Develop Reference

SSH.NET ftpClient and Logging

I have a pretty basic routine for uploading files to a Secure FTP site using the SSH.NET library. I am using the SftpClient object out of the library. Everything is working correctly and I am not receiving any exceptions. However, the company on the other end of the FTP is saying they are not receiving some files. It appears random, and every single time I have manually verified that the files are on the FTP server, they have been. So I suspect there is something going on on their side because after literally thousands of files to other clients there has never been a lost file...except with them.
So...I have been looking for logging options out of the SftpClient so that I can prove that the files have been actually uploaded.
Is there any way to get the FTP commands logged out of the library? I am looking for the client and server response like the following example that was stolen from the web:
% ftp nordsieck.cs.colorado.edu
Connected to nordsieck.cs.colorado.edu.
220 nordsieck FTP server (Version 5.53 Tue Aug 25 10:46:12 MDT 1992) ready.
Name (nordsieck.cs.colorado.edu:yourlogin): yourlogin
331 Password required for yourlogin.
Password:
230 User yourlogin logged in.
ftp> cd HPSC/exercises
250 CWD command successful.
ftp> ls
200 PORT command successful.
550 No files found.
ftp> put tmul.out
200 PORT command successful.
150 Opening ASCII mode data connection for tmul.out.
226 Transfer complete.
local: tmul.out remote: tmul.out
1882 bytes sent in 0.0095 seconds (1.9e+02 Kbytes/s)
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
tmul.out
226 Transfer complete.
9 bytes received in 0.0021 seconds (4.3 Kbytes/s)
ftp> mput *
mput Makefile? y
200 PORT command successful.
150 Opening ASCII mode data connection for Makefile.
226 Transfer complete.
local: Makefile remote: Makefile
1020 bytes sent in 0.0062 seconds (1.6e+02 Kbytes/s)
mput tmul.out? n
ftp> quit
221 Goodbye.
Baring that, is there any other logging available?

What you show is an FTP log. FTP is a text protocol (commands are sent in text) and so logging is pretty easy. SFTP is a completely different protocol with binary commands. Your best option is to add your own logging before and after calling each SFTP method.

JMeter FTP tests failing on Linux FTP for 1000 users

We are firing JMeter FTP tests (1000 users) from Windows VM on FTP server (RHEL 6.2). (FTP is 1CPU, 60GB HDD, 4GB RAM)
And we are getting below errors after some time:
Response message: java.io.FileNotFoundException: 128kfile (The requested operation cannot be performed on a file with a user-mapped section open).
And there are 12% errors seen in the report after test gets over.
Here is the test plan used:
Thread group has 1000 threads. ramp up period is 600 seconds. Total Duration is 780 seconds.
FTP request has server IP, port number as 21, remote file and local file given.
request is get(RETR).
Username and pwd is given.
Below are the contents of vsftpd.conf file of RHEL FTP
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
max_per_ip=5000
#Max no. of allowed connections per IP Address.
max_clients=5000
#Max no. of different IP Addressed which are allowed to connect.
anon_max_rate=3600
use_localtime=YES
idle_session_timeout=1800
data_connection_timeout=1800
And test never stops on it's own, we have to forcefully close application.
We tried running this from command prompt and facing the same issue.
jmeter -n -t FTPTest.jmx -l FTPTest_itr1.jtl
Please suggest the way to remove errors so that tests will have 100% pass rate.

ProFTPd support for MLST and MLSD commands

Have another interesting problem. My company recently switched over to ProFTP to handle it's FTP and SFTP needs. We primarily run RHEL 5 servers. Our users are able to login, and transfer files without issue (for the most part anyway :-P).
Ran into a strange issue however with one of our clients, who need to list an individual file (in their FTP session) after performing a file transfer operation. They are able to list an entire directory just fine with 'ls', but when doing so with an exact file name (and/or with a wildcard), the listing fails.
I was able to duplicate the issue on my Windows workstation using ncftp, but NOT on my Linux workstation. After turning on debugging for both clients, as well as enabling full FTP command logging on the server-side, I discovered that the Linux FTP client uses a LIST command whereas ncftp uses an MSLD command.
Linux client:
ftp> debug
Debugging on (debug=1).
ftp> ls file.txt
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering passive mode (X.X.X.X).
---> LIST file.txt
150 Opening ASCII mode data connection for file list
-rw-r--r-- 1 0 root 9318400 Aug 28 07:29 file.txt
226 Transfer complete
ncftp (Windows) client:
ncftp / > debug
ncftp / > ls file.txt
> ls file.txt
Cmd: PASV
227: Entering passive mode (X.X.X.X).
Cmd: MLSD file.txt
550: 'file.txt is not a directory
List failed.
From what I've been able to gather so far, MLSD and MLST are the extended versions of the traditional FTP LIST command(s). But when listing an individual file, shouldn't the client be issuing the server a MLST command instead of a MLSD command? MLSD should be used to list entire directories from what I've read so far.
I also connected to our old FTP server (running VSFTP) with multiple clients in debug mode (including ncftp), and confirmed that they were ALL using the older LIST command for everything, and it worked perfectly. Whether this was because it was enforced on the server-side, or just by coincidence, I do not know.
I've also read that mod_facts needs to be enabled for MLSD/MLST to work. I've confirmed that my proftpd version supports it, and that it's enabled on the server:
[root#server ~]# proftpd -v
ProFTPD Version 1.3.5
From proftpd.conf:
# Adding support for extended FTP listing commands (e.g. MLST, MLSD, etc)
LoadModule mod_facts.c
<IfModule mod_facts.c>
FactsAdvertise off
</IfModule>
I've also tried toggling FactsAdvertise of and off, reloading the service as I do so, and the ncftp client STILL wants to do an MLSD of the individual file!
So my two basic questions are:
How can I get proftpd to play nice with MLSD/MLST commands, and if
that's too much hassle . .
How do I enforce FTP clients connecting to the ProFTP server to use
the traditional LIST command(s), as was evidently the case with our
old FTP service (VSFTP).
Thanks in advance!

There have been other reports that ncftp(1) does not implement MLSD properly. Specifically, per RFC specification, the MLSD command is only supposed to be used on directories, not on files. Second, the "FactsAdvertise off" tells mod_facts to NOT include "MLSD" in the FEAT response; conformant clients are supposed to use the FEAT response to determine whether the server does indeed handle the MLSD/MLST commands. ncftp(1) appears to ignore the FEAT response on this regard.
Given that your mod_facts module is a shared module, then, all you need to do is omit the "LoadModule mod_facts.c" module from your proftpd.conf. Then proftpd will not support MLSD/MLST, and ncftp(1) will fallback to using LIST.
Hope this helps!

My apologies, I forgot I had this still open. We found a fix for this on the ProFTP fourms:
https://forums.proftpd.org/smf/index.php?topic=11604.0

Cant connect to FTP with newly created account

I am trying to connect to a new user account I created via SSH with the command
useradd -s /bin/false -d /home/username james
I added/edited the password via SSH with the command
passwd james
When trying to connect to my server using this user and pass via FileZilla I get the following error messages.
Response: 331 User James OK. Password required
Command: PASS *****
Response: 530 Login authentication failed
Error: Critical error
Error: Could not connect to server
When I try to login with this user/pass through SFTP I get the following error messages
Status: Connected to domain.com
Error: Connection closed by server with exitcode 1
Error: Could not connect to server
Either way it seems it doesn't allow me to use this newuser anywhere.
My server details
Linux 2.6.18-308.11.1.el5 GNU/Linux
(Red Hat 4.1.2-52)
Centos

Regarding FTP, the FTP server commonly used on Linux systems requires users to have a shell that's listed in the file /etc/shells. For example, this online ftpd man page says that, among other things, "The user must have a standard shell returned by getusershell(3).". The page for getusershell() shows that it reads shells from /etc/shells.
You could probably make FTP work adding /bin/false to /etc/shells. Your Linux system might have a more suitable shell available, like /usr/sbin/nologin.
Regarding SFTP, the ssh server normally provides SFTP service by by invoking a program called sftp-server. If you examine the server's sshd_config file, you'll probably find a line like this:
Subsystem sftp /usr/lib/openssh/sftp-server
sshd runs the subsystem program as a shell command, using the user's shell. If you set the user's shell to /bin/false, then sshd ends up running the command:
/bin/false -c /usr/lib/openssh/sftp-server
/bin/false ignores its command-line arguments and exits with code 1, so the SFTP client's session drops immediately after it starts.
sshd has an internal SFTP server component that can be used instead of the external program. The usual way of limiting SSH access to SFTP for some users is to set up a Match group within sshd_config, forcing the internal-sftp command for certain classes of users. Here are a couple examples of that:
http://en.wikibooks.org/wiki/OpenSSH/Cookbook/SFTP#SFTP-only_Accounts
https://serverfault.com/questions/354615/allow-sftp-but-disallow-ssh

Dont use "-s /bin/false". Use "-s /sbin/nologin" instead and it should be fine.

Make sure your account password hasn't expired. Mine did, and Filezilla exited with error code 1.
After logging onto the server and updating the account password (prompted immediately after connecting), I am now able to connect with SFTP & Filezilla.

Probably is a password related issue, check account
chage -l <user>
account must not be expired.

FTP doesn't allow /usr/sbin/nologin user
Response: 220 Welcome to the Scent Library's File Service.
Command: USER ftpuser
Response: 331 Please specify the password.
Command: PASS ******
Response: 530 Login incorrect.
filezilla 530 error - but password is correct
vsftpd: 530 Login incorrect
530 Login or password incorrect!
How can I connect via FTP using FileZilla? I get a 530 error.
Response: 220 Welcome to Test FTP service.
Command: USER ftpuser
Response: 331 Please specify the password.
Command: PASS ******
Response: 530 Login incorrect.
Error: Critical error
Error: Could not connect to server
Change user's shell
usermod -s /usr/sbin/nologin username
Then edit "/etc/shells" file and add this line
/usr/sbin/nologin

In order to connect to the server using ftp, you also need to run a ftp server / service or daemon.
An example of such ftp server is "vsftpd"
After installing it, you will also need to configure it and allow anonymous ftp access or ftp access to existing users
You will find the configuration file in the path "/etc/vsftpd/vsftpd.conf"
The below link might be useful for you --
https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-centos-6--2

FTP getting 550 Permission denied Apache Ubuntu Server 11

I just set up FTP today, and I am getting a 550 Permission denied error.
I tried chmod-ing the directory(/var/www/site1).
Any ideas?

Check if your username and password is correct and port number.
the other reason can be you may not be having the permission to use the ftp in your network.

I had the same error message transferring files from the server to my laptop. I changed the firewall settings to allow the server IP address. The error no longer appears.
In my case changing the chmod permissions did not affect it.