[Bug 1975567] Re: Proftpd 1.3.7c not working with openssl 3

Florian Knauf 1975567 at bugs.launchpad.net
Thu Oct 13 14:15:28 BST 2022 

My workaround was setting up OpenSSH to listen on a second port and
force sftp on that, i.e. in /etc/ssh/sshd_config

Port 22
Port 2200

...

Match LocalPort 2200
    AllowGroups ftpusers
    ChrootDirectory /srv/ftp
    ForceCommand internal-sftp
    AllowTCPForwarding no
    AllowAgentForwarding no
    X11Forwarding no


For compatibility with older clients you may have to set

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

And for extremely old clients possibly (but hopefully not) extend the
KexAlgorithms with

KexAlgorithms +diffie-hellman-group-exchange-sha1,diffie-hellman-
group14-sha1,diffie-hellman-group1-sha1

Only do that as a last resort, though! OpenSSH has removed support for
the old SHA1-based key exchange algorithms, which is a good thing
security-wise but has tripped up some clients that worked with my
previous proftpd config.

-- 
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/1975567

Title:
  Proftpd 1.3.7c not working with openssl 3

Status in proftpd-dfsg package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  On ubuntu 22.04, the current version of Proftpd 1.3.7c+dfsg-1build1 doesn't work with openssl 3.0.
  The result of this issue is : you can't connect with sftp.

  You can see two issues with the same problem :

  https://github.com/proftpd/proftpd/issues/1448
  https://github.com/proftpd/proftpd/issues/1469

  The problem for sftp module is fixed in 1.3.7e version :
  1.3.7e
  --------------------------------
  - Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.

  https://github.com/proftpd/proftpd/blob/1.3.7/NEWS

  This is the commit for the fix :
  https://github.com/proftpd/proftpd/commit/8aa39b27d8fd6ada556b51c4547a504956474078

  Thanks for the help.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1975567/+subscriptions

More information about the Pkg-proftpd-maintainers mailing list