moving FTP servers blows (well, doesn't actually)

Ryan Byrd ryanbyrd at gmail.com
Wed Jan 23 14:19:01 MST 2013


Hello world,

Imagine you have a pure-ftpd
<http://www.pureftpd.org/project/pure-ftpd>running on an openSUSE 11.1
box. Imagine further that the pure-ftpd user
passwords are encrypted with blowfish. I know this because in the
/etc/pure-ftpd/pureftpd.passwd the entries look like:

ftpuser:$2a$07$boPaYJZVKWRO9xijg4QBYu0PromGqu87MocwR.d9LDZ3Dy7KOp28y:1004:1000::/srv/ftp/ftpuser/./::::::::::::

and according to wikipedia, $2a$ means blowfish:
http://en.wikipedia.org/wiki/Crypt_%28Unix%29#Blowfish-based_scheme

But it's time to move the FTP server to a new box. The new FTP server is
Ubuntu 12.04 and when I create a new FTP user, it creates users like:
ftpuser:$1$RtxrIMN0$ukxRvJ9CLe9k0TcGD9Gbg1:1010:1011::/srv/ftp/ftpuser/./::::::::::::

which are md5 passwords:
http://en.wikipedia.org/wiki/Crypt_%28Unix%29#MD5-based_scheme

what this means is that I can't log into the new ftp server with the
previous accounts even though I've moved the passwd file.

pure-ftpd is supposed to first use blowfish, if it's available and then, if
not, default to MD5.

in an attempt to blowfishify my new system, I ran this: aptitude install
libpam-unix2 which installed these new packages: libpam-unix2 libxcrypt1{a}

but new user ftp passwords are still $1$

i don't want to have to reset all the previous server account password.

ideas how to 1- get blowfish to work 2- move these user accounts?

-RB


More information about the PLUG mailing list