ac14112
November 5th, 2009, 06:09 PM
I'm kinda new to linux and really new at setting up a server. I've been learning stuff as I go along. I've run into a problem with setting up my FTP server. I'm using vsftpd and I got it working fine without SSL encryption and using local accounts to log in. When I enable SSL however, I'm able to login, but it won't even show a directory listing.
I've tried this with the firewall on both the server and client machines disabled.
These are the options I enabled in my /etc/vsftpd.conf file
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
debug_ssl=YES
rsa_cert_file=/etc/vsftpd2.pem
rsa_private_key_file=/etc/vsftpd2.pem
I created my certificate with this command:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/vsftpd2.pem -out /etc/vsftpd2.pem
These are some errors I'm getting in the log file (/var/log/vsftpd.log):
Thu Nov 5 14:07:13 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL shutdown state is: NONE"
Thu Nov 5 14:07:13 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Thu Nov 5 14:07:14 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Thu Nov 5 14:07:14 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL ret: 0, SSL error: error:00000000:lib(0):func(0):reason(0), errno: 104"
Thu Nov 5 14:07:14 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL_accept failed: error:00000000:lib(0):func(0):reason(0)"
I've tried connecting using FireFTP (a Firefox addon) and Filezilla.
Log from FireFTP:
220 Welcome to My FTP service.
AUTH TLS
234 Proceed with negotiation.
PBSZ 0
200 PBSZ set to 0.
USER username
331 Please specify the password.
PASS (password not shown)
230 Login successful.
CWD /
250 Directory successfully changed.
TYPE A
200 Switching to ASCII mode.
PASV
227 Entering Passive Mode (X,X,X,X,114,242)
LIST
Log from Filezilla:
Status: Connecting to X.X.X.X:21...
Status: Connection established, waiting for welcome message...
Response: 220 Welcome to My FTP service.
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER username
Status: TLS/SSL connection established.
Response: 331 Please specify the password.
Command: PASS *********
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: AUTH SSL
Response: AUTH TLS
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: UTF8
Response: 211 End
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (X,X,X,X,86,4)
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing
If any more info is required, let me know.
I've tried this with the firewall on both the server and client machines disabled.
These are the options I enabled in my /etc/vsftpd.conf file
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
debug_ssl=YES
rsa_cert_file=/etc/vsftpd2.pem
rsa_private_key_file=/etc/vsftpd2.pem
I created my certificate with this command:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/vsftpd2.pem -out /etc/vsftpd2.pem
These are some errors I'm getting in the log file (/var/log/vsftpd.log):
Thu Nov 5 14:07:13 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL shutdown state is: NONE"
Thu Nov 5 14:07:13 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Thu Nov 5 14:07:14 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Thu Nov 5 14:07:14 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL ret: 0, SSL error: error:00000000:lib(0):func(0):reason(0), errno: 104"
Thu Nov 5 14:07:14 2009 [pid 5678] [username] DEBUG: Client "X.X.X.X", "SSL_accept failed: error:00000000:lib(0):func(0):reason(0)"
I've tried connecting using FireFTP (a Firefox addon) and Filezilla.
Log from FireFTP:
220 Welcome to My FTP service.
AUTH TLS
234 Proceed with negotiation.
PBSZ 0
200 PBSZ set to 0.
USER username
331 Please specify the password.
PASS (password not shown)
230 Login successful.
CWD /
250 Directory successfully changed.
TYPE A
200 Switching to ASCII mode.
PASV
227 Entering Passive Mode (X,X,X,X,114,242)
LIST
Log from Filezilla:
Status: Connecting to X.X.X.X:21...
Status: Connection established, waiting for welcome message...
Response: 220 Welcome to My FTP service.
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER username
Status: TLS/SSL connection established.
Response: 331 Please specify the password.
Command: PASS *********
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: AUTH SSL
Response: AUTH TLS
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: UTF8
Response: 211 End
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (X,X,X,X,86,4)
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing
If any more info is required, let me know.