LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-11-2011, 11:34 AM   #1
elcog
LQ Newbie
 
Registered: Feb 2011
Posts: 3

Rep: Reputation: 0
vsftpd ver 2.0.4 FTPES works but upgrade to ver 2.3.2 it does not


Intro: System intel atom with 4 gb ram, O/S SLES 10 sp3 x64. Installed for base server with gui. (No firewall, no appamour, no printers,Static IP.)
using the local network with winxp "user workstation" and no xp firewall.NB most config done via scp or putty from workstation.
Installed vsftpd from yast ( version 2.0.4) Edit vsftpd.conf file for pam authorisation from db database file, and no anonymous logins allowed. Config File available if required. Works fine.
Then I created ssl certificate, edited config file tested from filezilla ok. Moved users to own directories and created user config files to override main config file. Seems perfect.
BUT a big issue exists using fireftp 1.0.10. It takes minutes to show a directory listing. "BING" search reveals an issue wrt vsftpd versions less than 2.0.7. So its upgrade time.
As I can not find a RPM thats acceptable to sles I decide to go bang upto date and build from source 2.3.2.
ISSUE_1: ( working as root...yes i know !) my install is obviously missing gcc and some pam pre-requisites.
answer=> install from yast and sles source dvd.
ISSUE_2: compile FAILS. seems the script that is supposed to "find" the requisite libraries assumes that a 64bit distribution won't have 32bit libs. Wrong ! So I used linux's find to ensure the correct libraries were present and available.
Potential danger point --> I edited the script vsf_findlibs.sh and changed 2 lines
code:
locate_library /lib/libpam.so.0 && echo "/lib/libpam.so.0";
to:-
locate_library /lib/libpam.so.0 && echo "/lib64/libpam.so.0";
as well as
if locate_library /lib/libcap.so.1; then echo "/lib/libcap.so.1";
to:-
if locate_library /lib/libcap.so.1; then echo "/lib64/libcap.so.1";
endcode
Then it compiled ok and then appeared to run okay. (I moved it to /usr/sbin)
EXCEPT when I attempt to run vsftpd now I can no longer make FTPES connections neither filzilla or FireFTP work. It appears they all disconnect immediately after sending password.
IN an attempt to get better diagnostics I installed CuteFTP 8.3. It says Can't read from control socket. Socket error = #10054 vsftpd immediately after the password has been sent.
(I temporarily reverted to the NON ssl config file and that works fine for simple ftp.)
I trie dadding various commands to the config file, like:-
listen address, pasv_address, ssl_sslv2=no, ssl_sslv3=no, require_ssl_reuse=no,debug_ssl=yes, connect_from_port_20=yes
or connect_from_port_20=yes
none of these had any positive effect i.e. still fails.
...except many were illegal when i backported to version 2.0.4. (BTW remove the illegal commands, and restart vsftpd v2.0.4 still WORKS.
16 hours of reading forums only revealed 2 similar incidents ( though on different software revisions) but NO REPLIES.

my inclination is that I messed up the compile some how. (gcc=4.1.2)
btw ldd says:-
code:
ldd ./vsftpd
linux-vdso.so.1 => (0x00007fff7b7ff000)
libpam.so.0 => /lib64/libpam.so.0 (0x00002ae52f52c000)
libdl.so.2 => /lib64/libdl.so.2 (0x00002ae52f637000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00002ae52f73b000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00002ae52f852000)
libcap.so.1 => /lib64/libcap.so.1 (0x00002ae52f966000)
libssl.so.0.9.8 => /usr/lib64/libssl.so.0.9.8 (0x00002ae52fa69000)
libcrypto.so.0.9.8 => /usr/lib64/libcrypto.so.0.9.8 (0x00002ae52fbb0000)
libc.so.6 => /lib64/libc.so.6 (0x00002ae52fe13000)
libaudit.so.0 => /lib64/libaudit.so.0 (0x00002ae530053000)
/lib64/ld-linux-x86-64.so.2 (0x00002ae52f410000)
endcode

1) Any comments on my bodge to the .sh file greatfully accepted, perhaps someone could tell me how to do this properly.
2) Is the compilation I did actualy viable ?
3) I am making the following assumptions ( nieve?)
a) If the cerificate is ok in 2.0.4 its ok in 2.3.2
b) If PAM works for 2.0.4 the its ok for 2.3.2
c) 2.3.2 doesn't break 2.0.4 config file (vsftpd.conf)
d) I didn't miss something really stupid.
4) Any advice welcomed, its got me beat, and unfortunately I cannot remove the ftp requirement, only attempt to make it vagely secure.
ps This is my very first post, so I have tried to keep it short, simple and to the point. I probably failed, but thanks for reading
 
Old 02-12-2011, 08:30 AM   #2
elcog
LQ Newbie
 
Registered: Feb 2011
Posts: 3

Original Poster
Rep: Reputation: 0
UPDATE:-
I discovered my edit of the vsf_findlibs.sh was wrong. edited it to change /usr/lib to /usr/lib64 and this changed the built file vsftpd.
SAME FAILURE though.
I checked logs and found pam authentification works (/var/log/messages)
I re created new pem certificate, checked it and then pointed vsftpd.config to it.

Same sad negative results.

upgrade filizilla response is
immediately after sending password
GnuTLS error -8: A record packet with illegal version was received.
Error: Could not connect to server

Last edited by elcog; 02-12-2011 at 09:17 AM.
 
Old 03-02-2011, 11:41 AM   #3
elcog
LQ Newbie
 
Registered: Feb 2011
Posts: 3

Original Poster
Rep: Reputation: 0
WOW the sound of apathy

UPDATE All versions of vsftpd prior to 2.1.0 work, albeit they require vsft_findlibs to be edited.
versions 2.1.0, 2.1.1, 2.1.2, 2.3.3, and 2.3.4 all drop the connection immediately after password is sent.
NOT failed by PAM either .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Upgrading Samba from ver-3.0.4 to current ver-3.0.21b delamatrix SUSE / openSUSE 3 02-20-2006 10:56 AM
Wireles G card that works. A Netgear wg511 ver 2.0 not 3.0 Brian1 Linux - Hardware 3 10-27-2005 10:26 PM
Ver 2 Compiler With Ver 3. Kernel wat to do? cam34 Linux - Software 3 08-31-2003 06:15 PM
Ver. 2 @ Ver. 3 Compiler / WinModem Prob. cam34 Linux - Software 1 08-31-2003 03:55 PM
Trying to upgrade XFree86 to ver. 4.0.3 froycard Linux - Newbie 4 05-22-2001 08:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration