Re: Login failed message while starting FTP

user1221 · ‎09-09-2009

Hi Guys, need your help,

I tried to ftp to a aserver and when I passing the username and password, it is saying "Login Failed"
C:\>ftp 10.241.11.41
Connected to 10.241.11.41.
220 hrdbdr01 FTP server (Revision 1.1 Version wuftpd-2.6.1 Mon Oct 23 02:01:
44 GMT 2006) ready.
User (10.241.11.41:(none)): root
331 Password required for root.
Password:
530 Login incorrect.
Login failed.
ftp> bye
221 Goodbye.

I crosschecked the username and password many times it is correct but still the login is failed, the ftp service is running on the server.

root@hrdbdr01:/# netstat -a | grep ftp
tcp 0 0 *.ftp *.* LISTEN
udp 0 0 *.tftp *.*

Please help!

Matti_Kurkela · ‎09-09-2009

Obviously the FTP service has been secured: it has been configured to not allow FTP access by root.

FTP protocol has no encryption. Sending the root password of the system unencrypted over the network is generally viewed as a Bad Idea.

MK

MK

Torsten. · ‎09-09-2009

Consider to use ftp as non-root or with sftp!

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

user1221 · ‎09-09-2009

Thanks for your reply,

I tried with other user, still login is failed.
What is sftp?

Torsten. · ‎09-09-2009

sftp is secure ftp. Check if you already have it or get it here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

Use a sftp client on your pc, e.g. filezilla.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

Matti_Kurkela · ‎09-09-2009

Read the system log (/var/adm/syslog/syslog.log) to find out why ftpd is rejecting the user, and read the configuration of your ftp service (/etc/ftpd/ftpaccess and /etc/ftpd/ftpusers) to find out what is currently allowed and what isn't.

Use "man ftpd", "man ftpusers" and "man ftpaccess" to get more information.

NOTE: the sense of the /etc/ftpd/ftpusers file is inverted: it lists users that are *forbidden* to use the ftp service.

MK

MK

Matti_Kurkela · ‎09-09-2009

Oops, I forgot...

SFTP is an extension of the SSH secure terminal access protocol that allows secure file transfer. HP offers a version of OpenSSH package (both server & client) customized for HP-UX: it is available for free at software.hp.com.

For Windows, I would recommend PuTTY as a free SSH terminal client, and WinSCP for file transfers. Both are freeware.

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

http://winscp.net

MK

MK

Hakki Aydin Ucar · ‎09-09-2009

according to error message, in the first place , seems you have password problem . .

have you ever checked that /etc/ftpusers available somehow ? if yes you have to put user whom you wanted to access in this file.

user1221 · ‎09-09-2009

The /var/adm/syslog/syslog.log contents are

Sep 9 14:49:31 hrdbdr01 inetd[26145]: ftp/tcp: Connection from cc1001-hpc67wi (10.144.110.139) at Wed Sep 9 14:49:31 2009
Sep 9 14:49:31 hrdbdr01 ftpd[26145]: Data port : 20
Sep 9 14:49:31 hrdbdr01 ftpd[26145]: FTP server (Revision 1.1 Version wuftpd-2.6.1 Mon Oct 23 02:01:44 GMT 2006) ready.
Sep 9 14:49:36 hrdbdr01 ftpd[26145]: FTP LOGIN REFUSED (shell not in /etc/shells) FROM cc1001-hpc67wi [10.144.110.139], rayees

the /etc/ftpd/ftpaccess contents are
root@hrdbdr01:/etc/ftpd# more ftpaccess
root
rayees

the /etc/ftpd/ftpusersorg contents are
root@hrdbdr01:/etc/ftpd# more ftpusersorg
root
rayees

the files /etc/ftpusers and /etc/ftpd/ftpusers are not available.

Torsten. · ‎09-09-2009

What shell is configured for root in /etc/passwd?

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

user1221 · ‎09-09-2009

root@hrdbdr01:/etc/ftpd# more /etc/shells
ksh
sh
bash
csh

user1221 · ‎09-09-2009

root:wP3YfPdFupRN2:0:3::/:/sbin/sh

Torsten. · ‎09-09-2009

What shell is configured for root in /etc/passwd?

http://docs.hp.com/en/B3921-60631/ftpd.1M.html

...
ftpd authenticates users according to three rules:

- The user name must be in the password data base, /etc/passwd, and not have a null password. The client must provide the correct password for the user before any file operations can be performed.

- The user name must not appear in the file /etc/ftpd/ftpusers (see ftpusers(4)).

- The user must have a standard shell returned by getusershell().

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

Hakki Aydin Ucar · ‎09-09-2009

To enable the /etc/ftpd/ftpaccess file, you need specify the -a option for the ftp entry in the /etc/inetd.conf file. For example:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l -d

is it OK ? check it out

Torsten. · ‎09-09-2009

I noticed the log "FTP LOGIN REFUSED" is for user rayees. How about his shell in passwd? Any similar message for root?

Did you already check if you have sftpd installed?

Since ftp is really unsecure, you should consider to use sftp anyway.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!

user1221 · ‎09-09-2009

The entry in the /etc/inetd.conf file was
ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l

I changed it to;

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -a -l -d

and then restarted the inetd service with inetd -c.

There is no "ftpusers" file in /etc/ftpd/ftpusers.

checked again still not working.

Matti_Kurkela · ‎09-09-2009

OK, the reason for rejection according to the syslog was "shell not in /etc/shells".

The shell field of /etc/passwd must match *exactly* with one of the lines in /etc/shells, otherwise ftpd will not allow access.

> root@hrdbdr01:/etc/ftpd# more /etc/shells
ksh
sh
bash
csh

Your /etc/shells does not have full path names in it. This may be the problem. Shells should be specified with a full path, both in /etc/passwd and in /etc/shells.

If /etc/shells is not readable or does not exist, the system uses this standard list:

/sbin/sh
/usr/bin/sh
/usr/bin/rsh
/usr/bin/ksh
/usr/bin/rksh
/usr/bin/csh
/usr/bin/keysh

This list is documented in getusershell(3C) man page (accessible with "man getusershell" command on your HP-UX system).

My suggestion: copy this standard list of shells to /etc/shells and add the full pathname of your bash shell to it. Then make sure your /etc/passwd uses full pathnames to specify the shells for each user.

MK

MK

Roland Piette · ‎09-10-2009

Hi,

You report :
the /etc/ftpd/ftpaccess contents are
root@hrdbdr01:/etc/ftpd# more ftpaccess
root
rayees

I am afraid that this content doesn't match the needs for this file ! This content is totally wrong.

You need to make a copy of the sample file and reading the man page (man ftpaccess)
The sample file is located at the following path : /usr/newconfig/etc/ftpd/examples/ftpaccess

Regards
Roland

user1221 · ‎09-10-2009

changed the /etc/shells to

/usr/bin/ksh
/sbin/sh
bash
/usr/bin/csh

restarted the inetd with inetd -c

Still the login failed message.

I transfered the files with scp as I cannot wait anymore to fix the FTP issue.
Thanks everyone for precious support.

Roland Piette · ‎09-10-2009

Hi,

I understand the urgency of the solution.
But if your are interresting to use ftp with ftpaccess file mecanism you are not far awy from the solution. I used it to give restricted access to users in this way that users cannot walk everywhere on my server (ftponly). They are connected in specific directory they see as root (/). ftpaccess is the key to handle the access rights.

Another thing to troubbleshoot the problem. Disable ftpaccess use in /etc/inetd.conf. Take away the -a option
restart inetd with inetd -c command
Try to connect !

If you can do it, you have a configuration problem with ftpaccess mecanism ....

Regards,
Roland

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Login failed message while starting FTP

Login failed message while starting FTP