3

I've just attempted to set up ProFTPD as an SFTP server, However I'm facing some curious behavior when it comes to public key authentication.

For some reason, proftpd is acepting every single key fingerprint presented to it regardless if it is present in the user's authorized keys file, causing my agent (in this case keeagent) to prompt for every single key until it reaches the key for the user.

This appears to be rather different from OpenSSH servers which only accepts keys which are present in the authorized_keys file.

Is this supposed to be intended behavior, or is it a bug?

ProFTPD Version 1.3.5a

<IfModule mod_sftp.c>

    SFTPEngine on
    Port 2222
    SFTPLog /var/log/proftpd/sftp.log

    # Configure both the RSA and DSA host keys, using the same host key
    # files that OpenSSH uses.
    SFTPHostKey /etc/ssh/ssh_host_rsa_key
    SFTPHostKey /etc/ssh/ssh_host_dsa_key
    SFTPHostKey /etc/ssh/ssh_host_ecdsa_key

    SFTPAuthMethods publickey

    SFTPAuthorizedUserKeys file:~%u/.ssh/sftp_keys

    # Enable compression
    SFTPCompression delayed

</IfModule>
Znik
  • 338
  • 1
  • 3
  • 12
  • Could you provide the proftpd.conf you are using, including the mod_sftp configuration? – Castaglia May 21 '17 at 15:05
  • Other then the mod_sftp configuration, almost everything else is using the ubuntu defaults, with minor tweaks. (enabling chroot) – Rui Fung Yip May 22 '17 at 02:50
  • What does the [proftpd debug logging, debug level 10](http://www.proftpd.org/docs/howto/Debugging.html) show? What does the `SFTPLog` show? – Castaglia May 22 '17 at 18:14
  • it is aither my question. how to add multiple keys to proftpd's sftp protocol? with openssl server it is extremally simple. currently I'm using workaround, and simply add multiple users with different names, but with the same uid. – Znik Mar 21 '19 at 13:36

0 Answers0