[Bug 1975567] Re: Proftpd 1.3.7c not working with openssl 3
Boris Tassou
1975567 at bugs.launchpad.net
Mon Jul 24 13:11:21 BST 2023
Hi Simon,
Thanks for the informations, i just updated the first post with details.
But now, i don't reproduce the problem anymore....
Same configuration, same packages the only difference is some ciphers :
before :
2022-05-23 12:32:10,510 mod_sftp/1.0.1[733785]: + Session key exchange: curve25519-sha256 at libssh.org
2022-05-23 12:32:10,510 mod_sftp/1.0.1[733785]: + Session server hostkey: ssh-rsa
now :
2023-07-24 13:56:23,746 mod_sftp/1.0.1[3272]: + Session key exchange: curve25519-sha256
2023-07-24 13:56:23,746 mod_sftp/1.0.1[3272]: + Session server hostkey: rsa-sha2-512
In the changelogs, the last entry for proftpd-basic is your work :
proftpd-dfsg (1.3.7c+dfsg-1build1) jammy; urgency=medium
* No-change rebuild against openssl3
-- Simon Chopin <simon.chopin at canonical.com> Fri, 03 Dec 2021 14:35:22
+0100
But it's before this issue. I continu my quest!
--
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/1975567
Title:
Proftpd 1.3.7c not working with openssl 3
Status in proftpd-dfsg package in Ubuntu:
Fix Released
Status in proftpd-dfsg source package in Jammy:
Confirmed
Bug description:
[ Impact ]
On ubuntu 22.04, the current version of Proftpd 1.3.7c+dfsg-1build1
with the module sftp doesn't work with openssl 3.0.
[ Test Plan ]
Install proftpd with sftp module on ubuntu 22.04 and create a virtual
account.
Installation details :
apt install proftpd-basic
echo "
<IfModule mod_sftp.c>
<VirtualHost X.X.X.X>
# Configure the server to listen on port
Port 2222
SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/transfer.log
# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /etc/proftpd/ssh_host_rsa_key
# Auth methods
SFTPAuthMethods password
AuthUserFile /etc/proftpd/ftpd.passwd
RequireValidShell off
# SFTP specific configuration
DefaultRoot ~
# Some ftp options
SFTPOptions IgnoreSFTPSetPerms IgnoreSFTPUploadPerms
Umask 002 002
AllowOverwrite on
</VirtualHost>
</IfModule>" > /etc/proftpd/conf.d/sftpd.conf
echo "
# Use only AuthUserFiles when authenticating, and not the system's /etc/passwd
AuthOrder mod_auth_file.c
# Use virtual users file
AuthUserFile /etc/proftpd/ftpd.passwd" >> /etc/proftpd/proftpd.conf
Uncomment in /etc/proftpd/modules.conf :
# Install proftpd-mod-crypto to use this module for SFTP support.
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --uid=59999 --home=/home/user --shell=/bin/false --sha256 --name=sftp_test
cp /etc/ssh/ssh_host_rsa_key /etc/proftpd/ssh_host_rsa_key
cp /etc/ssh/ssh_host_rsa_key.pub /etc/proftpd/ssh_host_rsa_key.pub
systemctl restart proftpd
[ Where problems could occur ]
When you try to connect with sftp.
The result of this issue is : you can't connect with sftp.
[ Other Info ]
You can see two issues with the same problem :
https://github.com/proftpd/proftpd/issues/1448
https://github.com/proftpd/proftpd/issues/1469
The problem for sftp module is fixed in 1.3.7e version :
1.3.7e
--------------------------------
- Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
https://github.com/proftpd/proftpd/blob/1.3.7/NEWS
This is the commit for the fix :
https://github.com/proftpd/proftpd/commit/8aa39b27d8fd6ada556b51c4547a504956474078
Thanks for the help.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1975567/+subscriptions
More information about the Pkg-proftpd-maintainers
mailing list