop Server] button.

Checking files content for /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_ecdsa_key, both files have content in my case, with correct beginning and ending tags. These files are having the same content with the ones in /etc/proftpd folder. It could be an issue coming from proftpd itself not from Webmin. ProFTPd is not understanding the keys. I will check if this is a reported bug in Debian or ProFTPd.

My personal opinion you should start/stop services like Apache, Postfix, Spamassasin and so on and see what errors appear. Over the years some options in configuration files are deprecated or other new ones could improve the functionality.

Hi. I've been trouble-shooting this for the past 2 hours, and the answer to it is here:

https://github.com/proftpd/proftpd/issues/793

right at the bottom of the page, you need to run the commands:

ssh-keygen -m PEM -f /etc/proftpd/ssh_host_rsa_key -N '' -t rsa -b 2048 ssh-keygen -m PEM -f /etc/proftpd/ssh_host_ecdsa_key -N '' -t ecdsa -b 521

then a restart of proftpd makes it work.

The reason from that link:

As you know the source of the challenge was that Debian Buster 10 use the new OpenSSL format, but ProFTPd 1.36 use the older format. So they don't understand each others. This challenge is resolve in 1.3.7 branch.

Ilia's picture
Submitted by Ilia on Sun, 04/05/2020 - 07:05

Status:
Needs review
»
Closed (fixed)

Thanks, we have already fixed it. It will be shortly available on our repos.

This fixes the startup of proftpd, but unfortunately I still cannot SFTP in using FileZilla on port 2222, as it shows:

Error: FATAL ERROR: No supported authentication methods available (server sent: )
Error: Could not connect to server

in FileZilla and the sftp.log on the server shows:

2020-04-05 22:27:24,344 mod_sftp/1.0.0[21278]: using '/etc/proftpd/ssh_host_ecdsa_key' as 521-bit ECDSA hostkey
2020-04-05 22:27:24,346 mod_sftp/1.0.0[21278]: sent server version 'SSH-2.0-mod_sftp'
2020-04-05 22:27:24,346 mod_sftp/1.0.0[21278]: received client version 'SSH-2.0-FileZilla_3.47.2.1'
2020-04-05 22:27:24,346 mod_sftp/1.0.0[21278]: handling connection from SSH2 client 'FileZilla_3.47.2.1'
2020-04-05 22:27:24,597 mod_sftp/1.0.0[21278]:  + Session key exchange: ecdh-sha2-nistp256
2020-04-05 22:27:24,597 mod_sftp/1.0.0[21278]:  + Session server hostkey: ecdsa-sha2-nistp521
2020-04-05 22:27:24,597 mod_sftp/1.0.0[21278]:  + Session client-to-server encryption: aes256-ctr
2020-04-05 22:27:24,597 mod_sftp/1.0.0[21278]:  + Session server-to-client encryption: aes256-ctr
2020-04-05 22:27:24,597 mod_sftp/1.0.0[21278]:  + Session client-to-server MAC: hmac-sha2-256
2020-04-05 22:27:24,597 mod_sftp/1.0.0[21278]:  + Session server-to-client MAC: hmac-sha2-256
2020-04-05 22:27:24,597 mod_sftp/1.0.0[21278]:  + Session client-to-server compression: none
2020-04-05 22:27:24,597 mod_sftp/1.0.0[21278]:  + Session server-to-client compression: none
2020-04-05 22:27:25,533 mod_sftp/1.0.0[21278]: sending acceptable userauth methods: publickey,password
2020-04-05 22:27:25,615 mod_sftp/1.0.0[21278]: client sent SSH_MSG_IGNORE message (99 bytes)
2020-04-05 22:27:25,629 mod_sftp/1.0.0[21278]: authentication for user 'ftp.connect' failed: Invalid shell
2020-04-05 22:27:25,629 mod_sftp/1.0.0[21278]: sending userauth failure; remaining userauth methods:
2020-04-05 22:27:25,785 mod_sftp/1.0.0[21278]: disconnecting client (received EOF)

So no idea how to fix this one. Can you advise?

Ilia's picture
Submitted by Ilia on Sun, 04/05/2020 - 07:39

Michael,

It's not standard error. You apparently edited SSH server config. I would made sure that Password Authentication is enabled in Webmin/Servers/SSH Server or editing manually.

Note: It's better and more secure to authenticate using public key.

Hi Ilia. This is a new CentOS 8 build using the virtualmin install.sh script I have made sure that password authentication is enabled in Webmin. I haven't touched the sshd_config at all since the build.

I'll have a look at the public key method, thank you.

Ilia's picture
Submitted by Ilia on Mon, 04/20/2020 - 04:30

So no idea how to fix this one. Can you advise?

Make sure that /etc/ssh/ssd_config has PasswordAuthentication yes