Bug#949622: proftpd-basic: SSH authentication fails for many clients due to receiving of SSH_MSG_IGNORE packet

Hilmar Preusse hille42 at web.de
Wed Jan 22 21:15:39 GMT 2020 

Package: proftpd-basic
Version: 1.3.6b-2
Severity: important
Tags: patch upstream

Dear Maintainer,

the issue is already known in upstream and a patch is available:
http://bugs.proftpd.org/show_bug.cgi?id=4385

All my users that use the filezilla client 3.46.1+ fail to connect to my
proftpd server.  I tested the problem exist on debian jessie and debian etch
proftpd and filezilla 3.46.2 and 3.46.3 .

filezilla send SSH_MSG_IGNORE in the middle of the auth and it seems to
broke proftpd sftp module that do not seems to ignore them.

Hilmar

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 5.4.0-3-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages proftpd-basic depends on:
ii  adduser            3.118
ii  debianutils        4.9.1
ii  libacl1            2.2.53-5
ii  libc6              2.29-9
ii  libcap2            1:2.27-1
ii  libhiredis0.14     0.14.0-4
ii  libmemcached11     1.0.18-4.2
ii  libmemcachedutil2  1.0.18-4.2
ii  libncursesw6       6.1+20191019-1
ii  libpam-runtime     1.3.1-5
ii  libpam0g           1.3.1-5
ii  libpcre3           2:8.39-12+b1
ii  libssl1.1          1.1.1d-2
ii  libtinfo6          6.1+20191019-1
ii  libwrap0           7.6.q-30
ii  lsb-base           11.1.0
ii  netbase            6.0
ii  sed                4.7-1
ii  ucf                3.0038+nmu1
ii  zlib1g             1:1.2.11.dfsg-1+b1

Versions of packages proftpd-basic recommends:
pn  proftpd-doc  <none>

Versions of packages proftpd-basic suggests:
ii  openbsd-inetd [inet-superserver]  0.20160825-4+b1
ii  openssl                           1.1.1d-2
pn  proftpd-mod-geoip                 <none>
pn  proftpd-mod-ldap                  <none>
pn  proftpd-mod-mysql                 <none>
pn  proftpd-mod-odbc                  <none>
pn  proftpd-mod-pgsql                 <none>
pn  proftpd-mod-snmp                  <none>
pn  proftpd-mod-sqlite                <none>

-- debconf information excluded

More information about the Pkg-proftpd-maintainers mailing list