Search K
Appearance
FTP
How to install or update the FTP service
The easiest way to update or install the FTP service is over CustomBuild.
bash
da build set ftpd "proftpd"
da build "proftpd"How to run ProFTPD in debug mode
If you are having any issues logging in, or uploading files, creating directories, etc.. you can** run ProFTPD in debug mode** to see what the ProFTPD server is doing and possibly find out why it's generating the errors it is.
To do so, type the following:
bash
systemctl stop proftpd
proftpd -n -d 20This will stop ProFTPD and then start it up in the console in debug mode.
Then use whatever client again to generate the error. ProFTPD will dump out a lot of information. The errors you want usually happen right near the bottom of all of the output.
Once you find what you need, press Ctrl-C to quit the daemon. DA should automatically start ProFTPD up again in normal mode within a minute, or just start it with the same command as above, but with "start" instead of "stop.
How to install mod_sftp into ProFTPD
For any server admins who wish to allow their Users to upload data using SFTP, instead of FTP or FTPS, this guide will outline how to install SFTP (Secure shell FTP) into ProFTPD.
- Recompile ProFTPD with the required changes:
bash
cd /usr/local/directadmin/custombuild
da build set ftpd proftpd
mkdir -p custom/proftpd
sed 's/:mod_tls/:mod_tls:mod_sftp/g' configure/proftpd/configure.proftpd > custom/proftpd/configure.proftpd
chmod +x custom/proftpd/configure.proftpd
da build proftpd
chmod 0600 /etc/ssh/ssh_host_rsa_key- Restart ProFTPD:
bash
systemctl restart proftpd- And test:
# telnet localhost 21
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 ProFTPD 1.3.4a Server ready.
QUIT
221 Goodbye.
Connection closed by foreign host.
# telnet localhost 23
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
SSH-2.0-mod_sftp/0.9.8
garbledtext
Connection closed by foreign host.Note, the default for SFTP clients is to use port 22. However, SSHd uses this port by default.
If you want SFTP to use 22, you'd first need to change the port that SSHd is using (ensure your firewall is open on the new port), then change the Port 23 value in the /etc/proftpd.conf file to use 22 instead, then restart ProFTPD.
If you need ClamAV, CB2 will automatically add this to the proftpd.conf while it's being installed. As such, you'd also need to run:
bash
cd /usr/local/directadmin/custombuild
mkdir -p custom/proftpd/conf
cp configure/proftpd/conf/proftpd.conf custom/proftpd/conf/proftpd.conf
da build proftpdand it should copy the custom proftpd.conf, and also add the ClamAV parts.
Restrict access to ProFTPD based on IP or reverse lookup
If you'd like to lock down FTP so that only specific IPs, ranges or reverse IP lookup values are allowed to connect you can use the following.
- To only allow specific IPs to connect, add the following to your
<Global>section of/etc/proftpd.conffile:
<Limit LOGIN>
Order allow,deny
Allow from 1.2.3.4, 5.6.7.8
Deny from all
</Limit>You can use ranges and wildcard values.
- Or to only allow IPs who's reverse IP lookups belong to a certain family of IPs (usually a specific ISP), you can use the following in your
<Global>section of/etc/proftpd.conffile.
<Limit LOGIN>
Order allow,deny
Allow from .your.isp.com
Deny from all
</Limit>where the reverse IP lookup of all IPs that are to connect, end in .your.isp.com .
How to re-add all system FTP accounts to the /etc/proftpd.passwd file
If, for whatever reason, you're missing all or some of your system FTP accounts in your /etc/proftpd.passwd file, you can do the following to ensure they're all added and present. Create a file fix_ftp.sh and insert the following code:
bash
#!/bin/sh
PF=/etc/proftpd.passwd
cd /usr/local/directadmin/data/users
for u in `ls`; do
{
if [ ! -d $u ]; then
continue;
fi
SHADOW=/home/$u/.shadow
if [ ! -e $SHADOW ]; then
continue;
fi
#make sure it doesn't already exist
COUNT=`grep -c -e "^${u}:" $PF`
if [ "$COUNT" -ne 0 ]; then
continue;
fi
UUID=`id -u $u`
UGID=`id -g $u`
echo "${u}:`cat /home/$u/.shadow`:${UUID}:${UGID}:system:/home/${u}:/bin/false";
};
done;Make it executable:
bash
chmod 755 fix_ftp.shTo test it out first, do the following so that it will just display the output data without real changes:
bash
./fix_ftp.shMake sure it's dumping out the information that goes into the proftpd.passwd file.
Once satisfied that it's the data you want, pipe it to the tail end of the file (backup first):
bash
cp -rp /etc/proftpd.passwd /etc/proftpd.passwd_back
./fix_ftp.sh >> /etc/proftpd.passwdmaking sure to use 2 > characters (>>) and not just 1, as using just 1 would delete whatever was previously there (which is a bad thing if there are any ftp@domain.com accounts).
Make sure /etc/proftpd.passwd is chown'd to root:ftp as well:
bash
chown root:ftp /etc/proftpd.passwd
chmod 640 /etc/proftpd.passwdThat's it, then just test out the FTP accounts.
How to reset your FTP password without logging into the panel
Users can access:
http(s)://domain[.]com:2222/CMD_CHANGE_FTP_PASSWORDto get a interface to change their password (replace http(s)😕/domain[.]com with the domain or with the server's hostname).
Note:
- you cannot change your system ftp account with this.
- you must use the full user@domain.com format, even for owned IP accounts that have a login of just "user", you must always include the domain.
Feature can be disabled with:
email_ftp_password_change=0in the directadmin.conf, in DA 1.41.0, which also affects the similar email password change functionality.
You even have the form on your own web page and utilize it via POST like so:
action="http://domain.com:2222/CMD_CHANGE_FTP_PASSWORD"
method: POST
ftp=user@domain.com
oldpassword=theoldpass
password1=newpass
password2=newpassYou can also pass:
redirect=http://where.you/want/togo.htmlto have DA redirect the browser to that page after a successful login.
If you want to call this using the API, simply also include:
api=yesto have the results url encoded. Do NOT pass
api=noif you do not wish to have results because the value isn't checked, only the presence of "api".
The template can be found here:
/usr/local/directadmin/data/templates/ftp_pass_change/index.htmlIf you want to customize it, create the customized copy here:
/usr/local/directadmin/data/templates/ftp_pass_change/custom/index.htmlRelated pre/post.sh scripts include:
/usr/local/directadmin/scripts/custom/ftp_change_pass_pre.sh/usr/local/directadmin/scripts/custom/ftp_change_pass_post.sh
I cannot login to FTP, but SSH and DA work fine
If ProFTPD is not letting you login, then there are few things you can do check to see why that is.
Try resetting your password to ensure it all matches up.
Check the log files:
bash
tail -f /var/log/messages /var/log/secure /var/log/proftpd/auth.logThen try to log in. Type Ctrl+C when done.
- Try running ProFTPD in debug mode.
How to increase the maximum number of connections per IP for PureFTPd
Use the /etc/pure-ftpd.conf file and adjust the:
MaxClientsPerIP 15value, which defaults to 15.
LAN: Entering Passive Mode returns the wrong IP, causing ECONNREFUSED
When trying to connect to FTP from a remote location, after you've connected to port 21 and if you transfer any data, it will usually be done in Passive Mode (where the client connects to the server a 2nd time on a high random port number usually within the range 35000-35999 unless configured otherwise).
However, if you're on a LAN, when the request for data transfer happens, the FTP server will respond with with which IP to connect to, which might look like:
Command: PASV
Response: 227 Entering Passive Mode (192,168,1,2,139,237)
Command: MLSD
Error: The data connection could not be established: ECONNREFUSED - Connection refused by serverwhere 192.168.1.2 is the LAN IP, and not accessible from a remote location.
We need it to show your public/external IP, so if you're running Pure-FTPd.
- Edit the
/etc/pure-ftpd.conffile and force using special IP:
ForcePassiveIP 1.2.3.4Where you'd replace 1.2.3.4 with your public server IP
- Restart service:
bash
systemctl restart pure-ftpdScript to delete all remote tar.gz files in a directory
The script below will delete all .tar.gz files in a remote directory.
To affect which files are removed, change the grep value.
**Note **that this script has been tested, and works in our case, but extra testing and debugging may be required for your specific setup.
bash
#!/bin/sh
ftp_path=/remote/ftp/path
ftp_username=username
ftp_password=password
ftp_ip=remote.host.com
ftp_port=21
for i in `curl -s -l ftp://"$ftp_username":"$ftp_password"@$ftp_ip/$ftp_path/ | grep tar.gz`; do
{
echo "deleting ${ftp_path}/$i";
curl ftp://${ftp_ip}:${ftp_port}/${ftp_path}/${i} -u "${ftp_username}:${ftp_password}" -O --quote "DELE ${ftp_path}/${i}"
};
done;Make it executable with "chmod 755" and run.