Reputation: 11
Vsftpd cannot list directories when tls is enabled
I set up an FTP service using vsftpd on one of my Ubuntu servers. When the data was transmitted in plaintext, everything worked fine. But I need the data transmission to be encrypted, so I tried to enable TLS in vsftpd.conf. Then it will not work properly.
The version of vsftpd I installed is 3.0.3-12. The SSL certificate is self-signed by me with openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/private/vsftpd.pem -days 365 -newkey rsa:2048. Here's vsftpd.conf.
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=NO
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
utf8_filesystem=YES
port_enable=NO
pasv_enable=YES
pasv_address=xxx.xx.xx.xxx(static internet ip of my server)
pasv_addr_resolve=NO
pasv_min_port=30399
pasv_max_port=30621
local_root=/var/ftp
allow_writeable_chroot=YES
The specific error is this: When I use FileZilla in Windows, I cannot list directories after logging in correctly. It will definitely time out. I manually selected FileZilla to use passive mode.
Status: Connecting to xxx.xx.xx.xxx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/var/ftp" is the current directory
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (xxx,xx,xx,xxx,119,157).
Command: LIST
Response: 150 Here comes the directory listing.
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing
I also tried on another Ubuntu server with ftp-ssl.
Connected to xxx.xx.xx.xxx.
220 (vsFTPd 3.0.3)
Name (xxx.xx.xx.xxx:root): xxx
234 Proceed with negotiation.
[SSL Cipher TLS_AES_256_GCM_SHA384]
200 PBSZ set to 0.
200 PROT now Private.
[Encrypted data transfer.]
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
550 Permission denied.
ftp: bind: Address already in use
After a few tries, I checked these things:
ufw allow 20,21/tcpufw allow 30399:30621/tcp- set the permissions of the FTP root directory to 777
- disabled the firewall on my Windows client
I cannot find out where the problem is and it still cannot use TLS to transmit data.
Upvotes: 1
Views: 1229
Answers (0)
Related Questions
- Reasons for TLS Client Hello not being answered
- CentOS 7 vsftpd keeps rejecting PhpStorm FTP Connection
- FTP Connection issue- using FluentFTP for port 990 -TLS
- How do I get lftp to use SSL/TLS security mechanism from the command line?
- vsftpd error Listing Directories
- vsFTP - GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received
- Require explicit FTP over TLS with PHP
- ftp_put "Failed to establish connection" error with FTP SSL connection on some server
- GnuTLS error -15 on vsftpd
- ftp_ssl_connect with implicit ftp over tls