offroadguy56 Posted July 24, 2021 Share Posted July 24, 2021 Ok I deleted ProFTP and restarted the server. I can regular FTP into the server now with all of my users after I add them to the list. But SSH isn't working for any of my users. I made some users for testing before I deleted the plugin and made another one after. 'offroadguy56' has ftpuser description and was made before restart. 'smurf' has no description and was made before restart. 'test' has no description and was made after restart. This is probably beyond the scope of the plugin thread but this is the log I see when attempting SSH connection with any user: Jul 23 23:47:23 UR-SERVER sshd[11681]: Connection from 192.168.1.150 port 52457 on 192.168.1.151 port 22 rdomain "" Jul 23 23:47:25 UR-SERVER sshd[11681]: User test from 192.168.1.150 not allowed because not listed in AllowUsers Jul 23 23:47:25 UR-SERVER sshd[11681]: Postponed keyboard-interactive for invalid user test from 192.168.1.150 port 52457 ssh2 [preauth] Jul 23 23:47:26 UR-SERVER sshd[11687]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.150 user=test Jul 23 23:47:28 UR-SERVER sshd[11681]: error: PAM: Authentication failure for illegal user test from 192.168.1.150 Jul 23 23:47:28 UR-SERVER sshd[11681]: Failed keyboard-interactive/pam for invalid user test from 192.168.1.150 port 52457 ssh2 Jul 23 23:47:28 UR-SERVER sshd[11681]: Postponed keyboard-interactive for invalid user test from 192.168.1.150 port 52457 ssh2 [preauth] Jul 23 23:47:32 UR-SERVER sshd[11681]: Connection closed by invalid user test 192.168.1.150 port 52457 [preauth] Jul 23 23:49:00 UR-SERVER sshd[12036]: Connection from 192.168.1.150 port 52535 on 192.168.1.151 port 22 rdomain "" Jul 23 23:49:01 UR-SERVER sshd[12036]: User test from 192.168.1.150 not allowed because not listed in AllowUsers Jul 23 23:49:01 UR-SERVER sshd[12036]: Postponed keyboard-interactive for invalid user test from 192.168.1.150 port 52535 ssh2 [preauth] Jul 23 23:49:02 UR-SERVER sshd[12040]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.150 user=test Jul 23 23:49:04 UR-SERVER sshd[12036]: error: PAM: Authentication failure for illegal user test from 192.168.1.150 Jul 23 23:49:04 UR-SERVER sshd[12036]: Failed keyboard-interactive/pam for invalid user test from 192.168.1.150 port 52535 ssh2 Jul 23 23:49:04 UR-SERVER sshd[12036]: Postponed keyboard-interactive for invalid user test from 192.168.1.150 port 52535 ssh2 [preauth] I was actually hoping to make use of SFTP and the folder restrictions ProFTP offers. I don't want family members seeing the entirety of the server folder structure. And I did want to temporarily open FTP access over internet to get friend's backups on my drives. If you have a better solution than encrypting their iso and using SFTP, let me know. The only thing I can think of is running Synology in a VM and leveraging their software. To sum up, SSH is not working (except for root in the webUI), FTP is working with default service, I want SFTP for temporary use across internet, I would like to have folder restrictions for users. Sorry for all the trouble. This stuff is super cool but still new to me and I would like to do it as properly as I can. Thanks. Quote Link to comment
SlrG Posted July 24, 2021 Author Share Posted July 24, 2021 (edited) @offroadguy56 Ah I see. I had only tested with root and as that worked I falsely assumed it would work with other users, too. Further testing shows that it would be possible to enable ssh for other users, but it is a complicated multi step process and it would also be reset each boot, so it would require scripting to restore its state and so all in all it is probably too much hassle. The synology in a vm idea sounds very cool. A quick search shows they seem to support FTPS and SFTP and access management for the users. Though such a solution will obviously not be endorsed by Synology without buying their hardware. If you want to continue with the ssh idea, there is the "openssh-server" docker in unraids community applications. If I understand it correctly, this will enable ssh for one user per container and this user will only be able to access what you mount into the container. So you should be able to configure a secure backup access for your friends. Looking at ftp again, that you can use it now is thanks to unraids internal ftp server, as you already noted. The drawback is, that it is unencrypted ftp and always gives access to the complete server. I wrote the proftpd plugin and use it myself for my home network only. Basically it provides unencrypted FTP (like the stock ftp service) but with the added benefit of being able to jail the users into home directories they cant leave and so only have access to what I want them to. While it is possible to open this up to the internet it is in no way recommended because of the default unencrypted connections. Proftpd can be configured to use FTPS or SFTP, but it is sadly complicated and while there are some tips in this thread how to do it, there are cases where it doesn't work and I sadly don't have the time to fully support other users in how to set it up. Edited July 24, 2021 by SlrG typo 1 Quote Link to comment
offroadguy56 Posted July 24, 2021 Share Posted July 24, 2021 Ok thanks for the explanation. I have a bit better understanding now and will play around with your suggestions in time. Quote Link to comment
Flemming Posted September 2, 2021 Share Posted September 2, 2021 I get NOT INSTALLED even if i hit install, and uninstall don't do anything either Quote Link to comment
kricker Posted September 2, 2021 Share Posted September 2, 2021 I think I had a similar issue in the past. If I recall properly... I manually removed the plugin and it's configuration file from my flash drive. I made sure to get everything related to the plugin and old copies in the plugins-old-versions folder and the plugins-removed folder. Then I rebooted unRaid and reinstalled the plugin from community applications . Quote Link to comment
SlrG Posted September 2, 2021 Author Share Posted September 2, 2021 @Flemming The "Plugin file missing" under Information indicates a failed uninstallation. On why this happened, I have no idea. To get back to a clean state I would the recommend the manual removal and reinstallation described by @kricker. If you have the time to experiment, what happens if you click "update plugin"? Quote Link to comment
Flemming Posted September 2, 2021 Share Posted September 2, 2021 (edited) It was under failed plugins. I got it working by deleting, rebooting and reinstalling Now I can access my FTP with WinCSP, but not with my Reolink IP-cameras 🙄 Even with same settings Looks like this is a common problem with Reolink/ProFTPd https://stackoverflow.com/questions/51142982/raspberry-pi-ftp-not-working-with-ip-camera https://forum.openmediavault.org/index.php?thread/21316-failure-sending-webcam-images-by-ftp/&postID=165219 Edited September 2, 2021 by Flemming Quote Link to comment
SlrG Posted September 3, 2021 Author Share Posted September 3, 2021 @Flemming Are there any error messages in the syslog when trying to connect? Quote Link to comment
Flemming Posted September 9, 2021 Share Posted September 9, 2021 On 9/3/2021 at 3:12 PM, SlrG said: @Flemming Are there any error messages in the syslog when trying to connect? After may hours of troubleshooting I found out that the problem is in my firewall, between the two VLAN's/networks. I have now allowed traffic between them and it works. In the future I want to limit my ports, do you have any information about what ports are being in use in Active and/or Passive mode? Quote Link to comment
SlrG Posted September 9, 2021 Author Share Posted September 9, 2021 @Flemming See here for the difference between active and passive ftp. For both types normally data ports >1024 are randomly opened. You can restrict the used ports using the PassivePorts directive. Quote Link to comment
Berto90vi Posted September 28, 2021 Share Posted September 28, 2021 Hello to all. i installed ftp and created an account. i tried to access via ftp and it works but the user has full access to all folders. Someone explain to me step by step what I need to do to set user "x" to read only this path "/ mnt / user / Download" and deny access to everything else. thanks and sorry if I asked a question already asked. Quote Link to comment
SlrG Posted September 29, 2021 Author Share Posted September 29, 2021 @Berto90vi In unraids user creation screen open your user "x" and put "ftpuser /mnt/user/Download" (without the double quotes) into the Description field. Then apply and restart the proftpd plugin. This will jail the user x into the given directory. It will still have read and write access, however. If you want to restrict that, you will need to configure limits in your proftpd.conf. Quote Link to comment
master00 Posted October 6, 2021 Share Posted October 6, 2021 Hi guys, are there are plugins or commands to see download and upload statistics by user? Quote Link to comment
kricker Posted October 7, 2021 Share Posted October 7, 2021 Is there any way to recover files that are deleted by a ftp user connected via the ProFTP server? Quote Link to comment
SlrG Posted October 7, 2021 Author Share Posted October 7, 2021 @master00 Not within the scope of this plugin. If you setup a vm and install gadmin-proftpd as gui this will come with gprostats as statistics generator. Also there might be other ftp servers more capable but not necessarily free. @kricker The easiest way would be to restore a backup, if you have. Otherwise as there is no recycle bin you can only search and try some linux ways to restore your data. First make sure nothing is written to your array anymore or you will risk the deleted data being overwritten! I had successes using testdisk and photorec on standalone machines, but never had to try on an unraid machine yet. (see this article for other tools: https://www.journaldev.com/36900/top-best-linux-data-recovery-tools) Make sure however, you mount another disk outside of your array as target for all write operations or again you will risk the deleted data being overwritten. Also you will probably need to know on which exact disk the data you want to recover was and then let the tools work on that disk. I hope this ideas are useful, but I fear the chance to recover the data is very slim. 😟 1 Quote Link to comment
kricker Posted October 7, 2021 Share Posted October 7, 2021 Thanks. I haven't had an issue where I need to recover anything. It's just something I was wondering if is possible in any way. Thanks for all the extra information though! Quote Link to comment
KluthR Posted October 28, 2021 Share Posted October 28, 2021 Thanks for this plugin! I wonder, why LimeTech does not include the possibilities native. Whatever, I have two suggestions: * Include inline help: To explain some options. Example: What is this "Webserver" option used for? * Include a log view inside the plugin settings or so, to check connected clients or transfers etc. Quote Link to comment
SlrG Posted October 28, 2021 Author Share Posted October 28, 2021 @KluthR Thank you very much. I'm happy that you like the plugin. 1 hour ago, KluthR said: * Include inline help: To explain some options. Example: What is this "Webserver" option used for? This is a great idea. At the moment the option is broken, but I hope to bring it back/replace it based on stock unraid functionality in the future. I'm still in the research phase however and have so little time besides job and family. 1 hour ago, KluthR said: Include a log view inside the plugin settings or so, to check connected clients or transfers etc. Cool idea. I'll put it on my research list, too. While not accessible through the plugins settings page (and you might already know this), but it's possible to check if there are users connected and what they are doing by calling /usr/local/SlrG-Common/usr/local/bin/ftptop from a shell. 1 Quote Link to comment
KluthR Posted October 29, 2021 Share Posted October 29, 2021 Another question: What about FTPS? Would it be possible to configure an LE cert via the GUI? Or at least via Docker? But the plugin could support configuring FTPS via the Settings page then. Any ideas? Quote Link to comment
SlrG Posted October 29, 2021 Author Share Posted October 29, 2021 @KluthR Using FTPS is possible, and if you search this thread, you will find infos how to do it, but it is not a very straightforward process and integrating it flawlessly into the plugin wouldn't be easy. More so if LE certificates would be used, as they need to be renewed regularly and the server has to fulfill certain requirements (e.g. fixed public IP) to get a certificate. Also if it works and what is needed to make it work depends heavily on the users personal network setup which come in a multitude of variants. Such "complicated" setups leave the scope of what this plugin is designed for (quick, easy, unencrypted FTP for private networks, tightly integrated into the unraid user management) and I recommend using a docker alternative or setting up a VM which will allow for much more ease and freedom in tinkering with the system. The underlying slackware linux of unraid is very basic and is missing a lot of packages and management tools other distros have by default. As plugins are directly modifying the unraid system any additional package increases the risk to break the base functionality and potentionelly harm the data integrity. Firing up an ubuntu vm with proftpd and gadmin-proftpd gui or using another ftpserver with gui and mounting the shares to be accessed by ftp is much easier and will be more flexible in the long run. Personally for larger projects I like CrushFTP, which is not free however. 1 Quote Link to comment
kricker Posted October 30, 2021 Share Posted October 30, 2021 On 10/28/2021 at 3:17 PM, SlrG said: Cool idea. I'll put it on my research list, too. While not accessible through the plugins settings page (and you might already know this), but it's possible to check if there are users connected and what they are doing by calling /usr/local/SlrG-Common/usr/local/bin/ftptop from a shell. Awesome to know how to do this! Quote Link to comment
KentBrockman Posted November 21, 2021 Share Posted November 21, 2021 I have been using this plugin for a while and it has been great. Lately I am having trouble with people hammering my server and using all of my upload bandwidth. I see there is a module called mod_shaper that would allow me to limit the bandwith a user is using. http://www.castaglia.org/proftpd/modules/mod_shaper.html Can anyone please help me get pointed in the right direction to get this implemented? Or is this something that has to be added to the plugin? Thanks Quote Link to comment
SlrG Posted November 21, 2021 Author Share Posted November 21, 2021 (edited) @KentBrockman The proftpd version in the plugin is compiled with integrated mod_shaper support. So by editing your proftpd.conf file and adding directives as described in the link you have posted above, you should be able to limit the bandwith proftpd is able to use. An configuration example is given on the bottom of the page you linked. Obviously you will have to modify the paths and directives from the example to suit your needs, but it should get you started. <IfModule mod_shaper.c> ShaperEngine on ShaperLog /var/log/ftpd/shaper.log ShaperTable /var/log/ftpd/shaper.tab # An overall rate (in KB/s) must be set. This line explicitly # sets both the download and upload rates to be the same. ShaperAll downrate 1500 uprate 1500 # Allow all system users to see shaper info ShaperControlsACLs info allow user * # Allow FTP admins to alter settings both overall and per-session ShaperControlsACLs all,sess allow group ftpadm </IfModule> Don't forget to test your modified configuration. It should give you hints if something is not correctly configured: /usr/local/SlrG-Common/usr/local/sbin/proftpd -c /etc/proftpd.conf -t Also remember to restart the proftpd server from the plugins configuration page for the changes to take effect. Edited November 21, 2021 by SlrG Quote Link to comment
KentBrockman Posted November 21, 2021 Share Posted November 21, 2021 Thank You SlrG, I have it running now and upload bandwidth is being throttled as I was hoping. I can't quite make sense of the set rate vs the actual speeds I am seeing. I have tried 500KB/s and 1000KB/s for overall up/down rates but my router is telling me actual is between 5-10Mbps. Either way I am happy, I was just wondering if anyone knew how the set rates relate to the real world numbers. Thanks again Quote Link to comment
SlrG Posted November 22, 2021 Author Share Posted November 22, 2021 @KentBrockman I'm glad you are happy. KB/s is Kilo Bytes per Second. 1 Kilo Byte is 1024 Byte and 1 Byte is 8 bit. So 1 KB/s is 8192 bits per second or 8192 bps. Your chosen values of 500 KB/s are 4096000 bps or 4 Mbps and 1000KB/s are 8192000 bps or 8 Mbps. If other things in your network besides your FTP server generate some traffic too, this would probably explain the overhead reported by your router. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.