clare:/home/cats# ftp-ssl
ftp> o
(to) 192.168.0.6
Connected to 192.168.0.6.
220 (vsFTPd 2.0.6)
Name (192.168.0.6:cats): cats
234 Proceed with negotiation.
[SSL Cipher DES-CBC3-SHA]
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.
vsftpd is being a bitch
vsftpd is being a bitch
I figured using Samba to get files from home when I'm in school isn't very secured, so I installed vsftpd with SSL support. The problem is that I can't seem to list the directories. Here's what I get from trying to connect and list....
"The best place to hide a tree, is in a forest"
yeah ^^ doesn't workbad_brain wrote:as it says, use "passive (port) mode", simply look for it in the ftp client settings...200 PORT command successful. Consider using PASV.
here's my config....(removed the commented parts)
ssl_enable=YES
pasv_enable=YES
pasv_promiscuous=YES
tcp_wrappers=YES
listen=YES
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=cats
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/apache2/apache.pem
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
um, tried it with forcing active mode in the ftp client settings? I (or better people using ftp accounts on my servers) experienced this too, and using "the other" mode always worked...I simply can't remember if it was active or passive mode that had to be used because I never use ftp (using SSH).
the only thing that looks a little strange in your config is maybe the use of SSL, possible your client don't support it...so try it with disabled SSL too. in case nothing works kick vsftpd off the box and use proftpd instead, it's more stable and afaik there haven't been such nasty security flaws for it like for vsftpd....and I also can supply you with a working config for it...
the only thing that looks a little strange in your config is maybe the use of SSL, possible your client don't support it...so try it with disabled SSL too. in case nothing works kick vsftpd off the box and use proftpd instead, it's more stable and afaik there haven't been such nasty security flaws for it like for vsftpd....and I also can supply you with a working config for it...
bad_brain wrote:um, tried it with forcing active mode in the ftp client settings? I (or better people using ftp accounts on my servers) experienced this too, and using "the other" mode always worked...I simply can't remember if it was active or passive mode that had to be used because I never use ftp (using SSH).
the only thing that looks a little strange in your config is maybe the use of SSL, possible your client don't support it...so try it with disabled SSL too. in case nothing works kick vsftpd off the box and use proftpd instead, it's more stable and afaik there haven't been such nasty security flaws for it like for vsftpd....and I also can supply you with a working config for it...
Thanks, I'll look into proftpd later =)
Well, the reason that I installed vsftpd with SSL was that I wanted a safe way to get stuff from home when I'm in school, since Samba doesn't cope well with SSL, nor does it support changing ports since the clients seems to be forced to use the 139,445 ports.
So removing SSL would be killing the purpose of the project ^^ and I read on a blog that vsftpd would work well with it. And I found a client that supports SSL so it's not that (ftp-ssl, simply)
But yeah I'll read up on proftpd then. Does it support SSL?
"The best place to hide a tree, is in a forest"
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
oh, if you want to use SSL I have to ask you if you have generated the keys (all in one line):
then you also need to edit your conf:
don't forget to restart the service afterwards...
Code: Select all
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Code: Select all
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
*bumper post*
Works with SSL now =D, AND trigger ports ^^
Connected to xxx.xx.x.202.
220 (vsFTPd 2.0.6)
Name (xxx.xx.x.202:cats): cats
234 Proceed with negotiation.
[SSL Cipher DES-CBC3-SHA]
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode on.
ftp> cd /mnt
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192,168,0,6,96,144)
150 Here comes the directory listing.
drwxrwxrwx 1 0 0 4096 Aug 25 15:29 gb100
drwxrwxrwx 1 0 0 16384 Aug 31 13:16 gb500
226 Directory send OK.
ftp>
Works with SSL now =D, AND trigger ports ^^
"The best place to hide a tree, is in a forest"