Cannot ftp from EXTERNAL sender

alexcol · January 4, 2020, 9:05am

ood morning, i need your help please

from EXTERNAL sender somedy is trying to ftp by a public ip address this way

ftp 190.13.96.8
Connected to 190.13.96.8.
220 pricing01c FTP server ready.
Name (190.13.96.8:g803162): synverse
331 Password required for synverse.
Password:
530 Login incorrect.
Login failed.
ftp>

WE reset the passwd, localy from pricing01c trying to ftp but is not working

/produccion/explotacion/xptol # hostname
pricing01c
/produccion/explotacion/xptol # ftp pricing01c
Connected to 10.80.1.29.
220 pricing01c FTP server ready.
Name (10.80.1.29:xptol): synverse
331 Password required for synverse.
Password:
530 Login incorrect.
Login failed.

I cheked out the user and it exists:

/produccion/explotacion/xptol # grep synverse /etc/passwd
synverse:x:1141:118:661/C/*CDPTMR//DPE_CO_COLOMBIA TELECOMUNICACIONES SA-MIDRANGE - Usuario FTP synverse:/produccion01/explotacion/xproaming/tap3/dat/recepcion/archivos:/bin/false

This is the OS

etc/ftpd # uname -a
SunOS pricing01c 5.10 Generic_144488-01 sun4u sparc SUNW,SPARC-Enterprise

I checked out thet user into the ftpd directoty and found nothing:

etc/ftpd # ls -lrt
total 14
-rw-r--r--   1 root     sys          946 Jan 21  2005 ftpconversions
-rw-r--r--   1 root     sys          104 Jan 21  2005 ftpgroups
-rw-r--r--   1 root     sys          114 Jan 21  2005 ftpservers
-rw-r--r--   1 root     sys          108 Jan 21  2005 ftphosts
-rw-r--r--   1 root     sys          437 Feb  7  2011 ftpusers
-rw-r--r--   1 root     sys         1530 Mar  9  2011 ftpaccess
/etc/ftpd # uname -a
SunOS pricing01c 5.10 Generic_144488-01 sun4u sparc SUNW,SPARC-Enterprise
/etc/ftpd # 
/etc/ftpd # grep synverse ftp*

The admin found the account disabled because of multiple retries but enable and reset the passwd again, and we tried one more time bat failed

What else can i check it out ?
I appreciate your help in advanced

jim_mcnamara · January 4, 2020, 10:05am

The ftpaccess file is probably blocking the user, as a guess, something is not configured correctly in there.

Reference: Controlling FTP Server Access - System Administration Guide: Network Services

First thing to check:
Usually there is a line in the file to allow access based on network ipv4 address, example: 10.192.*
Work through all of the settings carefully one by one because there are other kinds of settings to check. ftp is a security risk, so this file exists to control access.

FWIW: We disabled ftp in favor of sftp, with Putty (free) on all of the windows desktops that needed sftp access to files.

alexcol · January 4, 2020, 11:31am

Thank you very much for your help, to be honest is hard to me understand each line of this file, so ive got the edited file so far, dont know if it can help

/etc/ftpd # cat ftpaccess
# ident "@(#)ftpaccess  1.2     03/05/14 SMI"
#
# FTP server configuration file, see ftpaccess(4).
#

class           realusers       real            *
class           guestusers      guest           *
class           anonusers       anonymous       *

loginfails      3
passwd-check    trivial         warn
private         no
shutdown        /etc/ftpd/shutdown.msg
# email         user@hostname
# guestuser     username
# rhostlookup   no

keepalive       yes
recvbuf         65536           real,guest,anonymous
sendbuf         65536           real,guest,anonymous
# flush-wait    no              anonymous
# passive       ports           0.0.0.0/0       32768   65535
# timeout       data            600
# timeout       idle            300

banner          /etc/ftpd/banner.msg
greeting        brief
message         /etc/ftpd/welcome.msg   login
message         .message                cwd=*
readme          README*                 login
readme          README*                 cwd=*
# quota-info    *

chmod           no              anonymous
delete          no              anonymous
overwrite       no              anonymous
rename          no              anonymous
umask           no              anonymous

compress        yes             realusers guestusers anonusers
tar             yes             realusers guestusers anonusers

path-filter     guest,anonymous /etc/ftpd/filename.msg  ^[[:alnum:]._-]*$ ^[.-]

noretrieve      relative        class=anonusers         /
allow-retrieve  relative        class=anonusers         /pub

upload          class=anonusers    *    *         no  nodirs
# upload        class=anonusers    *    /incoming yes ftpadm ftpadm 0440 nodirs

# log           commands        real,guest,anonymous
# log           security        real,guest,anonymous
# log           transfers       real,guest,anonymous    inbound,outbound
# xferlog       format  %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc %Xs %Xr

# limit-time    anonymous       30
# limit         anonusers       10      Wk0730-1800       /etc/ftpd/toomany.msg
# limit         anonusers       50      SaSu|Any1800-0730 /etc/ftpd/toomany.msg

We tested another user using ftp and itworks

etc/ftpd # ftp proscltol01c
Connected to pricing01c.
220 pricing01c FTP server ready.
Name (pricing01c:xptol): xptol
331 Password required for xptol.
Password:
230 User xptol logged in.
Remote system type is UNIX.
Using binary mode to transfer files.

rbatte1 · January 6, 2020, 9:39am

Have you added this account to /etc/ftpusers by any chance? Confusingly that is a list of users NOT permitted to login with ftp.

Another thought is that the account might be locked. Do you get any output from pam_tally2 ?

Kind regards,
Robin