Thanks Won, learn something knew every day....thinking about it, its actually quite obvious (doh!)
Ubuntu Seedbox with rtorrent | rutorrent | pureftpd | multi-user (optional)
- Thread starter saroos1
- Start date
Sorry about that, I think I left one step out
Code
sudo su
cd /etc/pure-ftpd/conf
echo 1 > TLS
(You could set it to 3 if you only want to allow FTPS with encrypted data and control channels)
Ive updated the original posts
Thanks OP; great tutorial. Could follow it through with very little ubuntu experience!
Just on a quick note, the line "sudo chown -R <username>:<username> <username>" should actually be "sudo chown -R <username>:<username> <userdir>" if I remember right. Yet didn't take me too long to figure that out.
Oh yes, and, TLS-FTP doesn't seem to work. Always get stuck at the directory listing. Normal FTP seems fine. Can't figure out why.
Code:
[1] PASV
[1] 227 Entering Passive Mode ([MYIP],106,65)
[1] Opening data connection IP: [MYIP] PORT: 27201 (not the port where pftpd is listening, is that the problem?)
[1] MLSD
[time out]
I've tried with numerous clients on Mac OS X and W7, with different settings. No luck.
Thanks again, anyway!
Just on a quick note, the line "sudo chown -R <username>:<username> <username>" should actually be "sudo chown -R <username>:<username> <userdir>" if I remember right. Yet didn't take me too long to figure that out.
Oh yes, and, TLS-FTP doesn't seem to work. Always get stuck at the directory listing. Normal FTP seems fine. Can't figure out why.
Code:
[1] PASV
[1] 227 Entering Passive Mode ([MYIP],106,65)
[1] Opening data connection IP: [MYIP] PORT: 27201 (not the port where pftpd is listening, is that the problem?)
[1] MLSD
[time out]
I've tried with numerous clients on Mac OS X and W7, with different settings. No luck.
Thanks again, anyway!
C0r
Wonslung is right - the directory name there should be the same as the username
Regarding that issue
1) Ensure that you have a file called TLS in the /etc/pure-ftpd/conf directory, with the contents being 1 (or 3 for only allowing secure data and control comms)
2) The error you are seeing looks like one I too saw with CuteFTP on W7.
You need to make sure the connection is forced to use PASV mode.
After that you might get another error that time-outs on trying to list directories.
You can make it work by setting the Clear Data Channel flag in the connection properties.
Not ideal though.
Im using SmartFTP and Filezilla with Protected Data and Control channels so I guess its a CuteFTP problem.
What client were you using?
Wonslung is right - the directory name there should be the same as the username
Regarding that issue
1) Ensure that you have a file called TLS in the /etc/pure-ftpd/conf directory, with the contents being 1 (or 3 for only allowing secure data and control comms)
2) The error you are seeing looks like one I too saw with CuteFTP on W7.
You need to make sure the connection is forced to use PASV mode.
After that you might get another error that time-outs on trying to list directories.
You can make it work by setting the Clear Data Channel flag in the connection properties.
Not ideal though.
Im using SmartFTP and Filezilla with Protected Data and Control channels so I guess its a CuteFTP problem.
What client were you using?
it's also important to know ftp is a old broken down piece of garbage.
It is literally a dinosaur and should be put to death.
It is an obvious mess and was never designed with the internet in mind (it was invented well before the internet existed even)
It's hard to NAT, doesn't play well with many firewalls and generally sucks.
The reason we hang on to it like a security blanket is beyond me when there exists so many alternatives which are better suited (SFTP comes screaming to mind)
It is literally a dinosaur and should be put to death.
It is an obvious mess and was never designed with the internet in mind (it was invented well before the internet existed even)
It's hard to NAT, doesn't play well with many firewalls and generally sucks.
The reason we hang on to it like a security blanket is beyond me when there exists so many alternatives which are better suited (SFTP comes screaming to mind)
I was using Flow and Transmit under Mac OS, FTPrush with W7. TLS with value 1 was there, used PASV connection, fiddled around with pretty much all the relevant settings, would not work. Followed your advise and switched to SmartFTP - worked INSTANTLY with standard explicit SSL settings, did not have to change one bit. Weird. Guess wonslung is right. Weird too that PureFTPd somehow seems to limit the speed to about 1,8 megabytes per second. Just "feels" like a hard cap. I did not have had this issue with prior ftp servers, so server itself and the connection are out of the picture and i can easily work around it just by enabling two threads in SmartFTP. Anyway, thanks again for the tutorial and the help afterwards. I'll check back when updates are at hand. I have no idea how to update something I built from sources before.
Cheers!
Cheers!
you need to recompile openssh with the hpn patches
see http://www.psc.edu/networking/projects/hpn-ssh/
or, if you switch to FreeBSD, you can just select the hpn option when you build the port. Its' quite nice.
The reason it's slower in it's default setup is due to issues with encryption and other overhead issue, read that link to see what i mean.
see http://www.psc.edu/networking/projects/hpn-ssh/
or, if you switch to FreeBSD, you can just select the hpn option when you build the port. Its' quite nice.
The reason it's slower in it's default setup is due to issues with encryption and other overhead issue, read that link to see what i mean.
well, i'm not sure it's important to make it required, but:
If you want to know how to do something cool:
if you build openssh with chroot support (it comes with it in most distros, but if you rebuild to apply the patch you may have to add the proper flag) you can create a chrooted SFTP server just by using the sshd_config file.
basically, what i do is this: I create some users for running rtorrent. These users are NOT the same username i intend to give my users, but an internal "system only" user just for running rtorrent
i normally create them with uid's and names like
rtuser1 uid 5001 scgi port 5001 with these dirs /home/rtuser1/.session /home/rtuser1/rtorrent/download /home/rtuser1/rtorrent/watch
rtuser2 uid 5002 scgi port 5002 with these dirs /home/rtuser2/.session /home/rtuser2/rtorrent/download /home/rtuser2/rtorrent/watch
rtuser3 uid 5003 scgi port 5003 with these dirs /home/rtuser3/.session /home/rtuser3/rtorrent/download /home/rtuser3/rtorrent/watch
so on and so forth
then, i create some MORE unix users with the SAME uid as these users (using the -o switch) These names will be the user name i intend to use for the webuser, ftp and sftp I create them WITHOUT home dir's. On FreeBSD the commands are something like this:
Code:
pw useradd SomeUSER1 -u 5001 -g 5001 -d /nonexistent -s /bin/sh -o
pw useradd SomeUSER2 -u 5002 -g 5002 -d /nonexistent -s /bin/sh -o
pw useradd SomeUSER3 -u 5003 -g 5003 -d /nonexistent -s /bin/sh -o
then, of course, set the unix password wiht passwd SomeUSER1
On Linux, the command is something like:
Code:
useradd -u 5001 -g 5001 -o -s /bin/sh -d /nonexistent SomeUSER1
useradd -u 5002 -g 5002 -o -s /bin/sh -d /nonexistent SomeUSER2
useradd -u 5003 -g 5003 -o -s /bin/sh -d /nonexistent SomeUSER3
now, i create a dir for the chroot, maybe something liek
Code:
mkdir /opt/sftp
mkdir -p /opt/sftp/SomeUSER1/torrents
mkdir -p /opt/sftp/SomeUSER2/torrents
mkdir -p /opt/sftp/SomeUSER3/torrents
then, i'll use bind or nullfs (depending on os) to mount the users download dir on the torrents dir i just made (note: the reason i don't just mount the download dir on /opt/sftp/SomeUSER1 is because this dir MUST be owned by root in order for this chroot to work correctly)
so, for freebsd, you'd add something like this to your /etc/fstab:
Code:
/home/rtuser1/rtorrent /opt/sftp/SomeUSER1/torrents nullfs rw 0 0
/home/rtuser2/rtorrent /opt/sftp/SomeUSER2/torrents nullfs rw 0 0
/home/rtuser3/rtorrent /opt/sftp/SomeUSER3/torrents nullfs rw 0 0
for linux, it's something like this:
Code:
/home/rtuser1/rtorrent /opt/sftp/SomeUSER1/torrents bind bind,defaults 0 0
/home/rtuser2/rtorrent /opt/sftp/SomeUSER2/torrents bind bind,defaults 0 0
/home/rtuser3/rtorrent /opt/sftp/SomeUSER3/torrents bind bind,defaults 0 0
in your sshd_config file (normally at /etc/ssh/sshd_config ) look for the Subsystem sftp line, if it's set to something like this:
Code:
Subsystem sftp /usr/libexec/sftp-server
change it to this:
Code:
Subsystem sftp internal-sftpnow, you just need to add the proper directives to your ssh config, something like this:
Code:
Match User SomeUSER1,SomeUSER2,SomeUSER3
ChrootDirectory /opt/sftp/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
and if you did everything right, you'll have an sftp user who has read/write privelages but is chrooted ONLY to the dir's for your rtorrent files.
another thing i tend to do when i do this, is:
I do not set a password at all for the users running rtorrent. Instead, i set a secure ssh key.
Another thing you can do, if you wish, is build a SEPARATE ssh server for sftp. This way you run it on a different port, with it's own settings.
If you want to know how to do something cool:
if you build openssh with chroot support (it comes with it in most distros, but if you rebuild to apply the patch you may have to add the proper flag) you can create a chrooted SFTP server just by using the sshd_config file.
basically, what i do is this: I create some users for running rtorrent. These users are NOT the same username i intend to give my users, but an internal "system only" user just for running rtorrent
i normally create them with uid's and names like
rtuser1 uid 5001 scgi port 5001 with these dirs /home/rtuser1/.session /home/rtuser1/rtorrent/download /home/rtuser1/rtorrent/watch
rtuser2 uid 5002 scgi port 5002 with these dirs /home/rtuser2/.session /home/rtuser2/rtorrent/download /home/rtuser2/rtorrent/watch
rtuser3 uid 5003 scgi port 5003 with these dirs /home/rtuser3/.session /home/rtuser3/rtorrent/download /home/rtuser3/rtorrent/watch
so on and so forth
then, i create some MORE unix users with the SAME uid as these users (using the -o switch) These names will be the user name i intend to use for the webuser, ftp and sftp I create them WITHOUT home dir's. On FreeBSD the commands are something like this:
Code:
pw useradd SomeUSER1 -u 5001 -g 5001 -d /nonexistent -s /bin/sh -o
pw useradd SomeUSER2 -u 5002 -g 5002 -d /nonexistent -s /bin/sh -o
pw useradd SomeUSER3 -u 5003 -g 5003 -d /nonexistent -s /bin/sh -o
then, of course, set the unix password wiht passwd SomeUSER1
On Linux, the command is something like:
Code:
useradd -u 5001 -g 5001 -o -s /bin/sh -d /nonexistent SomeUSER1
useradd -u 5002 -g 5002 -o -s /bin/sh -d /nonexistent SomeUSER2
useradd -u 5003 -g 5003 -o -s /bin/sh -d /nonexistent SomeUSER3
now, i create a dir for the chroot, maybe something liek
Code:
mkdir /opt/sftp
mkdir -p /opt/sftp/SomeUSER1/torrents
mkdir -p /opt/sftp/SomeUSER2/torrents
mkdir -p /opt/sftp/SomeUSER3/torrents
then, i'll use bind or nullfs (depending on os) to mount the users download dir on the torrents dir i just made (note: the reason i don't just mount the download dir on /opt/sftp/SomeUSER1 is because this dir MUST be owned by root in order for this chroot to work correctly)
so, for freebsd, you'd add something like this to your /etc/fstab:
Code:
/home/rtuser1/rtorrent /opt/sftp/SomeUSER1/torrents nullfs rw 0 0
/home/rtuser2/rtorrent /opt/sftp/SomeUSER2/torrents nullfs rw 0 0
/home/rtuser3/rtorrent /opt/sftp/SomeUSER3/torrents nullfs rw 0 0
for linux, it's something like this:
Code:
/home/rtuser1/rtorrent /opt/sftp/SomeUSER1/torrents bind bind,defaults 0 0
/home/rtuser2/rtorrent /opt/sftp/SomeUSER2/torrents bind bind,defaults 0 0
/home/rtuser3/rtorrent /opt/sftp/SomeUSER3/torrents bind bind,defaults 0 0
in your sshd_config file (normally at /etc/ssh/sshd_config ) look for the Subsystem sftp line, if it's set to something like this:
Code:
Subsystem sftp /usr/libexec/sftp-server
change it to this:
Code:
Subsystem sftp internal-sftpnow, you just need to add the proper directives to your ssh config, something like this:
Code:
Match User SomeUSER1,SomeUSER2,SomeUSER3
ChrootDirectory /opt/sftp/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
and if you did everything right, you'll have an sftp user who has read/write privelages but is chrooted ONLY to the dir's for your rtorrent files.
another thing i tend to do when i do this, is:
I do not set a password at all for the users running rtorrent. Instead, i set a secure ssh key.
Another thing you can do, if you wish, is build a SEPARATE ssh server for sftp. This way you run it on a different port, with it's own settings.
sure, the main purpose of the httprpc plugin is to lower bandwidth useage. It is mainly for users who wish to use a VERY LOW bandwidth link.
In order to be effective you need:
A fast server (when i say fast, i dont' mean anything like a multi-core high ram beast, but....you wouldn't want it on an embedded platform like a router, and you wouldn't use it on a server really taxed by mutliple users and other such things)
Either external compression via gzip or php compression via zlib
As few plugins as possible. You can use multiple plugins but the more you eliminate, the lower the bandwidth will be.
It's also much more secure than mod_scgi.
In order to be effective you need:
A fast server (when i say fast, i dont' mean anything like a multi-core high ram beast, but....you wouldn't want it on an embedded platform like a router, and you wouldn't use it on a server really taxed by mutliple users and other such things)
Either external compression via gzip or php compression via zlib
As few plugins as possible. You can use multiple plugins but the more you eliminate, the lower the bandwidth will be.
It's also much more secure than mod_scgi.
Thanks wonslung
Quote
The idea of a VERY LOW bandwidth link doesnt seem to sit well with torrenting in general though?
On a server with a 100/100 link, are there any benefits other than added security?
Any any downsides on such a system?
[quote author=wonslung link=topic=256.msg1710#msg1710 date=1273109
A fast server (when i say fast, i dont' mean anything like a multi-core high ram beast, but....you wouldn't want it on an embedded platform like a router, and you wouldn't use it on a server really taxed by mutliple users and other such things)
[/quote]
Any idea of a typical % change in resource use?
Quote
sure, the main purpose of the httprpc plugin is to lower bandwidth useage. It is mainly for users who wish to use a VERY LOW bandwidth link.
The idea of a VERY LOW bandwidth link doesnt seem to sit well with torrenting in general though?
On a server with a 100/100 link, are there any benefits other than added security?
Any any downsides on such a system?
[quote author=wonslung link=topic=256.msg1710#msg1710 date=1273109
A fast server (when i say fast, i dont' mean anything like a multi-core high ram beast, but....you wouldn't want it on an embedded platform like a router, and you wouldn't use it on a server really taxed by mutliple users and other such things)
[/quote]
Any idea of a typical % change in resource use?
subvertbeats absolutely fantastic guide !! I'm a Linux newbie, and it worked great for me. I had tried at least 20 different guides to get a full install. Most of the time only half the stuff would work. I set up a refurbished on a server.lu with this. Only probs I had was getting the ftp to work as it should (tls), but its working over normal ftp, so that will do me. And could not chmod the directories, but it seems to be working fine. I had been at this for weeks.
I hope you find time to keep this guide updated.
Well Done and Thanks
!
I hope you find time to keep this guide updated.
Well Done and Thanks
Now it makes sense. Given the vast majority of people using this guide (I think) will have at least a semi-decent connection I dont really see much benefit in this in the context of bandwidth.
The added security might make it worthwhile though....
Good to know its been useful for you, thanks for the feedbacksubvertbeats absolutely fantastic guide !! I'm a Linux newbie, and it worked great for me. I had tried at least 20 different guides to get a full install. Most of the time only half the stuff would work. I set up a refurbished on a server.lu with this. Only probs I had was getting the ftp to work as it should (tls), but its working over normal ftp, so that will do me. And could not chmod the directories, but it seems to be working fine. I had been at this for weeks.
I hope you find time to keep this guide updated.
Well Done and Thanks!
Just registered here to say thank you for a fantastic guide on setting up rtorrent on a headless Linux server.
For a Linux newbie it's a lot of work but well worth the time and effort.
Your guide is very easy to follow
again great work.
Since this was a first for me I was amazed at how easy it was
all thanks to your guide.
I only came across three things that didn't work as expected.
1. Under apache configuration
These lines need to have 'sudo' in front of them to work
a2enmod ssl
a2enmod auth_digest
a2enmod scgi
2. Under rutorrent - plugin installation
Personally I think the _getdir plugin is missing from the list
(sudo svn checkout http://rutorrent.googlecode.com/svn/trunk/plugins/_getdir)
It makes it a lot easier to create torrents that way.
Allthough I did learn a few things getting it to work after I had done all the steps in the guide.
(the little ... button in the create torrent dialog)
3. Under configuring Rtorrent
The line
sudo chown -R <username>:<username> <username>
is already mentioned somewhere else but can be pretty confusing for a newbie
Thank you very much
For a Linux newbie it's a lot of work but well worth the time and effort.
Your guide is very easy to follow
Since this was a first for me I was amazed at how easy it was
I only came across three things that didn't work as expected.
1. Under apache configuration
These lines need to have 'sudo' in front of them to work
a2enmod ssl
a2enmod auth_digest
a2enmod scgi
2. Under rutorrent - plugin installation
Personally I think the _getdir plugin is missing from the list
(sudo svn checkout http://rutorrent.googlecode.com/svn/trunk/plugins/_getdir)
It makes it a lot easier to create torrents that way.
Allthough I did learn a few things getting it to work after I had done all the steps in the guide.
(the little ... button in the create torrent dialog)
3. Under configuring Rtorrent
The line
sudo chown -R <username>:<username> <username>
is already mentioned somewhere else but can be pretty confusing for a newbie
Thank you very much