Re: vsftpd with ssl

To: debian-user@lists.debian.org
Subject: Re: vsftpd with ssl
From: Stephen Powell <zlinuxman@wowway.com>
Date: Mon, 29 Sep 2014 21:19:44 -0400 (EDT)
Message-id: <[🔎] 508460194.19779114.1412039984710.JavaMail.zimbra@wowway.com>
In-reply-to: <[🔎] 1412020836.5429ba644e9b5@webmail.eunet.rs>
References: <[🔎] 1412020836.5429ba644e9b5@webmail.eunet.rs>

On Mon, 29 Sep 2014 16:00:36 -0400 (EDT), Marko Randjelovic wrote:
> 
> I installed vsftpd on Wheezy and am trying to make it work with ssl (ftps
> protocol).
> 
> This is my config file:
> 
> listen=YES
> anonymous_enable=NO
> local_enable=YES
> dirmessage_enable=YES
> use_localtime=YES
> xferlog_enable=YES
> nopriv_user=ftpsecure
> secure_chroot_dir=/var/run/vsftpd/empty
> pam_service_name=vsftpd
> rsa_cert_file=/etc/ssl/private/vs.pem
> ssl_enable=YES
> debug_ssl=YES
> log_ftp_protocol=YES
> 
> /etc/ftpusers does not contain user vsftp.
> 
> I connect with:
> 
> lftp ftps://vsftp@127.0.0.1:21
> Password: 
> lftp vsftp@127.0.0.1:~> ls        
> ls: Fatal error: gnutls_handshake: An unexpected TLS packet was received.
> 
> In /var/log/vsftpd.log appears:
> 
> Mon Sep 29 21:55:10 2014 [pid 2] CONNECT: Client "127.0.0.1"
> Mon Sep 29 21:55:10 2014 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 2.3.5)"
> Mon Sep 29 21:55:10 2014 [pid 2] FTP command: Client "127.0.0.1",
> "????P???L??T)???T?HI??????????+???|NH????D???0?3?G?E?9?K?????2?@?D?8?J?????F?/?<?A?5?=???"
> Mon Sep 29 21:55:10 2014 [pid 2] FTP response: Client "127.0.0.1", "530 Please login with USER and PASS."
> Mon Sep 29 21:55:10 2014 [pid 2] FTP command: Client "127.0.0.1",
> "????????????????"
> Mon Sep 29 21:55:10 2014 [pid 2] FTP response: Client "127.0.0.1", "530 Please
> login with USER and PASS."
> 
> Please help me beacuse I have no ideas.
> 
> Kind regards

I work with SSL-secured FTP regularly.  First of all, let's get the
terminology right.  I'm glad to see that you used the term FTPS instead
of SFTP.  Many people have the two confused.  SFTP is a file transfer
protocol used under the Secure Shell protocol (SSH).  FTPS is regular
FTP (File Transfer Protocol) with SSL encryption wrapped around it.
But, strictly speaking, the FTPS protocol is for *implicit*
SSL-encrypted FTP only, and that's not how you have your server set up.
*Explicit* SSL-encrypted FTP, via the "AUTH TLS" command, is still
considered the FTP protocol, not the FTPS protocol, even though SSL
encryption is used.  Furthermore, the well-known port normally used
for FTPS is port 990, and you have your server set up to use port 21,
which is the well-known port for the FTP protocol.  So the server is
set up for FTP and the client is assuming FTPS.  They don't match.

The first decision you need to make is whether you want to set up
your server for implicit SSL or explicit SSL.  Then proceed from
there.

-- 
  .''`.     Stephen Powell    <zlinuxman@wowway.com>
 : :'  :
 `. `'`
   `-

Reply to:

Follow-Ups:
- Re: vsftpd with ssl
  - From: Marko Randjelovic <marko-r@sbb.rs>

References:
- vsftpd with ssl
  - From: Marko Randjelovic <markoran@EUnet.rs>

Prev by Date: Re: Let's have a vote!
Next by Date: Re: Apt-dpkg differences
Previous by thread: Re: vsftpd with ssl
Next by thread: Re: vsftpd with ssl
Index(es):
- Date
- Thread