LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   vsftpd on CentOS 6 SSL/TLS (https://www.linuxquestions.org/questions/linux-newbie-8/vsftpd-on-centos-6-ssl-tls-4175497299/)

will_grace 03-06-2014 03:20 PM
vsftpd on CentOS 6 SSL/TLS
 
Hello,

I am using FileZilla, the latest version 3.7.4.1 on Windows 7, connecting to a CentOS 6.5 Server with vstp installed. I am getting the following, it allowed me to confirm my selfsigned cert.

Response: 220 Welcome to XXX XXX. sFTP service.
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER ftp
Status: TLS/SSL connection established.
Response: 530 Anonymous sessions may not use encryption.
Error: Could not connect to server
Status: Waiting to retry...

It just does not seem to want to allow me to connect using TLS

My vsftpd config follows

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES


# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)

local_umask=022


# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES


# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES

# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES

# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES

# You may change the default value for timing out an idle session.
idle_session_timeout=600

# You may change the default value for timing out a data connection.
data_connection_timeout=120

# You may fully customise the login banner string:
ftpd_banner=Welcome to XXX XXX. sFTP service.

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list

# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_ciphers=HIGH

#listen_port=990
#debug_ssl=YES

pam_service_name=vsftpd
userlist_enable=YES
#userlist_deny=YES
userlist_deny=NO
tcp_wrappers=YES
max_per_ip=2
force_dot_files=NO

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
pasv_enable=YES
port_enable=YES
pasv_min_port=10001
pasv_max_port=10009
#pasv_address=X.X.X.X

The ports are mapped through the Router.

This is driving me up the wall.


All times are GMT -5. The time now is 08:43 AM.