vsftp gives me fits

petcherd · 03-28-2007, 06:14 PM

I've installed SlackWare 11 with a small root partition and a large partition for /home.

I want to allow a certain user to open a ftp session to my new server to put and get files.

I'm editing /etc/vsftpd.conf, and so far, I've been able to allow anonymous ftp upload and download. I've also been able to let the root user upload and download, but whenever I try to login as luser, I get:

530 Login incorrect.
Login failed.
ftp>

What am I missing, here?

cgjones · 03-28-2007, 06:30 PM

I realize that this doesn't directly address your question, but have you considered OpenSSH? It will do exactly what you need and it will do it securely.

elsheikhmh · 03-28-2007, 06:46 PM

I didn't get that; do you have a user called luser in your /ect/passwd?
try:

Code:

cat /etc/passwd | grep luser

elsheikhmh · 03-28-2007, 06:50 PM

@cgjones: but at least vsftpd will enable secure file transfer easier than SSH-based solution.

bsdunix · 03-28-2007, 06:57 PM

I used the default /etc/vsftpd.conf that came with Slackware 11.0, uncommented #write_enabled=YES, and was able to login with a local user account and upload files. I initially saw 530 login error, but I realized I was using the wrong password.

cgjones · 03-28-2007, 06:58 PM

Quote:

Originally Posted by elsheikhmh

@cgjones: but at least vsftpd will enable secure file transfer easier than SSH-based solution.

From the manpage of vsftpd:

Quote:

ssl_enable

If enabled, and vsftpd was compiled against OpenSSL, vsftpd will support secure connections via SSL. This applies to the control connection (including login) and also data connections. You'll need a client with SSL support too. NOTE!! Beware enabling this option. Only enable it if you need it. vsftpd can make no guarantees about the security of the OpenSSL libraries. By enabling this option, you are declaring that you trust the security of your installed OpenSSL library.

Default: NO

I don't see how vsftpd is any easier then ssh. Don't get me wrong, I'm a fan of vsftpd, but based on the OP's description, I felt that ssh might be the better solution.

elsheikhmh · 03-28-2007, 07:09 PM

@bsdunix good to hear that. if "local_enable=YES" in your "/etc/vsftpd.conf" then local users in /etc/passwd are allowed to login.

@cgjones you are right. actually i was talking about easier clients. may be because most of the time i'm thinking in terms of my clients who were Windows-based non-technical people so (S)FTP was easier for 'em. but you are totally right. SSH is So Secure sHell

petcherd · 03-29-2007, 10:05 AM

Quote:

Originally Posted by cgjones

I realize that this doesn't directly address your question, but have you considered OpenSSH? It will do exactly what you need and it will do it securely.

Will it really? I need the ftp server to stand ready to get and put files from a client that doesn't speak SSH. Are you saying that OpenSSH includes a plain-old non-secure ftp server in its package? I've only used it for the ssh terminal session feature and for a secure tunnel to enclose an rsync session.

Perhaps I might have been unclear above. The client side of this system is not a Linux box; it's just a dumb PC transferring a big ol' file via the only protocol it knows: FTP.

petcherd · 03-29-2007, 10:09 AM

Quote:

Originally Posted by elsheikhmh

I didn't get that; do you have a user called luser in your /ect/passwd?
try:

Code:

cat /etc/passwd | grep luser

Good suggestion. Yes, I did remember to set-up the user and give him a home directory.

That reminds me, though... I wonder if I gave him a default shell? No, I didn't. I'll try adding /bin/bash and report back in a couple of hours whether or not that helped.

petcherd · 03-29-2007, 10:16 AM

Thanks for the suggestions on vsftpd.conf.... I thought that was what I had done, but I've made several rounds of changes. By this point, I've tweaked the /etc/vsftpd.conf file so many different ways that I can't remember what it looked like at the start. I think I'll manually open the package's .tgz file and re-extract the original .conf to edit from a standard starting point. This time, I'll take better notes and modify just one setting at a time while I test. I'll report back in a couple of hours.

Can you tell I'm a

?

petcherd · 03-29-2007, 01:17 PM

OK, it works now. Here's what I needed:

The FTP user required a valid home directory and a valid shell in /etc/passwd
The vsftpd.conf file needed minimal edits from the default:

anonymous-enable=NO
write-enable=YES

Now I just need to ensure nobody can login as root or other undesirable users, and I'll be done.

cgjones · 03-29-2007, 01:37 PM

Quote:

Originally Posted by petcherd

Will it really? I need the ftp server to stand ready to get and put files from a client that doesn't speak SSH. Are you saying that OpenSSH includes a plain-old non-secure ftp server in its package? I've only used it for the ssh terminal session feature and for a secure tunnel to enclose an rsync session.

Perhaps I might have been unclear above. The client side of this system is not a Linux box; it's just a dumb PC transferring a big ol' file via the only protocol it knows: FTP.

If you are interested in learning more about OpenSSH, I would suggest that you check out the link I provided. You can utilize SSH from a Windows system by using a program such as FileZilla or WinSCP.

Since this is a transfer between Windows and Linux, another option would have been Samba.

petcherd · 03-30-2007, 12:09 AM

Close, but no cigar. I'm running Acronis True Image Backup. It will save to a samba share, but it also saves to an FTP server. Using the FTP server means that I don't have to expose my Windows domain to the nasty, naughty Internet.

440Music · 01-28-2010, 05:49 PM

Thanks for the details on getting ftp working, the one key item I didn't get from any of the post on ftp was that I have to log-in using sftp from my client.

Tom