Recently I have noticed  by default Proftpd is enabled with SFTP module and we are not able to access the server over ftp protocol. This is the default case of Proftpd install from centos repository and a server comes with webmin on Centos7.

In such cases, I have faced below issues to successfully start and use the proftpd service.  Its welcome to use the steps I have followed as a trick or tip.

  • Firstly try to start the proftpd service from webmin.

  • Service got failed to start with below message.
Job for proftpd.service failed because the control process exited with error code. 
See "systemctl status proftpd.service" and "journalctl -xe" for details.

  • Issue below command  in ssh shell access for getting details about error.
systemctl status proftpd.service
  • But in our case above command result recommend to use below command to get details about error.
systemctl status proftpd.service -l

  • So we can see error as
fatal: SFTPHostKey: unable to use '/etc/ssh/ssh_host_rsa_key' as host key, as it is group- 
or world-accessible on line 435 of '/etc/proftpd.conf'

As far as I know error is because the file “/etc/ssh/ssh_host_rsa_key’ is group readable and its some kind of bug in new Centos7 ssh package.

  • Issued below command and tried to start the service again but it got failed again with below error.
chmod 600 /etc/ssh/ssh_host_rsa_key
fatal: SFTPHostKey: unable to check '/etc/ssh/ssh_host_dsa_key': No such file or 
directory on line 436 of '/etc/proftpd.conf'
  • I went to opened file /etc/proftpd.conf using vi editer and commended below lines and sucessfully started proftpd service.

  • At this moment if we try to connect to the server over default ftp port 21. We will get the “Could not connect to server error”
ftp 35.162.96.26

/bin/ftp: connect: Connection timed out

ftp>

  • This is because by default the proftpd port listening is “2222”and only allow “sftp” protocol access.
[[email protected] ~]# netstat -nlp | grep :21
[[email protected] ~]# netstat -nlp | grep :2222
tcp6 0 0 :::2222 :::* LISTEN 4817/proftpd: (acce
  • In such cases we have to use below settings in order to connect to the server over filezilla.
Host : sftp://IPaddress

Port : 2222

  • Now if we would like to disable sftp in the proftpd and allow ftp access, commend out below lines in the configuration file “/etc/proftpd.conf ” and restart proftpd service. It will allow us to connect to the server over ftp port 21.