help needed: vsftpd and/or proftpd setup on laptop

I've searched google and "no solution" worked. The problem I have is that
I have a "highly secured" laptop for an unknown reason was has a CLEAN
install of linux, SuSE 8.1.

I cannot ftp or telnet into the laptop from the desktop a couple of feet
away; ftp or telnet from the laptop to the desktop is possible. The
access denial msg is: ftp access denied; or "telnet access denied".

I even copied the proftpd setup on the desktop to the laptop and still
get the access denied msg; the /etc/security stuff was checked and looks
the same as on the desktop. No firewall being used on the laptop.

Not critical but a very puzzling situation; don't think access even got
as far as having either proftpd or vsftpd running. Something is stopping
external access...

Something is missing and don't know what. Hoping someone has an idea
that will allow ftp and telnet entry from the desktop.


--

a user wrote:
> I've searched google and "no solution" worked. The problem I have is that
> I have a "highly secured" laptop for an unknown reason was has a CLEAN
> install of linux, SuSE 8.1.
>
> I cannot ftp or telnet into the laptop from the desktop a couple of feet
> away; ftp or telnet from the laptop to the desktop is possible. The
> access denial msg is: ftp access denied; or "telnet access denied".
>
> I even copied the proftpd setup on the desktop to the laptop and still
> get the access denied msg; the /etc/security stuff was checked and looks
> the same as on the desktop. No firewall being used on the laptop.
>
> Not critical but a very puzzling situation; don't think access even got
> as far as having either proftpd or vsftpd running. Something is stopping
> external access...
>
> Something is missing and don't know what. Hoping someone has an idea
> that will allow ftp and telnet entry from the desktop.
>
>

Check your iptables.. see if they are running and preventing connections.

e.g. iptables -L -v

check your /etc/hosts.deny and /etc/hosts.allow

make sure [if any] appropriate strings are in there.

do a netstat -tapn | grep 23 to see if telnet is actually running on
port 23 ...note --> best to keep if off and use ssh instead.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQE/FMDii6NlI+CoSzsRAujaAJ9l32rnlgoQ/V6rxWywJ6jZDNrSsACfWR33
ZU+aUGDGHX/Hzs62JYja5mI=
=5iCl
-----END PGP SIGNATURE-----

On Wed, 16 Jul 2003 03:06:19 +0000, redhat_devel wrote:

>
>
> a user wrote:
>> I've searched google and "no solution" worked. The problem I have is that
>> I have a "highly secured" laptop for an unknown reason was has a CLEAN
>> install of linux, SuSE 8.1.
>>
>> I cannot ftp or telnet into the laptop from the desktop a couple of feet
>> away; ftp or telnet from the laptop to the desktop is possible. The
>> access denial msg is: ftp access denied; or "telnet access denied".
>>

>
> Check your iptables.. see if they are running and preventing connections.
>
> e.g. iptables -L -v
>
> check your /etc/hosts.deny and /etc/hosts.allow
>
> make sure [if any] appropriate strings are in there.
>
> do a netstat -tapn | grep 23 to see if telnet is actually running on
> port 23 ...note --> best to keep if off and use ssh instead.

You could also run an nmap scan on the laptop's address to check if there
are any ports open for incoming connections. Note that both FTP and
Telnet are low security protocols, so they may just have been switched off
on your "highly secured" laptop.

Following on from the previous contributors suggestion to use ssh, for
file transfer you could use scp (which tunnels the transfer over ssh).

--
David Haggett
Linux user since 01/01/2003

On Wed, 16 Jul 2003, David Haggett wrote:

> On Wed, 16 Jul 2003 03:06:19 +0000, redhat_devel wrote:
>
> >
> >
>
> You could also run an nmap scan on the laptop's address to check if there
> are any ports open for incoming connections. Note that both FTP and
> Telnet are low security protocols, so they may just have been switched off
> on your "highly secured" laptop.
>
> Following on from the previous contributors suggestion to use ssh, for
> file transfer you could use scp (which tunnels the transfer over ssh).

I would say that a blanket statement that ssh is better for security is
open to argument: how many exploitable holes have been found in
openssh/openssl vs. the theoretical possiblity of someone evesdropping on
your connection (wireless connections excepted)?

More practically, if you read the newsgroups, you will constantly see
items like: "my box was rooted through ssh", and you very rarely see:
"someone grabbed my password by evesdropping".

O.K. so I use ssh, but I think that one must also caution people to make
sure they have the latest version of openssh compiled against the latest
version of openssl.

a user wrote:

> Something is missing and don't know what. Hoping someone has an idea
> that will allow ftp and telnet entry from the desktop.
>

Could be a firewall has been set up on that "highly secured" computer.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

In article, David Haggett wrote:
> On Wed, 16 Jul 2003 03:06:19 +0000, redhat_devel wrote:
>
>>
>>
>> a user wrote:
>>> I've searched google and "no solution" worked. The problem I have is that
>>> I have a "highly secured" laptop for an unknown reason was has a CLEAN
>>> install of linux, SuSE 8.1.
>>>
>>> I cannot ftp or telnet into the laptop from the desktop a couple of feet
>>> away; ftp or telnet from the laptop to the desktop is possible. The
>>> access denial msg is: ftp access denied; or "telnet access denied".
>>>
>
>>
>> Check your iptables.. see if they are running and preventing connections.
>>
>> e.g. iptables -L -v

Looks ok as it is ACCEPT.....iptables running even if firewall not used??!!

>>
>> check your /etc/hosts.deny and /etc/hosts.allow

Also looks good....added vsftpd to hosts.allow tho...

>>
>> make sure [if any] appropriate strings are in there.
>>
>> do a netstat -tapn | grep 23 to see if telnet is actually running on
>> port 23 ...note --> best to keep if off and use ssh instead.

not running but ssh works......

>
> You could also run an nmap scan on the laptop's address to check if there
> are any ports open for incoming connections. Note that both FTP and
> Telnet are low security protocols, so they may just have been switched off
> on your "highly secured" laptop.
>
> Following on from the previous contributors suggestion to use ssh, for
> file transfer you could use scp (which tunnels the transfer over ssh).
>
Found the "real problem" mostly. The "clean install" didn't set the
inetd to run for some stupid "clean install process"; have got it
going now and used the desktop for comparison.

Still problem with ftp as now seeing the error response of:
"Connected to laptop.domain.name.
500 OOPS: str_getpwnam: ftpsecure"
when using ftp.

I checked man scp and it doesn't have a decent example as tried but
get a failure of connection; it looks like one has to know what file
to look for as it does a "cp". Do one need to specify both the
source and dest for the file using "scp"? AND how??

Admit haven't checked google for specific command examples on "howto scp";
if they exist..

In article, David Haggett wrote:
> On Wed, 16 Jul 2003 03:06:19 +0000, redhat_devel wrote:
>
>>
>>
>> a user wrote:
>>> I've searched google and "no solution" worked. The problem I have is that
>>> I have a "highly secured" laptop for an unknown reason was has a CLEAN
>>> install of linux, SuSE 8.1.
>>>
>>> I cannot ftp or telnet into the laptop from the desktop a couple of feet
>>> away; ftp or telnet from the laptop to the desktop is possible. The
>>> access denial msg is: ftp access denied; or "telnet access denied".
>>>
>
>>
>> Check your iptables.. see if they are running and preventing connections.
>>
>> e.g. iptables -L -v

Looks ok as it is ACCEPT.....iptables running even if firewall not used??!!

>>
>> check your /etc/hosts.deny and /etc/hosts.allow

Also looks good....added vsftpd to hosts.allow tho...

>>
>> make sure [if any] appropriate strings are in there.
>>
>> do a netstat -tapn | grep 23 to see if telnet is actually running on
>> port 23 ...note --> best to keep if off and use ssh instead.

not running but ssh works......

>
> You could also run an nmap scan on the laptop's address to check if there
> are any ports open for incoming connections. Note that both FTP and
> Telnet are low security protocols, so they may just have been switched off
> on your "highly secured" laptop.
>
> Following on from the previous contributors suggestion to use ssh, for
> file transfer you could use scp (which tunnels the transfer over ssh).
>
Found the "real problem" mostly. The "clean install" didn't set the
inetd to run for some stupid "clean install process"; have got it
going now and used the desktop for comparison.

Still problem with ftp as now seeing the error response of:
"Connected to laptop.domain.name.
500 OOPS: str_getpwnam: ftpsecure"
when using ftp.

I checked man scp and it doesn't have a decent example as tried but
get a failure of connection; it looks like one has to know what file
to look for as it does a "cp". Do one need to specify both the
source and dest for the file using "scp"? AND how??

Admit haven't checked google for specific command examples on "howto scp";
if they exist..

a user <paul@not_real.edu> wrote in message news:<(E-Mail Removed)>...
>
> Still problem with ftp as now seeing the error response of:
> "Connected to laptop.domain.name.
> 500 OOPS: str_getpwnam: ftpsecure"
> when using ftp.

This is a vsftp problem. You either have to create the user called
ftpsecure (with no privileges; i.e. /bin/false) or change the option
nopriv_user in /etc/vsftpd.conf to another unprivleged user like ftp
or nobody.