Skip to content Skip to sidebar Skip to footer
Accueil / Fatal: Unable to Read Configuration File '/etc/proftpd.conf

Fatal: Unable to Read Configuration File '/etc/proftpd.conf

Enregistrer un commentaire
  • #6

I had the same bug, with an additional twist… OpenSSH keys don't work with mod_sftp (see: https://github.com/proftpd/proftpd/issues/793), which means I had to recreate both keys in older PEM format similar this:

Code: 

                          ssh-keygen -m PEM -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa ssh-keygen -one thousand PEM -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 2048

Information technology would be great if DirectAdmin fabricated it easier to switch to ProFTPD with mod_sftp. I imagine it's a fairly mutual requirement.

Wouldn't this overwrite the default keys of the ssh server? And if y'all look at the last comment in the outcome you mentioned, I suggest this solution:

First practice step i of the DA how to on sftp proftpd

then create custom keys (maybe simply the get-go is actually needed?)

Lawmaking: 

                      mkdir /etc/proftpd/ ssh-keygen -1000 PEM -f /etc/proftpd/ssh_host_rsa_key -N '' -t rsa -b 2048 ssh-keygen -thousand PEM -f /etc/proftpd/ssh_host_dsa_key -N '' -t dsa -b 1024 ssh-keygen -m PEM -f /etc/proftpd/ssh_host_ecdsa_key -N '' -t ecdsa -b 521

And and so to finish upwardly, modify in /etc/proftpd.sftp.conf the key directive and restart ftp:

Lawmaking: 

                      sed -i '/SFTPHostKey/c\    SFTPHostKey /etc/proftpd/ssh_host_rsa_key' /etc/proftpd.sftp.conf && systemctl restart proftpd

(note; you dont have to change annihilation in /usr/local/directadmin/custombuild/custom/proftpd/ for this to exist consisten)

Yous can now practise the test-steps as mentioned in the DA how to.

  • #vii

P.Southward. personally I would also recommend adding the beneath to the "ifmod ssl" block

TLSOptions NoSessionReuseRequired

in /usr/local/directadmin/custombuild/custom/proftpd/conf/proftpd.conf

and and so

Code: 

                      cp /usr/local/directadmin/custombuild/custom/proftpd/conf/proftpd.conf /etc/proftpd.conf && systemctl restart proftpd

this prevents timeouts because FileZilla will not reuse the SSL session correctly sometimes.

My stance: I think at this moment FTPS is not really useful. ProFTP does not support SNI and PureFTP does not support session reusing. Both requite Filezilla users bad warnings or you lot have to utilize the main certificate wich also has downsides IMHO.

SFTP works only when doing manual changes. So it would be really great to ready upward the how to on DA-assist folio.

Discussion: I am very happy with DA and have been using it for almost two decades. And I am OK with the new licensing model. Merely the minor things cost a lot of time and effort and I wish this would non be needed. I have a huge documentation on how to install, use and maintain DA and all the things are really very minor things. As an example

Could be, just like this, be fixed in minutes. And it keeps on costing people precious time every bit y'all can read in the concluding post.

If anybody at DA needs help, I am willing to work on some things to get it a scrap more polished. I understand that security related issues has college prio of grade. Maybe letting a few people help clean upwardly the minor things would really add to the easy of use of DA.

Kal

Kal

Verified User

  • #8
Thanks Richard. I actually gave upward on ProFTPD with mod_sftp, and went back to using SFTP which I'yard happy with. I can't quite remember why I didn't but do that in the first place.

(No I didn't. Run into below.)

Last edited:

  • #ix

Hee Kal, thank yous for the github link to the relevant effect :)

Y'all probably mean y'all went back to FTPS? I think the two biggest problem with FTPS in general are:

  1. information technology allows insecure connections if the clients wants this (might be configurable)
  2. i personally keep getting bug with timeouts and other errors when a lot of users are on information technology. Difficult to debug. With pureFTP it was sometimes because of session reusing. In general it is foreign because it uses stuff similar command and data channels etc.
  3. accepting of certificates due to lack of SNI on Proftp.

So even if I wanted FTP, in that location is no way of doing it the right way at this time with FileZilla (and that is used a lot). That is because I really want people to utilise their own domain when connecting to (S)FTP(S) so I can move their package from one server to another without them having to change anything (settings regarding mailserver and FTP server).

A guy here says information technology very nicely:

FTP is a stupid protocol and needs to die.

It has served humanity its purpose and at present its time to hand it over to a meliorate protocol :LOL:

I am actually thinking on disabling all FTP(Southward) and moving on to SFTP for all clients.

Kind regards and have a dainty twenty-four hours

loweforits.blogspot.com

Source: https://forum.directadmin.com/threads/proftpd-with-mod_sftp-dont-start.55638/

Enregistrer un commentaire for "Fatal: Unable to Read Configuration File '/etc/proftpd.conf"