[Bug 1975567] Re: Proftpd 1.3.7c not working with openssl 3
Florian Knauf
1975567 at bugs.launchpad.net
Thu Oct 13 14:15:28 BST 2022
My workaround was setting up OpenSSH to listen on a second port and
force sftp on that, i.e. in /etc/ssh/sshd_config
Port 22
Port 2200
...
Match LocalPort 2200
AllowGroups ftpusers
ChrootDirectory /srv/ftp
ForceCommand internal-sftp
AllowTCPForwarding no
AllowAgentForwarding no
X11Forwarding no
For compatibility with older clients you may have to set
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
And for extremely old clients possibly (but hopefully not) extend the
KexAlgorithms with
KexAlgorithms +diffie-hellman-group-exchange-sha1,diffie-hellman-
group14-sha1,diffie-hellman-group1-sha1
Only do that as a last resort, though! OpenSSH has removed support for
the old SHA1-based key exchange algorithms, which is a good thing
security-wise but has tripped up some clients that worked with my
previous proftpd config.
--
You received this bug notification because you are a member of ProFTPD
Maintainance Team, which is subscribed to proftpd-dfsg in Ubuntu.
https://bugs.launchpad.net/bugs/1975567
Title:
Proftpd 1.3.7c not working with openssl 3
Status in proftpd-dfsg package in Ubuntu:
Confirmed
Bug description:
Hi,
On ubuntu 22.04, the current version of Proftpd 1.3.7c+dfsg-1build1 doesn't work with openssl 3.0.
The result of this issue is : you can't connect with sftp.
You can see two issues with the same problem :
https://github.com/proftpd/proftpd/issues/1448
https://github.com/proftpd/proftpd/issues/1469
The problem for sftp module is fixed in 1.3.7e version :
1.3.7e
--------------------------------
- Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
https://github.com/proftpd/proftpd/blob/1.3.7/NEWS
This is the commit for the fix :
https://github.com/proftpd/proftpd/commit/8aa39b27d8fd6ada556b51c4547a504956474078
Thanks for the help.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/proftpd-dfsg/+bug/1975567/+subscriptions
More information about the Pkg-proftpd-maintainers
mailing list