Thread: vsftpd SSL problems
hi there!
having trouble setting ftps vsftpd on ubuntu 10.04.
(unfortunately project specification requires me use ftps , not sftp, of course simpler.)
vsftpd.conf:
now, when connect via ftp-ssl (or other ssl-enabled client) vsftpd.log reports following ssl errors:code:# general settings listen=yes listen_ipv6=no connect_from_port_20=no listen_port=21 pasv_enable=yes pasv_min_port=2000 pasv_max_port=2999 local_umask=022 chroot_local_user=yes secure_chroot_dir=/var/run/vsftpd ftpd_banner=welcome ftp server! use_localtime=yes # virtual user login local_enable=yes guest_enable=yes nopriv_user=vsftpd pam_service_name=vsftpd guest_username=vsftpd local_root=/home/vsftpd/$user user_sub_token=$user virtual_use_local_privs=yes user_config_dir=/etc/vsftpd_user_conf # ssl ssl_enable=yes implicit_ssl=no rsa_cert_file=/etc/vsftpd/server.pem force_local_data_ssl=no force_local_logins_ssl=yes ssl_tlsv1=yes ssl_sslv2=no # sslv3 required client ssl_sslv3=yes require_ssl_reuse=no # logs debug_ssl=yes xferlog_enable=yes log_ftp_protocol=yes # restrictions write_enable=yes dirlist_enable=yes download_enable=yes dirmessage_enable=yes # anonymous user anonymous_enable=no allow_anon_ssl=no anon_mkdir_write_enable=no anon_other_write_enable=no anon_upload_enable=no
what irritates me following lines:code:sat sep 4 11:51:31 2010 [pid 2] connect: client "xxx.xxx.xxx.xxx" sat sep 4 11:51:31 2010 [pid 2] ftp response: client "xxx.xxx.xxx.xxx", "220 welcome ftp server!" sat sep 4 11:51:34 2010 [pid 2] ftp command: client "xxx.xxx.xxx.xxx", "auth ssl" sat sep 4 11:51:34 2010 [pid 2] ftp response: client "xxx.xxx.xxx.xxx", "234 proceed negotiation." sat sep 4 11:51:34 2010 [pid 2] debug: client "xxx.xxx.xxx.xxx", "ssl version: tlsv1/sslv3, ssl cipher: des-cbc3-sha, not reused, no cert" sat sep 4 11:51:34 2010 [pid 2] ftp command: client "xxx.xxx.xxx.xxx", "user demouser" sat sep 4 11:51:34 2010 [pid 2] [demouser] ftp response: client "xxx.xxx.xxx.xxx", "331 please specify password." sat sep 4 11:51:36 2010 [pid 2] [demouser] ftp command: client "xxx.xxx.xxx.xxx", "pass <password>" sat sep 4 11:51:36 2010 [pid 1] [demouser] ok login: client "xxx.xxx.xxx.xxx" sat sep 4 11:51:36 2010 [pid 3] [demouser] ftp response: client "xxx.xxx.xxx.xxx", "230 login successful." sat sep 4 11:51:36 2010 [pid 3] [demouser] ftp command: client "xxx.xxx.xxx.xxx", "syst" sat sep 4 11:51:36 2010 [pid 3] [demouser] ftp response: client "xxx.xxx.xxx.xxx", "215 unix type: l8" sat sep 4 11:51:38 2010 [pid 3] [demouser] ftp command: client "xxx.xxx.xxx.xxx", "port 87,237,120,58,225,128" sat sep 4 11:51:38 2010 [pid 3] [demouser] ftp response: client "xxx.xxx.xxx.xxx", "200 port command successful. consider using pasv." sat sep 4 11:51:38 2010 [pid 3] [demouser] ftp command: client "xxx.xxx.xxx.xxx", "list" sat sep 4 11:51:38 2010 [pid 3] [demouser] ftp response: client "xxx.xxx.xxx.xxx", "150 here comes directory listing." sat sep 4 11:51:38 2010 [pid 2] [demouser] debug: client "xxx.xxx.xxx.xxx", "ssl version: tlsv1/sslv3, ssl cipher: des-cbc3-sha, not reused, no cert" sat sep 4 11:51:38 2010 [pid 2] [demouser] debug: client "xxx.xxx.xxx.xxx", "ssl shutdown state is: none" sat sep 4 11:51:38 2010 [pid 2] [demouser] debug: client "xxx.xxx.xxx.xxx", "ssl shutdown state is: ssl_sent_shutdown" sat sep 4 11:51:38 2010 [pid 2] [demouser] debug: client "xxx.xxx.xxx.xxx", "ssl shutdown state is: ssl_sent_shutdown" sat sep 4 11:51:38 2010 [pid 2] [demouser] debug: client "xxx.xxx.xxx.xxx", "ssl shutdown state is: ssl_sent_shutdown" sat sep 4 11:51:38 2010 [pid 2] [demouser] debug: client "xxx.xxx.xxx.xxx", "ssl ret: 0, ssl error: error:00000000:lib(0):func(0):reason(0), errno: 0" sat sep 4 11:51:38 2010 [pid 3] [demouser] ftp response: client "xxx.xxx.xxx.xxx", "226 directory send ok." sat sep 4 11:51:39 2010 [pid 3] [demouser] ftp command: client "xxx.xxx.xxx.xxx", "quit" sat sep 4 11:51:39 2010 [pid 3] [demouser] ftp response: client "xxx.xxx.xxx.xxx", "221 goodbye."
andcode:ssl shutdown state is: ssl_sent_shutdown
i have spend quite time consulting google find solution problem, without success. performed following test resolve issue:code:ssl ret: 0, ssl error: error:00000000:lib(0):func(0):reason(0), errno: 0
- disableing ssl_sslv2 , ssl_sslv3
- changing ssl certificate
- changing pam authentication mechanism (you never know...)
- manually compiling vsftpd (version 2.3.1) in case it's bug in vsftpd (my version 2.2.2)
certificate created following command:
my /etc/pam.d/vsftpd looks (enabling virtual user accounts via mysql):code:openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
has else encountered these problems before?code:auth required pam_mysql.so user=vsftpd passwd=xxxxxx host=127.0.0.1 db=vsftpd table=accounts usercolumn=username passwdcolumn=password crypt=3 account required pam_mysql.so user=vsftpd passwd=xxxxxx host=127.0.0.1 db=vsftpd table=accounts usercolumn=username passwdcolumn=password crypt=3
best , help!
cocose
Forum The Ubuntu Forum Community Ubuntu Specialised Support Ubuntu Servers, Cloud and Juju Server Platforms [ubuntu] vsftpd SSL problems
Ubuntu
Comments
Post a Comment