[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VSFTD PORT 21 PROBLEM

Posted on 2011-05-05
19
Medium Priority
?
984 Views
Last Modified: 2012-08-13
Hi,
I have a problem with FTP in linux. If I connect through port 22 to FTP using sftp and I login, I have no problem. If I do the same with the port 21 is showing me the error 530.

Connected to 172.16.6.2.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (172.16.6.2:root): root
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> 530 Login incorrect.

Open in new window


Thank you very much
0
Comment
Question by:TechEli
  • 11
  • 6
  • 2
19 Comments
 
LVL 12

Expert Comment

by:upanwar
ID: 35696080
Sftp run on ssh that's why you are able to login.

Sftp and ftp both are the different things.

If you want to check whether vsftpd is running or not on your box then please execute below given command.

# service vsftpd status

or

# /etc/init.d/vsftpd status
0
 

Author Comment

by:TechEli
ID: 35696093
[root@localhost sysconfig]# service vsftpd status
Se está ejecutando vsftpd (pid 2727)...

Open in new window

0
 
LVL 16

Expert Comment

by:Blaz
ID: 35696102
You should also check if root user is allowed to login via ftp.

For other connection issues (firewall etc.) please post your vsftp config file and the output of command iptables -L -nvx.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:TechEli
ID: 35696104
Cuando conecto por ftp me da la bienvenida 220 (vsFTPd 2.0.5), por lo tanto entiendo que el servicio vsftpd estar arrancado.
0
 

Author Comment

by:TechEli
ID: 35696109
The root user has permissions to connect by ftp, anyway me about all users. IPtables is offline.
0
 
LVL 16

Expert Comment

by:Blaz
ID: 35696121
What is your ftp client? Please post the vsftp configuration file.
0
 

Author Comment

by:TechEli
ID: 35696181
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=003
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
xferlog_file=/var/log/xferlog.log
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Benvingut a WP Elisava.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and 
# listens on IPv4 sockets. This directive cannot be used in conjunction 
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

#pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
tcp_wrappers=YES

Open in new window

0
 
LVL 12

Expert Comment

by:upanwar
ID: 35696187
Could you please run below given command on your box where you are running vsftpd.

# netstat -natp | grep -i ftp

and on the client machine could you please run below given command and paste output of both the command.

# telnet <vsftp box's IP> 21
0
 

Author Comment

by:TechEli
ID: 35696210
LINUX SERVER:
[root@localhost /]# netstat -natp | grep -i ftp
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      2727/vsftpd
tcp        0      0 172.16.6.2:21               172.16.64.206:4061          ESTABLISHED 8665/vsftpd

Open in new window


CLIENT:
220 (vsFTPd 2.0.5)

Open in new window

0
 
LVL 16

Expert Comment

by:Blaz
ID: 35696244
Could you additionally post the content of files:
/etc/vsftpd.chroot_list
/etc/vsftpd.user_list

And answer what ftp client are you using. Try using a simple command line ftp client.
0
 

Author Comment

by:TechEli
ID: 35696260
vsftpd.chroot_list
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
gopher
ftp
nobody
nscd
vcsa
pcap
dbus
rpc
mailnull
smmsp
sshd
rpcuser
nfsnobody
haldaemon
avahi-autoipd
distcache
apache
avahi
webalizer
named
squid
dovecot
mysql

Open in new window


vsftpd.user_list

gfernandez
root

Open in new window

0
 

Author Comment

by:TechEli
ID: 35696315
Client FTP: FIlezilla and simple command line
0
 
LVL 16

Accepted Solution

by:
Blaz earned 2000 total points
ID: 35696600
I found one configuration problem in your setup:
chroot_local_user=YES
chroot_list_enable=YES

What this means is that users in the list will NOT be chrooted. You probably do not want this. Also this means that root user is tried to be chrooted!

What do the server logs tell you about your connection attempts?



From the manpage:

chroot_list_enable
 If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.

 Default: NO

chroot_local_user
 If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.

 Default: NO
0
 

Author Comment

by:TechEli
ID: 35696879
Iniciando vsftpd para vsftpd: 500 OOPS: bad bool value in config file for: anonymous_enable
                                                           [FALLÃ]

Open in new window


I restart serice... :(
0
 
LVL 16

Expert Comment

by:Blaz
ID: 35696900
Look up these lines in the config:
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO

You probably accidentally added or deleted a letter at "NO"

What did you chenge now?

What do the server logs tell you about your connection attempts?
0
 

Assisted Solution

by:TechEli
TechEli earned 0 total points
ID: 35696925
Hi,
 I did a yum remove vsftpd and I've reinstalled vsftpd.
 Now works correctly on port 21. But users are not jailed.

Tnx!!!
0
 
LVL 16

Expert Comment

by:Blaz
ID: 35696944
Do I understand correctly that your problem is now fixed? If so you should close the question.
0
 

Author Comment

by:TechEli
ID: 35696969
TNX
0
 

Author Closing Comment

by:TechEli
ID: 35726816
TNX ALL!!!!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
Integration Management Part 2
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question