LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-17-2019, 09:13 AM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 688

Rep: Reputation: 34
vsFTPd : 530 Login incorrect


Hello

this should notify about wrong credentials, but even with very simple password '123' I am not able to login, and always getting same error (530)

Code:
16:03:08	Status:	Initializing TLS...
16:03:08	Status:	Verifying certificate...
16:03:08	Status:	TLS connection established.
16:03:11	Command:	USER myuser
16:03:11	Response:	331 Please specify the password.
16:03:11	Command:	PASS ***
16:03:11	Response:	530 Login incorrect.
16:03:11	Error:	Critical error: Could not connect to server

Code:
[root@prov admin]# ls -lh /var/ftp/
drwxr-x---. 2 myuser prnew 6  5 jun 10:09 prnew
drwxr-xr-x. 2 root       root    6 30 okt  2018 pub
I see nothing that helps me in logs /var/log/secure and /var/log/messages

I have restarted vsftpd service
I have disabled iptables

What else ?
 
Old 06-17-2019, 09:44 AM   #2
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,547

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
That's pretty clear: Either the username or the password entered is not correct.
It may help us help you to know
  • What distribution of Linux you are running on the server.
  • What is the OS/distribution you're running on the client.
  • If you've checked for a vsftp(d) log in /var/logs.
  • If this is new installation, or what you've changed lately if it's not.
  • How did you set up the user?
  • How did you assign the password?
 
Old 06-17-2019, 09:49 AM   #3
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
From what client (OS/version) are you doing the login to that server? What command are you using to do the login from your client?

What shell is in /etc/passwd on the server for the login user (myuser)? Is that shell in /etc/shells on the server?

P.S. You really ought to use sftp rather than ftps if at all possible. ftps is a bear to work with and is not as secure as sftp. sftp is native to Linux so if your source and your target are both Linux you really don't want to use ftps. Even if your client is MS-Windows you can install free tools like WinSCP on the client to talk to sftp on the Linux server.

Last edited by MensaWater; 06-17-2019 at 09:59 AM.
 
Old 06-17-2019, 12:51 PM   #4
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 688

Original Poster
Rep: Reputation: 34
Code:
cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
Code:
mysuer:x:1004:1004::/var/ftp/prnew:/sbin/nologin
FTP client is : FilleZilla on Fedora release 26 (Twenty Six)

There is no vsftp(d) log in /var/log.

User was made with adduser command. Before there was a much stronger pwd but now for 'easy' debugging I changed with "passwd myuser" to '123'.

I also use PHP ftp_ssl_connect() to use the FTP-account. Neither works any more.
 
Old 06-17-2019, 01:10 PM   #5
ehartman
Senior Member
 
Registered: Jul 2007
Location: Delft, The Netherlands
Distribution: Slackware
Posts: 1,674

Rep: Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886Reputation: 886
Quote:
Originally Posted by jonaskellens View Post
Code:
mysuer:x:1004:1004::/var/ftp/prnew:/sbin/nologin
FTP client is : FilleZilla on Fedora release 26 (Twenty Six)
I never used vsftpd myself, but I don't think it will let you login with /sbin/nologon as the shell (it will get a non-0 status from it). See also:
Quote:
check_shell
Note! This option only has an effect for non-PAM builds of vsftpd. If disabled, vsftpd will not check /etc/shells for a valid user shell for local logins.

Default: YES
(from the man page of vsftpd.conf);
so even when it does allow it, the shell (/sbin/nologon) MUST be in the /etc/shells file on the server (and I do not know the rules for when PAM is active ON that server).

PS: you misspelled "myuser" in the /etc/passwd quote, but I take that's just a typing error in the post, not in the file itself.
 
Old 06-17-2019, 01:48 PM   #6
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Quote:
mysuer:x:1004:1004::/var/ftp/prnew:/sbin/nologin
You need to add "/sbin/nologin" to /etc/shells file since that is the "shell" portion of the user's password entry.

cat /etc/shells before might show:
/bin/sh
/bin/bash
/bin/tcsh
/bin/csh
/bin/ksh
/bin/dash

After adding it:
/bin/sh
/bin/bash
/sbin/nologin
/bin/tcsh
/bin/csh
/bin/ksh
/bin/dash

P.S. I'd again urge you to use sftp instead of vsftpd/ftps. Filezilla supports sftp as well as ftps.

Last edited by MensaWater; 06-17-2019 at 01:53 PM.
 
Old 06-17-2019, 01:48 PM   #7
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,547

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
Quote:
Originally Posted by jonaskellens View Post
Code:
cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
Code:
mysuer:x:1004:1004::/var/ftp/prnew:/sbin/nologin
FTP client is : FilleZilla on Fedora release 26 (Twenty Six)

There is no vsftp(d) log in /var/log.

User was made with adduser command. Before there was a much stronger pwd but now for 'easy' debugging I changed with "passwd myuser" to '123'.

I also use PHP ftp_ssl_connect() to use the FTP-account. Neither works any more.
Out of the box, CentOS 7 won't allow that short a password. The default minimum is 9 characters, if I remember correctly.
Also, as I recall, there is no warning if you try to set the shorter password...it just doesn't get changed. I never did figure out where that minimum length is set, I just figured out it was nine (9), and started using that minimum. I believe an error got logged in /var/log/messages or /var/log/secure when trying to set too short a password.

If you know the longer password (pwd is something else entirely), try that.
If you don't know it, try setting a password that's at least nine characters long, then try that.

EDIT Found where the minimum is set.
CentOS 7 uses pam authentication. The configuration file is /etc/security/pwquality.conf

Therein:
Code:
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
# minlen = 9
(emphasis added)

So, again, it's not a vsftpd issue, it's that you can't have a password of 123. Try the old one, or set a new one > 9 characters.

(But, I'll add my "vote" to not use ftp at all. You should use sftp)

Last edited by scasey; 06-17-2019 at 02:10 PM.
 
Old 06-17-2019, 02:16 PM   #8
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,547

Rep: Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148Reputation: 2148
Quote:
Originally Posted by ehartman View Post
I never used vsftpd myself, but I don't think it will let you login with /sbin/nologon as the shell (it will get a non-0 status from it).
ncftpd (a for-pay ftp server) will allow ftp login to users with /sbin/nologin for their shell, because, of course, an ftp login doesn't use a shell at all. So users with /sbin/nologin can use ftp but cannot connect to the server with ssh (or, ack!, telnet)...and I just learned that a user can even sftp with /sbin/nologin in /etc/passwd -- probably, again, because sftp also doesn't use a shell.

Probably vsftp is the same...

Last edited by scasey; 06-17-2019 at 02:18 PM.
 
Old 06-17-2019, 02:20 PM   #9
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 688

Original Poster
Rep: Reputation: 34
Quote:
Originally Posted by MensaWater View Post
You need to add "/sbin/nologin" to /etc/shells file since that is the "shell" portion of the user's password entry.
Well, this indeed seems to be the solution.

Now what I don't understand is why my user 'myuser' was able to login before. There was no "/sbin/nologin" in the /etc/shells file before also.

If I look at the time that the login failure started to occur (at 10AM it still worked, at 2PM it didn't work anymore), I see the only action on the server that was made in that time-frame is an upgrade in the Let's Encrypt ssl-certificate.
It beats me how that can affect FTP-login stuff...
 
Old 06-17-2019, 02:34 PM   #10
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668Reputation: 1668
Quote:
Originally Posted by jonaskellens View Post
Well, this indeed seems to be the solution.

Now what I don't understand is why my user 'myuser' was able to login before. There was no "/sbin/nologin" in the /etc/shells file before also.

If I look at the time that the login failure started to occur (at 10AM it still worked, at 2PM it didn't work anymore), I see the only action on the server that was made in that time-frame is an upgrade in the Let's Encrypt ssl-certificate.
It beats me how that can affect FTP-login stuff...
Beats me too. /etc/shells has been a requirement for ftp (and ftps) and even for sftp if using non-standard shells for years. I have a note of configuring it for ftp back in 2006 on HP-UX then again for an sftp scponly setup in RHEL5 in 2010 and most recently for vsftp on RHEL6 in 2011 for ftps again. I have memories going back even further...

Anyway, glad I could help.

If you don't mind, please go to thread tools and mark this as Solved. It helps others in future to find questions with solutions on web searches.

Last edited by MensaWater; 06-17-2019 at 02:36 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd 530 login incorrect pocon Slackware 11 07-31-2015 03:56 PM
CentOS 5.5 vsftpd virtual users with pam_passwdfile, 530 login incorrect batfastad Red Hat 2 11-17-2010 05:27 AM
vsftpd : 530 login incorrect sheelavantar Slackware 7 09-14-2010 04:07 AM
vsftpd & virtual users - 530 Login incorrect mjtice Linux - Software 3 12-08-2008 03:15 PM
vsftpd 1.1.2 on redhat 7.1 -- 530 incorrect login issue triggerfish Linux - Software 4 08-17-2003 07:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration