Bug#909331: proftpd-basic: The '%u' variable is not fully interpreted for SFTPAuthorizedUserKeys parameter

Nicolas Couturier coute at coute.org
Fri Sep 21 19:20:48 BST 2018 

Package: proftpd-basic
Version: 1.3.5b-4
Severity: normal



-- System Information:
Debian Release: 9.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages proftpd-basic depends on:
ii  adduser            3.115
ii  debianutils        4.8.1.1
ii  libacl1            2.2.52-3+b1
ii  libc6              2.24-11+deb9u3
ii  libcap2            1:2.25-1
ii  libmemcached11     1.0.18-4.1
ii  libmemcachedutil2  1.0.18-4.1
ii  libncurses5        6.0+20161126-1+deb9u2
ii  libpam-runtime     1.1.8-3.6
ii  libpam0g           1.1.8-3.6
ii  libpcre3           2:8.39-3
ii  libssl1.0.2        1.0.2l-2+deb9u3
ii  libtinfo5          6.0+20161126-1+deb9u2
ii  libwrap0           7.6.q-26
ii  lsb-base           9.20161125
ii  netbase            5.4
ii  sed                4.4-1
ii  ucf                3.0036
ii  zlib1g             1:1.2.8.dfsg-5

proftpd-basic recommends no packages.

Versions of packages proftpd-basic suggests:
pn  openbsd-inetd | inet-superserver  <none>
ii  openssl                           1.1.0f-3+deb9u2
ii  proftpd-doc                       1.3.5b-4
pn  proftpd-mod-geoip                 <none>
pn  proftpd-mod-ldap                  <none>
ii  proftpd-mod-mysql                 1.3.5b-4
pn  proftpd-mod-odbc                  <none>
pn  proftpd-mod-pgsql                 <none>
pn  proftpd-mod-sqlite                <none>

-- Configuration Files:
/etc/logrotate.d/proftpd-basic changed [not included]

-- debconf information:
* shared/proftpd/inetd_or_standalone: standalone

I tried to set up publickey authentification with proftpd.
I added the public key location in my Virtualhost :
SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u

When I tried to connect I had this error :
Permission denied (publickey).
Couldn't read packet: Connection reset by peer

I had this error in SFTP log :
2018-09-21 17:44:14,273 mod_sftp/0.9.9[19024]: sending userauth failure;
remaining userauth methods: publickey,password

I activated Trace logs
Here is the error :
2018-09-21 17:44:11,980 [19024] <ssh2:2>: using SFTPAuthorizedUserKeys
'/etc/proftpd/authorized_keys/imps' for public key authentication for
user 'imps'
2018-09-21 17:44:11,980 [19024] <ssh2:7>: error opening
SFTPAuthorizedUserKeys 'file:/etc/proftpd/authorized_keys/%u': No such
file or directory

The %u variable is interpreted for finding the name of the key file but not for
opening it.

I changed the location of the public key file for that :
SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys

After moving the user public key in his folder .sftp, authentification
worked.

Could please have a look on this issue ?
I prefered to put user key outside home directory.

Regards.

More information about the Pkg-proftpd-maintainers mailing list