PDA

View Full Version : Problems with vsftpd


A|fie
28th January 2006, 19:38
Hi,

I have problems with vsftpd installing ISPconfig with debian sarge 3.1
the installation was correct but web-ftp donīt works

when i put user and pass the ispconfig display this message:

" Ha ocurrido el siguiente error:

Could not connect as user web1_admin

Next >> "

and when i release this "next" it returns to login page.
I try a lot of times but unfortunely each one, with other users, other passwords... not workīs :(

can you help me please?

thanks a lot !!

falko
29th January 2006, 00:50
Did you enable FTP on the "Basis" tab of this web site?

Does the login work if you use an FTP client like SmartFTP or WS_FTP?

A|fie
29th January 2006, 10:50
Yes, I enable it.

I try to login by one ftp client type SmartFTP DeluxeFTP or trought console, but donīt work.
in console the message is :

ftp> open 62.14.109.xxx
Connected to 62.14.109.xxx
220 (vsFTPd 2.0.3)
Name (62.14.109.xxx:tete): web1_admin
530 This FTP server is anonymous only.
Login failed.
ftp> close
221 Goodbye.
ftp> open 62.14.109.xxx
Connected to 62.14.109.xxx.
220 (vsFTPd 2.0.3)
Name (62.14.109.xxx:tete): anonymous
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/home/ftp
Login failed.
ftp>

and yes, the directory /home/ftp not exists
maybe i have to create it? in my config of ispconfig i choose /var/www for apache, i donīt know if i have to create this directory or not.

thank you very very much and please excuse-me for my bad english

till
29th January 2006, 12:19
FTP users in ISPConfig where normally chrooted to their home directory, so a user web1_admin can not change to /home/ftp. The home directory of the user web1_admin is /home/www/web1/ or /var/www/web1/ if you checked the administrator checkbox for this user. Why do you want to change to /home/ftp? This directory is not used by an ISPConfig hosting server?

falko
29th January 2006, 18:30
530 This FTP server is anonymous only.

Your FTP server seems to support anonymous FTP only. Please post /etc/vsftpd.conf here.

A|fie
1st February 2006, 12:41
ok, th ISPConfig has created 4 .conf for vsftpd

vsftpd_127.0.0.1.conf
vsftpd_172.26.0.xxx.conf
vsftpd_62.14.109.xxx.conf

and the vsftpd.conf here is :

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
#local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
#write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by
# default. These settings are more Debian-friendly.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/vsftpd.pem


well, if you want I paste the other tree... thank you a lot

falko
1st February 2006, 14:23
# Uncomment this to allow local users to log in.
#local_enable=YES

That's the crucial part. Remove the # sign in front of local_enable=YES and restart vsftpd.

A|fie
2nd February 2006, 09:43
I did it .... and It works !!

thx a lot for your help !

garfabian
17th July 2006, 17:46
I installed vsftpd and seems to be running, when I try to connect using SFTP I get an error not able to connect that the server doesnt respond if I do regular FTP it connects fine is there something I can look at I see that I have port 20 in the config of vsftpd using ISPCONFIG control panel I open this port and still no luck. Does anyone have an idea in what could be the problem? Thank you in advance.

till
17th July 2006, 17:51
I installed vsftpd and seems to be running, when I try to connect using SFTP I get an error not able to connect that the server doesnt respond if I do regular FTP it connects fine is there something I can look at I see that I have port 20 in the config of vsftpd using ISPCONFIG control panel I open this port and still no luck. Does anyone have an idea in what could be the problem? Thank you in advance.

SFTP is handled by your SSH daemon and not by vsftpd.

You will have to enable shell access for users that shall use sftp, but I dont recommend that unless you use chrooted SSH accounts.

Isterklister
3rd March 2007, 12:18
Helo,
to use vsftpd and WEB-ftp you can edit /etc/vsftpd.conf.

Change to:

anonymous_enable=NO
write_enable=YES
local_enable=YES
chroot_local_user=YES

restart vsftpd (ispconfig_tcp...)

It worked for me.:) With chroot yuo get little more security too.
___________________
Pelle

zxon
4th August 2007, 00:47
I'm having the same problem. I'm still getting the error "This FTP server is anonymous only". It seems to me that vsftpd isn't even reading the changes I make in vsftpd.conf, even though I've tried restarting the service, and even stopping and restarting manually. Can anyone offer any further help on this please?

Below I have posted the contents of my vsftpd.conf file.

----------------------------

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to Luggage's FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by
# default. These settings are more Debian-friendly.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

falko
4th August 2007, 12:22
even though I've tried restarting the service, and even stopping and restarting manually.
Did you get any errors when you tried to restart vsftpd?
What's the output of netstat -tap?

zxon
4th August 2007, 18:19
Did you get any errors when you tried to restart vsftpd?
No, I get no errors. I only get the "anonymous only" error when I try to connect to the service over ftp from either the local terminal or an ftp program in Windows (SmartFTP).

What's the output of netstat -tap?
Below, I have posted the output of netstat -tap...

----------------------------------------------

Luggage:/etc# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:2208 *:* LISTEN 2259/hpiod
tcp 0 0 *:imaps *:* LISTEN 2649/inetd
tcp 0 0 *:nfs *:* LISTEN -
tcp 0 0 *:afpovertcp *:* LISTEN 2595/afpd
tcp 0 0 *:swat *:* LISTEN 2649/inetd
tcp 0 0 *:netbios-ssn *:* LISTEN 2658/smbd
tcp 0 0 *:pop3 *:* LISTEN 2649/inetd
tcp 0 0 *:imap2 *:* LISTEN 2649/inetd
tcp 0 0 *:sunrpc *:* LISTEN 1943/portmap
tcp 0 0 localhost:51152 *:* LISTEN 2262/python
tcp 0 0 *:auth *:* LISTEN 2649/inetd
tcp 0 0 *:ftp *:* LISTEN 4115/vsftpd
tcp 0 0 Luggage.local:domain *:* LISTEN 2209/named
tcp 0 0 *:693 *:* LISTEN 2634/rpc.mountd
tcp 0 0 localhost:domain *:* LISTEN 2209/named
tcp 0 0 localhost:ipp *:* LISTEN 2405/cupsd
tcp 0 0 localhost:smtp *:* LISTEN 2568/exim4
tcp 0 0 localhost:953 *:* LISTEN 2209/named
tcp 0 0 *:33627 *:* LISTEN 2743/rpc.statd
tcp 0 0 localhost:4700 *:* LISTEN 2597/cnid_metad
tcp 0 0 *:microsoft-ds *:* LISTEN 2658/smbd
tcp 0 0 *:55966 *:* LISTEN -
tcp 0 0 Luggage.local:56029 jc-in-f99.google.co:www ESTABLISHED4028/firefox-bin
tcp 0 0 Luggage.local:60420 84.53.178.27:www ESTABLISHED4028/firefox-bin
tcp 0 0 Luggage.local:57891 84.53.178.49:www ESTABLISHED4028/firefox-bin
tcp 0 0 Luggage.local:56477 nf-in-f164.google.c:www ESTABLISHED4028/firefox-bin
tcp 0 0 Luggage.local:43254 84.53.178.40:www ESTABLISHED4028/firefox-bin
tcp6 0 0 *:www *:* LISTEN 2822/apache2
tcp6 0 0 *:domain *:* LISTEN 2209/named
tcp6 0 0 ip6-localhost:953 *:* LISTEN 2209/named

till
5th August 2007, 09:28
Please make sure that you select "vsftpd" in ISPConfig under management > server > settings on the ftp tab.

zxon
5th August 2007, 15:17
Sorry, but where is this option? If it's meant to be in the system menu I can't see it. If it's any help I'm running Debian Linux under KDE 3.5.

[EDIT]
OK I had a look and found I did not have ISPConfig installed on my system. After following instructions to install it on howtoforge, I went to 127.0.0.1:81 and logged in. I found the option "management > server > settings > ftp tab" and indeed VS-FTP was already selected, and the conf file was identified to be in "/etc/vsftpd.conf" (which is correct).

I applied the settings again anyway and also restarted vsftpd but unfortunately I still can't log onto the FTP server with an actual user and it keeps insisting that its anonymous only. Can anyone suggest anything else?

till
5th August 2007, 18:42
And you craeted this user in ISPConfig?

zxon
5th August 2007, 19:40
Ahh! Got it working! BTW To answer your question, yes I made the user in ISPConfig.

The problem was that I wasn't restarting the service properly. In the terminal, I was running:
#service vsftpd restart
...when really I should've been running...

/etc/init.d/vsftpd restart
However, to re-answer a previous question, I do get errors when I restart the service:

shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory
Restarting FTP server: vsftpd.
How can I resolve this little error?

falko
6th August 2007, 16:09
However, to re-answer a previous question, I do get errors when I restart the service:


How can I resolve this little error?
You're running the command from a directory which doesn't exist anymore (I assume it's the ISPConfig installation directory?). Go to an existing directory, and the warning disappears. :)

zxon
7th August 2007, 00:43
It seems to happen regardless of whichever directory I run it from. Nonetheless its working now.

Thank you all for your help :) :) :)