FTPS and vsftpd 2.2
Moderator: Project members
FTPS and vsftpd 2.2
BTW, it seems as if vsftpd 2.2.0 re-introduces the broken behavior of versions <= 2.0.6.
Re: Discussion topic: It's the server's fault!
2.2 works fine for me.
Re: Discussion topic: It's the server's fault!
Strange, for me it breaks both FZ and SmartFTP. Reverting to vsftpd 2.1.2 fixes it. As far as encryption-related settings are concerned, I'm using:
force_local_data_ssl=NO
require_ssl_reuse=NO
ssl_enable=YES
force_local_data_ssl=NO
require_ssl_reuse=NO
ssl_enable=YES
Re: Discussion topic: It's the server's fault!
More information please. Used operating system? Used SSL library? Self-compiled vsftpd or some binary package? In the latter case, which patches (if any) are applied to vsftpd compared to the original source?
Re: Discussion topic: It's the server's fault!
I'm on Gentoo Linux, x86, so vsftpd is self-compiled and linked against dev-libs/openssl-0.9.8k. For the patches, see the ebuild file at http://gentoo-portage.com/AJAX/Ebuild/94063/View. I think there are just three directory layout related (or similar) patches, nothing serious. But I believe it's a vsftpd issue, not an FZ issue.
Re: Discussion topic: It's the server's fault!
I've got vsftpd compiled using exactly the same ebuild, works fine.
What are your CFLAGS?
What are your CFLAGS?
Re: Discussion topic: It's the server's fault!
Here's my build info:
USE flags for vsftpd:
Here's what FZ 3.2.7.1 gives me:
Here's what vsftpd.log on the server side says:
(Yes, it stops right here, no error message in the log.)
Code: Select all
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=i686 -mmmx -msse -msse2 -Os -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j2"
Code: Select all
USE="pam ssl tcpd -caps (-selinux) -xinetd"
Code: Select all
Status: Auflösen der IP-Adresse für eyebex.is-a-geek.org
Status: Verbinde mit <IP>:<Port>...
Status: Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort: 220 (vsFTPd 2.2.0)
Befehl: AUTH TLS
Antwort: 234 Proceed with negotiation.
Status: Initialisiere TLS...
Status: Überprüfe Zertifikat...
Befehl: USER <name>
Status: TLS/SSL-Verbindung hergestellt.
Antwort: 331 Please specify the password.
Befehl: PASS *************
Antwort: 230 Login successful.
Befehl: SYST
Antwort: 215 UNIX Type: L8
Befehl: FEAT
Antwort: 211-Features:
Antwort: AUTH SSL
Antwort: AUTH TLS
Antwort: EPRT
Antwort: EPSV
Antwort: MDTM
Antwort: PASV
Antwort: PBSZ
Antwort: PROT
Antwort: REST STREAM
Antwort: SIZE
Antwort: TVFS
Antwort: UTF8
Antwort: 211 End
Befehl: OPTS UTF8 ON
Antwort: 200 Always in UTF8 mode.
Befehl: PBSZ 0
Antwort: 200 PBSZ set to 0.
Befehl: PROT P
Antwort: 200 PROT now Private.
Status: Verbunden
Status: Empfange Verzeichnisinhalt...
Befehl: PWD
Antwort: 257 "/"
Befehl: TYPE I
Antwort: 200 Switching to Binary mode.
Befehl: PASV
Fehler: Verbindung zum Server getrennt: ECONNABORTED - Connection aborted
Fehler: Verzeichnisinhalt konnte nicht empfangen werden
Code: Select all
Sun Aug 30 12:04:47 2009 [pid 7293] CONNECT: Client "<IP>"
Sun Aug 30 12:04:47 2009 [pid 7293] FTP response: Client "<IP>", "220 (vsFTPd 2.2.0)"
Sun Aug 30 12:04:47 2009 [pid 7293] FTP command: Client "<IP>", "AUTH TLS"
Sun Aug 30 12:04:47 2009 [pid 7293] FTP response: Client "<IP>", "234 Proceed with negotiation."
Sun Aug 30 12:04:47 2009 [pid 7293] DEBUG: Client "<IP>", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Sun Aug 30 12:04:47 2009 [pid 7293] FTP command: Client "<IP>", "USER <name>"
Sun Aug 30 12:04:47 2009 [pid 7293] [user] FTP response: Client "<IP>", "331 Please specify the password."
Sun Aug 30 12:04:48 2009 [pid 7293] [user] FTP command: Client "<IP>", "PASS <password>"
Sun Aug 30 12:04:48 2009 [pid 7292] [user] OK LOGIN: Client "<IP>"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "230 Login successful."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "SYST"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "215 UNIX Type: L8"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "FEAT"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "211-Features:"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " AUTH SSL??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " AUTH TLS??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " EPRT??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " EPSV??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " MDTM??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " PASV??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " PBSZ??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " PROT??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " REST STREAM??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " SIZE??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " TVFS??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", " UTF8??"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "211 End"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "OPTS UTF8 ON"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "200 Always in UTF8 mode."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "PBSZ 0"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "200 PBSZ set to 0."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "PROT P"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "200 PROT now Private."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "PWD"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "257 "/""
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "TYPE I"
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP response: Client "<IP>", "200 Switching to Binary mode."
Sun Aug 30 12:04:48 2009 [pid 7294] [user] FTP command: Client "<IP>", "PASV"
Re: Discussion topic: It's the server's fault!
So an entirely different problem. Moved you into a new thread.
Re: FTPS and vsftpd 2.2
OK, sorry, I misread the error message in http://forum.filezilla-project.org/view ... f=2&t=7688 to be the same as mine. Do you want me to do more tests? If not, I'll revert to vsftpd 2.1.2 again and just be happy for now.
Re: FTPS and vsftpd 2.2
Please post your complete vsftpd.conf
Which kernel are you using?
Which kernel are you using?
Re: FTPS and vsftpd 2.2
Here you go:
Code: Select all
anonymous_enable=NO
ascii_upload_enable=YES
chmod_enable=NO
chroot_local_user=YES
connect_from_port_20=YES
force_local_data_ssl=NO
guest_enable=NO
hide_ids=YES
listen=YES
local_enable=YES
ls_recurse_enable=YES
pasv_promiscuous=YES
port_promiscuous=YES
require_ssl_reuse=NO
setproctitle_enable=YES
ssl_enable=YES
text_userdb_names=YES
use_localtime=YES
write_enable=YES
xferlog_enable=YES
file_open_mode=0660
listen_port=2111
local_umask=0007
max_clients=6
max_per_ip=3
pasv_min_port=2130
pasv_max_port=2190
local_root=/mnt/ftp
pasv_address=host.dyndns.org
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pasv_addr_resolve=YES
user_config_dir=/etc/vsftpd/user
debug_ssl=yes
log_ftp_protocol=yes
xferlog_enable=yes
Re: FTPS and vsftpd 2.2
Which kernel are you using?
Re: FTPS and vsftpd 2.2
Sorry, it seems I'm not reading posts very thoroughly these days
You can get my kernel config here: http://threekings.tk/tmp/config.gz
Code: Select all
udat ~ # uname -a
Linux udat 2.6.27-gentoo-r10 #1 SMP Wed Apr 15 00:41:45 CEST 2009 i686 VIA Esther processor 1200MHz CentaurHauls GNU/Linux
Re: FTPS and vsftpd 2.2
Bit old. Latest vsftpd used a relatively new feature (clone() with CLONE_NEWNET flag) that might not work correctly in 2.6.27, please try 2.6.30.x
Re: FTPS and vsftpd 2.2
Same problem with kernel 2.6.30:
Code: Select all
udat src # uname -a
Linux udat 2.6.30-gentoo-r5 #1 SMP Sun Aug 30 17:15:48 CEST 2009 i686 VIA Esther processor 1200MHz CentaurHauls GNU/Linux