Unable to start ProFTPd in CentOS 7

Steffan's picture
Submitted by Steffan on Tue, 09/06/2016 - 13:37 Pro Licensee

Virtualmin installed on a clean Cloudmin CentOS 7 issue cannot start up proftpd.

I post this as a bug because Virtualmin prides itself on a seamless install and operation.

I have the fix which might be good to include in the Virtualmin installer.

When starting ProFTPd you see this error from systemctl

systemctl start proftpd
Job for proftpd.service failed because the control process exited with error code. See "systemctl status proftpd.service" and "journalctl -xe" for details.

which leads to this:

# systemctl status -l proftpd.service
● proftpd.service - ProFTPD FTP Server
   Loaded: loaded (/usr/lib/systemd/system/proftpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2016-09-06 10:44:22 MST; 19s ago
  Process: 24090 ExecStart=/usr/sbin/proftpd $PROFTPD_OPTIONS (code=exited, status=1/FAILURE)
 
Sep 06 10:44:22 base-img.hldns.net systemd[1]: Starting ProFTPD FTP Server...
Sep 06 10:44:22 base-img.hldns.net proftpd[24090]: 2016-09-06 10:44:22,230 base-img.hldns.net proftpd[24090]: fatal: SFTPHostKey: unable to check '/etc/ssh/ssh_host_dsa_key': No such file or directory on line 436 of '/etc/proftpd.conf'
Sep 06 10:44:22 base-img.hldns.net systemd[1]: proftpd.service: control process exited, code=exited status=1
Sep 06 10:44:22 base-img.hldns.net systemd[1]: Failed to start ProFTPD FTP Server.
Sep 06 10:44:22 base-img.hldns.net systemd[1]: Unit proftpd.service entered failed state.
Sep 06 10:44:22 base-img.hldns.net systemd[1]: proftpd.service failed.

Here's the fix:

# ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
9a:73:c2:87:84:c5:4e:84:0b:e5:32:c9:bb:b6:cf:2e root@xxxxxx
The key's randomart image is:
+--[ DSA 1024]----+
|   ....          |
| ..o.o           |
|  =...+          |
|   +.=           |
|  . . o S        |
|   . o +         |
|  o   B o        |
| .Eo   =         |
|  .++            |
+-----------------+
 
# systemctl start proftpd

I can't say if this is the perfect solution or not because I see it bound itself to the hostname assigned by Cloudmin. Will it have to be regenerated if the hostname changes?

Status: 
Closed (fixed)

Comments

Submitted by andreychek on Tue, 09/06/2016 - 14:50

Yeah we'll need to either disable the SFTP part of ProFTPd, or include a fix similar to what you shared there. Your fix may be the simplest way to start.

ProFTPd does need a hostname, though as long as it's kept up to date in /etc/hosts it shouldn't be a problem. At least, we haven't heard reports along those lines... if you run into a problem please let us know!

Steffan's picture
Submitted by Steffan on Tue, 09/06/2016 - 15:14 Pro Licensee

Somehow enforcing hostname change in the installer and in the web interface may be a good way to go because you can then regen the keys. Too bad there isn't (or is there) a tool in the OS that handles this part. Yes, hostname changes just that but doesn't update SSH keys AFAIK.

Steffan's picture
Submitted by Steffan on Tue, 09/06/2016 - 15:19 Pro Licensee

On another thought, disabling SFTP as part of the install and then when enabling it via the ProFTPd control panel, the keys could be regenerated. By then it's assumed the user will have properly set the hostname.

Steffan's picture
Submitted by Steffan on Sun, 03/18/2018 - 00:11 Pro Licensee

Status: Active » Closed (fixed)