Want to subscribe to topics you're interested in?
Become a Member

My Staff cannot login FTP

Discussion in 'Other Centmin Mod Installed software' started by Thanh, Oct 3, 2016.

  1. Thanh

    Thanh New Member

    22
    0
    1
    Jun 15, 2014
    Ratings:
    +1
    Local Time:
    10:56 AM
    My staff cannot login his ftp. I test that account on my computer. It's ok​

    [​IMG]

    My Staff login get this info and then disconnect.


     
  2. pamamolf

    pamamolf Well-Known Member

    2,721
    242
    63
    May 31, 2014
    Ratings:
    +433
    Local Time:
    5:56 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    In Filezilla Site Manager set Protocol: FTP and Encryption to: Require Explicit over TLS
    and then on Transfer settings tab select Transfer Mode: Passive
     
  3. Thanh

    Thanh New Member

    22
    0
    1
    Jun 15, 2014
    Ratings:
    +1
    Local Time:
    10:56 AM
    Yep, i was set Protocol FTP and Encrytion is Require Explicit Over TLS and set transfer mode to Passive but don't work

    Code:
    Status:    Connection established, waiting for welcome message...
    Response:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:    220-You are user number 1 of 25 allowed.
    Response:    220-Local time is now 14:07. Server port: 21.
    Response:    220-This is a private system - No anonymous login
    Response:    220-IPv6 connections are also welcome on this server.
    Response:    220 You will be disconnected after 15 minutes of inactivity.
    Command:    USER xxx
    Response:    421 Sorry, cleartext sessions and weak ciphers are not accepted on this server.
    
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    You'll need to post on the forums with the following info
    • Server or VPS details ? XEN, KVM, OpenVZ, VMWare or dedicated server ? OS ? CentOS 6.7 or 7.2 ? 32bit or 64bit ?
    • What version of Centmin Mod ? .07 stable or 08 stable or .09 beta01 or another branch version ?
    • Was it fresh install or upgrade ?
    • Method of install ? Via centmin.sh menu option 1, Git install or curl one liner install as outlined at centminmod.com/download.html ?
    • How long ago did you install Centmin Mod ?
    • There's numerous code changes, bug fixes over time, so ensure you have latest Centmin Mod code installed by upgrading your Centmin Mod code as instructed below.
    How many staff ? And what FTP client used ? Tried Filezilla ? What is your staff's local computers operating system ?

    Also see FAQ items 40 & 41 for details and clues.

    That means Explicit TLS was not enabled. Make sure CSF Firewall is running too as it sets up proper passive ports for Pure-ftpd server. If CSF Firewall disabled, you want be able to use Pure-ftpd virtual ftp user.

    Upgrading Centmin Mod Code to Latest Version



    Upgrading Centmin Mod involves 2 parts.
    1. Upgrading the actual Centmin Mod code outlined at Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS This is heart of Centmin Mod where the code is the engine that runs centmin.sh shell based menu and all the automation you're accustomed to.
    2. Upgrade software that Centmin Mod installed or manages. For this part following outline at Upgrade - How to upgrade Centmin Mod | Centmin Mod Community
    So essentially, you can upgrade from .07 to .08 in place, but not everything is upgraded as some things like server initial environment setup isn't changed i.e. how swap, tmp setup and allocation are created etc. The main parts from part 2 above are what in place upgrades do i.e. Nginx and PHP-FPM compilation and config/settings parameters and MariaDB version from 5.5 to 10.0.x. If you want the full environment changed including tmp and swap setup to .08's configuration, then you would need a fresh OS install and fresh .08 initial install. You can think of it like upgrading Windows 7 to Windows 8. An in place upgrade will upgrade code but won't change your computer environment from when you installed Windows 7 i.e. disk configuration and partition sizes won't change from when you initially installed Windows 7. Only way to change that would be fresh Windows 8 install.
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    Also Centmin Mod 123.09beta01 raised some of the Pure-FTP /CSF Firewall limits Beta Branch - update pure-ftpd & csf related connection limits in 123.09beta01 | Centmin Mod Community compared to 123.08stable in light of FAQ items 40 & 41.

    try raising CSF Firewall limits for these 2 values in config file at /etc/csf/csf.conf
    Code (Text):
    LF_DISTFTP_UNIQ = "8"
    LF_DISTFTP_UNIQ = "10"
    

    restart CSF Firewall after making config changes
    Code (Text):
    csf -r


    There's many more changes and improvements in 123.09beta01 than these changes. So if that doesn't work, you could try switching to Centmin Mod 123.09beta01 (1st post has switching instructions) via centmin.sh menu option 23 submenu option 3. The centmin.sh menu option 23 is also explained at Upgrade Centmin Mod - CentminMod.com LEMP Nginx web stack for CentOS
     
  6. Thanh

    Thanh New Member

    22
    0
    1
    Jun 15, 2014
    Ratings:
    +1
    Local Time:
    10:56 AM
    [​IMG]

    NO SUCK FILE OR DICTIONARY :(
     
  7. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    Did you run entmin.sh menu option 23 submenu option 2 to update your 123.08stable code before running centmin.sh menu option 4 to recompile nginx ?

    To troubleshoot, you need to check the the nginx upgrade log at /root/centminlogs and instructions under Sharing logs and errors heading for using Pastebin.com or Gists to share a sanitised version of the contents of the initial install log. You can see full details at How to troubleshoot Centmin Mod initial install issues

    also what's output of
    Code (Text):
    nginx -t

    when you run centmin.sh menu option 4 there's a nginx upgrade log timestamped at /root/centminlogs

    if you type this command it lists all logs in date ascending order so latest log at bottom
    Code (Text):
    ls -lArt /root/centminlogs

    so copy the entire contents of latest nginx_upgrade log to gist.github.com or pastebin.com
     
  8. Thanh

    Thanh New Member

    22
    0
    1
    Jun 15, 2014
    Ratings:
    +1
    Local Time:
    10:56 AM
    Dear all,

    My Staff cannot login my ftp via TLS .. BUT I CAN LOGIN VIA TLS. I DON'T KNOW WHY ??

    When i set TLS to 1, he can login my ftp via ( Only use plain FTP )

    Please help me.

    Thank you
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    Most likely means, he hasn't set explicit TLS and passive mode properly in his ftp client if he still gets the following message
    Code (Text):
    Response: 421 Sorry, cleartext sessions and weak ciphers are not accepted on this server.

    for your staff's ftp client, set verbose logging enabled so you get the full initial connection logged info and copy and paste that to gist.github.com or pastebin.com (sanitise and high sensitive user/pass info).

    example at community.centminmod.com/posts/31817/ and community.centminmod.com/posts/31825/
     
  10. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:56 AM
    Nginx 1.13.x
    MariaDB 5.5
  11. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    12:56 AM
    Nginx 1.13.x
    MariaDB 5.5
    one more thing from How to add SSH/FTP user? is it SSH user and FTP user is not same? | Centmin Mod Community is that same staff member who tried to ssh into server with ftp login details ? if so it could be that CSF Firewall's LFD (login failure daemon) blocked and banned your staff members IP address after too many sshd login failures.

    you can double check using CSF firewall grep command -g

    grepping csf firewall ips
    Code (Text):
    csf -g STAFFISP_IPADDRRESS

    if blocked remove your staff members' ISP IP addresses from /etc/csf/csf.deny and restart CSF Firewall
    or via command
    Code (Text):
    csf -dr ISPIPADDRESS