问题描述:
看下 1.1.1.1 的ftp为什么连不上
报错的信息:
'ftpServer' => '1.1.1.1', // FTP服务器地址
'ftpPort' => '21',
'ftpUsername' => 'admin.was.chinasoft.com', // FTP账号
'ftpPassword' => 'ftp_pass',
报错信息:
FTP connection has failed!Attempted to connect to 1.1.1.1 for user admin.was.chinasoft.com
处理过程:
首先登录 1.1.1.1_server01_was_web01 这台网宿的服务器
1.查看进程是否正常
[root@server01:/usr/local/proftpd-1.3.6rc2]# ps -ef|grep ftp
apache 44339 1 0 19:21 ? 00:00:00 proftpd: (accepting connections)
apache 48010 44339 0 20:03 ? 00:00:00 proftpd: admin.was.chinasoft.com - 3.3.3.3: IDLE
2.连接21端口,看服务是否能够正常通讯
C:\Users\ws>telnet 2.2.2.2 21
3.找到/usr/local/proftpd-1.3.6rc2/的程序运行目录
[root@server01:/usr/local/proftpd-1.3.6rc2]# cd /usr/local/proftpd-1.3.6rc2/
[root@server01:/usr/local/proftpd-1.3.6rc2]# ll
total 44
-rwxr-xr-x 1 root root 1053 Apr 6 2017 adduser_domain.sh
-rwx------ 1 root root 1034 Apr 6 2017 adduser.sh
drwxr-xr-x 2 root root 4096 Apr 11 2016 bin
drwxr-xr-x 2 root root 4096 Jul 5 19:36 etc
drwxr-xr-x 3 root root 4096 Apr 11 2016 include
drwxr-xr-x 4 root root 4096 Apr 11 2016 lib
drwxr-xr-x 2 root root 4096 Apr 11 2016 libexec
-rwxr-xr-x 1 root root 2367 Mar 11 2013 proftpd.sh
drwxr-xr-x 2 root root 4096 Apr 11 2016 sbin
drwxr-xr-x 4 root root 4096 Apr 11 2016 share
drwxr-xr-x 2 root root 4096 Jul 5 19:54 var
# 添加用户的脚本(作废)
[root@server01:/usr/local/proftpd-1.3.6rc2]# cat adduser.sh
#!/bin/bash
usage () {
echo ""
echo " Please Input Correct infomation!"
echo ""
echo " USAGE: `basename $0` username /dir ftp_server_ip"
echo " Exp: `basename $0` Lee /data/lee/home 1.1.1.1,2.2.2.2"
echo ""
echo " Result:"
echo " UserName: Lee"
echo " UserHome: /data/lee/home"
echo " PassWord: N1Jy3Fqol"
echo ""
}
if [[ $3 == "" ]];then
usage;
exit 1;
fi
datetime=`date +%Y%m%d" "%H:%M:%S`
userid=$1
passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`
home=$2
dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`
shell='/sbin/nologin'
accesshost=$3
/usr/local/mysql/bin/mysql -u ftp_user -p'pass' -h 192.168.1.189 -e "\
use ftp_db;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"
echo "UserName: $userid"
echo "PassWord: $passwd"
echo "userHome: $home"
echo "FTP IPs: $accesshost"
echo ""
# 添加用户和域名对应关系的脚本
[root@server01:/usr/local/proftpd-1.3.6rc2]# cat adduser_domain.sh
#!/bin/bash
usage () {
echo ""
echo " Please Input Correct infomation!"
echo ""
echo " USAGE: `basename $0` domainname ftp_server_ip"
echo " Exp: `basename $0` www.test.com Server1,Server2"
echo ""
echo " Result:"
echo " UserName: www.test.com"
echo " PassWord: N1Jy3Fqol"
echo ""
}
if [[ $2 == "" ]];then
usage;
exit 1;
fi
datetime=`date +%Y%m%d" "%H:%M:%S`
userid=$1
passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`
domain=$userid
if [[ $1 =~ ^www ]];then
domain=${1#www.}
fi
dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`
home="/data/www/vhosts/$domain"
shell='/sbin/nologin'
accesshost=$2
/usr/local/mysql/bin/mysql -u ftp_user -p'pass' -h 192.168.1.189 -e "\
use ftp_db;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"
echo "UserName: $userid"
echo "PassWord: $passwd"
echo "FTP IPs: $accesshost"
echo ""
***192.168.1.189这个mysql不存在
③继续查看配置文件
[root@server01:/usr/local/proftpd-1.3.6rc2/etc]# cat /usr/local/proftpd-1.3.6rc2/etc/proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
# Where do we put the pid files?
#ScoreboardPath /var/run/proftpd
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
MaxLoginAttempts 3
# Set the user and group under which the server will run.
User apache
Group users
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# 上传断点续传
AllowRetrieveRestart on
AllowStoreRestart on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
# MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>
#设置MySQL认证:
#数据库联接的信息,DatabaseName是数据库名, HostName是主机名,
#Port是端口号,UserName是连接数据库的用户名,Password是密码。
SQLConnectInfo ftp_db@192.168.1.148 ftp_user pass
#数据库认证的类型:
SQLAuthTypes OpenSSL
#指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会而在下面建立)
SQLUserInfo FTPUSERS userid passwd uid gid home shell
SQLGroupInfo FTPGRPS grpname gid members
#设置如果shell为空时允许用户登录:
RequireValidShell off
#数据库的鉴别
SQLAuthenticate users groups usersetfast groupsetfast
#如果home目录不存在,则系统会为根据它的home项新建一个目录:
CreateHome off
#判断这个用户是否允许登录本机
#SQLUserWhereClause "accesshost like'%10.10.26.195%'" #这里的%号ProFtp不识别, 妈的!所以用下面的方法.
SQLUserWhereClause "0 !=FIND_IN_SET('2.2.2.2',accesshost)"
#SQL验证日志
#SQLLog
SQLLogFile /usr/local/proftpd/var/sql.log
#SQL验证用户的UID和GID
SQLMinUserUID 500
SQLMinUserGID 100
SQLDefaultUID 500
SQLDefaultGID 100
##### #####
MaxClients 50
UseReverseDNS off
IdentLookups off
#QuotaLimitTable file:/usr/local/proftpd1.3/etc/ftpquota.limittab
#QuotaTallyTable file:/usr/local/proftpd1.3/etc/ftpquota.tallytab
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaEngine on
QuotaLog /usr/local/proftpd/var/quota.log
QuotaShowQuotas on
QuotaOptions ScanOnLogin
DefaultRoot ~
DisplayLogin welcome.msg
AllowStoreRestart on
############ Fixed Log Format #########
LogFormat awstats "%t %h %u %m %f %s %b"
ExtendedLog /usr/local/proftpd/var/transfer.log read,write awstats
TransferLog /usr/local/proftpd/var/transfer.log
ServerLog /usr/local/proftpd/var/server.log
#Single system with both ProFTPd and Clamd utilizing TCP sockets. Additionally, only files who's size is less than 250MB will be scanned.
④找到关键信息
SQLConnectInfo ftp_db@192.168.1.148 ftp_user pass
连接数据库,查看表FTPUSERS查看表,猜想这个表就是用户名密码和权限的控制表
[root@server01:/usr/local/proftpd-1.3.6rc2]# mysql -h192.168.1.148 -uftp_user -p'pass'
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 55843792
Server version: 5.7.14-7-log Source distribution
Copyright (c) 2009-2014 Percona LLC and/or its affiliates
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| ftp_db |
+--------------------+
2 rows in set (0.00 sec)
mysql> use ftp_db;
Database changed
mysql> show tables;
+------------------+
| Tables_in_ftp_db |
+------------------+
| FTPGRPS |
| FTPUSERS |
| quotalimits |
| quotatallies |
+------------------+
4 rows in set (0.00 sec)
mysql> select * from FTPUSERS;
+---------------------------------------+-------------------------------+-----+-----+-----------------------------------------------------------------------------------------------------------------------------------+---------------+--------------------------+-------------------+
| userid | passwd | uid | gid | home | shell | accesshost | coment |
+---------------------------------------+-------------------------------+-----+-----+-----------------------------------------------------------------------------------------------------------------------------------+---------------+--------------------------+-------------------+
| pay_com | {md5}MCbog7BadfaroQ== | 500 | 100 | /data/www/vhosts/platform.chinasoft.com | /sbin/nologin | web3 | |
通过本地登录ftp报错:
root@server01:/usr/local/proftpd-1.3.6rc2]# tail -f /usr/local/proftpd/var/server.log
2018-07-05 19:50:28,817 server01 proftpd[46981] 2.2.2.2 (3.3.3.3[3.3.3.3]): USER admin.was.chinasoft.com: no such user found from 3.3.3.3 [3.3.3.3] to 1.1.1.1:21
结合客户端报错:
FTP connection has failed!Attempted to connect to 1.1.1.1 for user admin.was.chinasoft.com
数据库中有 1.1.1.1 这个授权
INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}eddddd==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', 'web3', '20150306 17:30:57');
INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}bOBvuP1/afda==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', '1.1.1.1', '20150818 23:29:30');
报错提到了2.2.2.2刚好是这个服务器的两个IP,于是添加2.2.2.2授权
INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}bOBvuP1/afdfdadfa==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', '2.2.2.2', '20180706 10:58:00');
重新登录发现可以正常获取ftp家目录,至此问题解决