Jump to content
SlrG

ProFTPD Plugin for unRAID v6.8.x

721 posts in this topic Last Reply

Recommended Posts

Posted (edited)

@fabrizzium

Sadly the web editing functionality for the proftpd.conf file is broken. Please leave the webserver usage disabled and edit it manually using the shell. (nano /etc/proftpd.conf)

 

@Pducharme

Technically it is implemented. First it worked using the default unraid webserver, until security measures made the plugin unable to use it. Afterwards it required the apache webserver plugin (docker did not work). Development on that one stopped however and I was not able to find another way to get it working again. So it is implemented but broken.

Edited by SlrG
added comment for @Pducharme

Share this post


Link to post
10 minutes ago, SlrG said:

@fabrizzium

Sadly the web editing functionality for the proftpd.conf file is broken. Please leave the webserver usage disabled and edit it manually using the shell. (nano /etc/proftpd.conf)

 

@Pducharme

Technically it is implemented. First it worked using the default unraid webserver, until security measures made the plugin unable to use it. Afterwards it required the apache webserver plugin (docker did not work). Development on that one stopped however and I was not able to find another way to get it working again. So it is implemented but broken.

 

I think you should just remove (hide?) the part of the plugin that is now broken, that will be cleaner :)

Share this post


Link to post
Posted (edited)

I have a question about having one user needing two directories. My set up is

  • user1file
  • user2file
  • sharedfile

I want user1 to access user1file and sharedfile but not user2file and similarly I want user2 to access user2file and sharedfile but not user1file.

Is that possible without copying the sharedfile?

Edited by streetdonuts

Share this post


Link to post

It should work using the directory directive, with limit section and allow user rule. Put them into your /etc/proftpd.conf file, make sure the files exist and reboot the proftpd service in the plugins settings.

<Directory /path/to/user1file>
  <Limit ALL>
      AllowUser user1
      DenyAll
  </Limit>
</Directory>
<Directory /path/to/user2file>
  <Limit ALL>
      AllowUser user2
      DenyAll
  </Limit>
</Directory>
<Directory /path/to/sharedfile>
  <Limit ALL>
      AllowUser user1
      AllowUser user2
      DenyAll
  </Limit>
</Directory>

 

Share this post


Link to post
On 5/7/2017 at 6:45 AM, SlrG said:

To enable sftp:

open a shell on your unraid server and issue the following commands


cd /etc/ssh
ssh-keygen

Enter the name of the keyfile (sftp_rsa_key) and no passphrase.

You will get two files sftp_rsa_key and sftp_rsa_key.pub. The public key needs to be converted to another format to make it usable by proftpd:


ssh-keygen -e -f sftp_rsa_key.pub | sudo tee sftp_user_keys

You will get a new file sftp_user_keys. Now the owner and permissions will need to be changed:


chown nobody:users sftp_rsa_key sftp_rsa_key.pub sftp_user_keys
chmod 600 sftp_rsa_key sftp_rsa_key.pub sftp_user_keys 

Now to make your system restore the correct permissions of this keys on boot you will need to modify the mountscript:


nano /boot/config/plugins/ProFTPd/mountscript.sh

Insert the following lines:


chown nobody:users /etc/ssh/sftp_rsa_key /etc/ssh/sftp_rsa_key.pub /etc/ssh/sftp_user_keys
chmod 600 /etc/ssh/sftp_rsa_key /etc/ssh/sftp_rsa_key.pub /etc/ssh/sftp_user_keys

Now edit your proftpd.conf file and insert:


<IfModule mod_sftp.c>
        SFTPEngine on
        Port 2222
        SFTPLog /var/log/sftp.log

        SFTPHostKey /etc/ssh/sftp_rsa_key
        SFTPAuthorizedUserKeys file:/etc/ssh/sftp_user_keys

        SFTPAuthMethods publickey

        SFTPKeyBlacklist none
        SFTPDHParamFile /usr/local/SlrG-Common/usr/local/etc/dhparams.pem
</IfModule>

Don't forget to restart the proftpd server to enable the changes.

 

You need to copy the sftp_rsa_key and take it with you, to access your server. If you are using FileZilla to connect, the file needs to be converted to a usable format and stored in FileZillas settings.

 

Was there a change to this, I followed instructions but it wont boot with the added config information. 

Share this post


Link to post

Hi, I'm trying to get this going on my unRaid server and it appears to almost be working.  When I try to actually connect to one of my ftp users I get back "FATAL ERROR: Received unexpected end-of-file from SFTP server"  any idea what this means or how to troubleshoot?  I have set up ftpuser with the description ftpuser and a second user xyz with description ftpuser /mnt/cache/MyShare.  I have restarted the daemon, deleted and recreated users, all to no avail.  I get the same error message when attempting to connect to either user.

 

Thanks

Share this post


Link to post
Posted (edited)

@cjm187

I'm personally not using sftp and I don't have the time at the moment to try the whole process again. I remember ssh-keygen was broken on some unRAID version, which number, I don't remember anymore. I also don't know if it still might be. The certificates it generated required a password, even if no passphrase was given, which broke what was described above. The solution was, to generate the certificates on another linux machine.  Maybe that is the reason it fails for you. Also try to syntax check the config file and look for error messages, when trying to start the service from the command line.

Test config:
/usr/local/SlrG-Common/usr/local/sbin/proftpd -c /etc/proftpd.conf -t
Test config with debug level 10: 
/usr/local/SlrG-Common/usr/local/sbin/proftpd -c /etc/proftpd.conf -td10
Run normally outputting messages to console:
/usr/local/SlrG-Common/usr/local/sbin/proftpd -c /etc/proftpd.conf

 

@Robot Porcupine

The default ftp setup doesn't use sftp. Did you try to connect without encryption? The first step should be to get it working unencrypted and then one can start trying to make it work encrypted.  If that is not the problem, please search the thread for info on how to debug problems.

 

Encryption is not easy to setup however,  so I recommend to setup a vpn or wireguard instead and use that to connect to the server. Afterwards it is no Problem to use unencrypted ftp over the encrypted vpn connection. Or setup a vm, where you are much more flexible in setting up a FTP server.

Edited by SlrG
removed duplicate line; fix typo

Share this post


Link to post
On 5/31/2019 at 4:44 PM, SlrG said:

It seems the download of the plugin control files fails from github. Please download them manually from here into /boot/config/plugins/ProFTPd. Manually create the directory if it does not exist. If the dependency download fails too, download the file manually from here. Afterwards the plugin should install I think. If not, please report again.

FYI, I installed this on Unraid 6.8.3 yesterday, and everything "just worked".  Today I tried installing it on a different instance, vastly different geographical location, different hardware, version 6.8.2, and I got the "...Unable to download missing plugin control files." error.

 

Your first link to the file above is no longer valid.  But I found the directory from the URL works, and I downloaded ProFTPd-SlrG-Control-1.7.tar.gz and ProFTPd-SlrG-Dependency-1.7_x64.tar.gz into /boot/config/plugins/ProFTPd (which already existed), and then I was able to install the plugin.

 

Maybe this will be helpful to you or others.

 

Thanks!

Share this post


Link to post

i have a problem with the mount script. after i run the "mount --bind /mnt/user/Filme /mnt/cache/FTP/Gee/Filme" i cant move Files from an other cache folder to "/mnt/cache/Filme". Instead it copys the files.. This took longer time and unnecessary stresses my SSD. Is there a workaround ?

Share this post


Link to post

@Gee1

Maybe you could try to "mount --bind /mnt/user0/Filme /mnt/cache/FTP/Gee/Filme" instead. Does it move the files faster then? The drawback will be, that your FTP users will not be able to access the new files until the mover has moved them from the cache to the array. Or you could try to place the homedir of the user on the array and not on the cache: "mount --bind /mnt/user/Filme /mnt/FTP/Gee/Filme".

 

Also you could try to setup the user without jailing them into a home directory, then you won't need the bind mound. To limit what the user can access use directory and limit directives instead.

Share this post


Link to post

hey, is it possible to bind proftpd to another IP than the unraid ip ?

Share this post


Link to post

So I have to following problem with this plugin. I need an ftp share for my security cam to upload its footage.

 

Using newest version of ProFTPd > 2020.03.10.1

Username: cam

User Description: ftpuser /mnt/user/cam

 

All works fine till suddenly the plugin seems to crash and the security cam writes to /home/cam/ instead of /mnt/user/cam.

Since /home/cam/ is in RAM it keeps on writing till my RAM is full and then the unraid webinterface is not longer reachable due to "no space to write".

The only solution so far is to manually delete the content of /home/cam via ssh to make the webinterface working again and after that restart the ProFTPd Plugin in the webinterface. It it possible that the plugin does not "survive" a stop and restart of the array?

 

As a dirty solution I created a symlink of /mnt/user/cam in /home/cam that it also writes to the right place even if the plugin fails again. 

Edited by Retrogamer137

Share this post


Link to post

@Retrogamer137

This is the support thread, but I'm not reading it regularly and depend on the notifications mostly. Sometimes they sadly fail. I got no info on your first post, but for the second one it worked.

 

To answer your questions, stopping and restarting the array will stop and restart the plugin, too. So is it really crashing or are you "killing" it manually? Under normal circumstances however, the plugin should start automatically, when the array is started again. So if you have to manually restart it, something is indeed going wrong.

 

(A bit of explanation: In stopped array mode, only the flash and no user or disk shares are accessible. No shares means, no sources available to read or write and so it wouldn't make sense to keep the plugin running.)

 

As there are no shares available when stopped, it makes me wonder if your symlink will really work, if you start and stop the array manually?

 

If you have still trouble, I'll need your diagnostics file, to try and find the reason.

Share this post


Link to post

Hi. I'm new to UnRaid.

Just got this working and noticed one key element that needed.

Before you install this plugin the Ftp that is shipped with UnRaid need to be started.

 

Just my 50 cents.

Share this post


Link to post

Hmm... It was enabled by default in previous versions. It must have changed somewhere along the way. Thank you for the bug report. I'll try to fix it in a future version. It can take a while however as I have little to no time.

Share this post


Link to post
9 hours ago, Gee1 said:

DefaultAddress dosnt work :(

@Gee1

Another idea is to create a virtual host with an IP address instead of a FQDN (see here). If this doesn't work, I'm sadly out of ideas, sorry. Maybe you could try to ask on the ProFTPd forum?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.