Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi there,
vsftpd freezes at LIST.
Here is the client message:
220 Welcome to FACE-R service
AUTH TLS
234 Proceed with negotiation.
PBSZ 0
200 PBSZ set to 0.
USER arcadmin
331 Please specify the password.
PASS (password not shown)
230 Login successful.
CWD /home/arcadmin
250 Directory successfully changed.
TYPE A
200 Switching to ASCII mode.
PASV
227 Entering Passive Mode (10,10,13,3,39,35).
LIST
QUIT
listen=YES
nopriv_user=ftpsecure
connect_from_port_20=YES
max_per_ip=4
ftpd_banner=Welcome to FACE-R service
idle_session_timeout=600
pam_service_name=vsftpd
pasv_enable=YES # no effect
pasv_address=10.10.13.3 #no effect
pasv_min_port=10000 # no effect
pasv_max_port=10020 # no effect
hide_ids=yes
local_enable=YES
dirmessage_enable=YES
write_enable=YES
check_shell=NO
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
log_ftp_protocol=YES
chroot_list_enable=YES
ssl_enable=yes
require_ssl_reuse=NO
allow_anon_ssl=no
force_local_data_ssl=no
force_local_logins_ssl=yes
ssl_tlsv1=yes
ssl_sslv2=no
ssl_sslv3=no
rsa_cert_file=/etc/CA/FACERca.pem
rsa_private_key_file=/etc/CA/private/FACERpriv.pem
debug_ssl=YES
The #no effect marked lines does not change the symptom.
The user I am trying to connect is not chrooted user ( free to move around ).
The ssl certificate self-signed.
The server is behind a firewall receiving static IP address. The firewall is ok., the system ran before. The symptoms appeared just now, after a global update.
I have this in /etc/pam.d/vsftpd :
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth include system-auth
account include system-auth
session include system-auth
ftpusers does not contain the user I am trying to connect with.
I have found very similar issues but not exactly the same as mine.
These settings seems not to have effect. I have no access to the firewall, but as I know it is accepted on the terms of RELATED, ESTABLISHED.
As I know it is not closed.
I think it is something with ssl. If I config
ssl_enable=no
I can connect then regardless those settings.
Btw., the certificate is self-signed, but the clients are aware of it.
Perhaps this is a piece that helps those savants of the subject to help me out. With lftp debug I have the following:
<--- 227 Entering Passive Mode (IP_OF_THE_SERVER,122,247).
---- Address returned by PASV seemed to be incorrect and has been fixed
---- Connecting data socket to (IP_OF_THE_FIREWALL) port 31479
**** Socket error (Connection timed out) - reconnecting
---- Switching passive mode off
---> LIST
---> ABOR
---- Closing aborted data socket
---- Closing control socket
The passive ports have to be setup in your firewall otherwise the connections will time out. I know that some FTP clients can be switched over to use PORT, but I am unsure if that is an option for lftp (Never really used it).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.