Problems with vsftpd

Discussion in 'Installation/Configuration' started by A|fie, Jan 28, 2006.

  1. A|fie

    A|fie New Member

    Hi,

    I have problems with vsftpd installing ISPconfig with debian sarge 3.1
    the installation was correct but web-ftp don´t works

    when i put user and pass the ispconfig display this message:

    " Ha ocurrido el siguiente error:

    Could not connect as user web1_admin

    Next >> "

    and when i release this "next" it returns to login page.
    I try a lot of times but unfortunely each one, with other users, other passwords... not work´s :(

    can you help me please?

    thanks a lot !!
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Did you enable FTP on the "Basis" tab of this web site?

    Does the login work if you use an FTP client like SmartFTP or WS_FTP?
     
  3. A|fie

    A|fie New Member

    Yes, I enable it.

    I try to login by one ftp client type SmartFTP DeluxeFTP or trought console, but don´t work.
    in console the message is :

    ftp> open 62.14.109.xxx
    Connected to 62.14.109.xxx
    220 (vsFTPd 2.0.3)
    Name (62.14.109.xxx:tete): web1_admin
    530 This FTP server is anonymous only.
    Login failed.
    ftp> close
    221 Goodbye.
    ftp> open 62.14.109.xxx
    Connected to 62.14.109.xxx.
    220 (vsFTPd 2.0.3)
    Name (62.14.109.xxx:tete): anonymous
    331 Please specify the password.
    Password:
    500 OOPS: cannot change directory:/home/ftp
    Login failed.
    ftp>

    and yes, the directory /home/ftp not exists
    maybe i have to create it? in my config of ispconfig i choose /var/www for apache, i don´t know if i have to create this directory or not.

    thank you very very much and please excuse-me for my bad english
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    FTP users in ISPConfig where normally chrooted to their home directory, so a user web1_admin can not change to /home/ftp. The home directory of the user web1_admin is /home/www/web1/ or /var/www/web1/ if you checked the administrator checkbox for this user. Why do you want to change to /home/ftp? This directory is not used by an ISPConfig hosting server?
     
  5. falko

    falko Super Moderator ISPConfig Developer

    Your FTP server seems to support anonymous FTP only. Please post /etc/vsftpd.conf here.
     
  6. A|fie

    A|fie New Member

    ok, th ISPConfig has created 4 .conf for vsftpd

    vsftpd_127.0.0.1.conf
    vsftpd_172.26.0.xxx.conf
    vsftpd_62.14.109.xxx.conf

    and the vsftpd.conf here is :

    # Example config file /etc/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    #
    # Run standalone? vsftpd can run either from an inetd or as a standalone
    # daemon started from an initscript.
    listen=YES
    #
    # Run standalone with IPv6?
    # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    # instead of an IPv4 one. This parameter and the listen parameter are mutually
    # exclusive.
    #listen_ipv6=YES
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=YES
    #
    # Uncomment this to allow local users to log in.
    #local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    #write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    #xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that turning on ascii_download_enable enables malicious remote parties
    # to consume your I/O resources, by issuing the command "SIZE /big/file" in
    # ASCII mode.
    # These ASCII options are split into upload and download because you may wish
    # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
    # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
    # on the client anyway..
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    #ftpd_banner=Welcome to blah FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may restrict local users to their home directories. See the FAQ for
    # the possible risks in this before using chroot_local_user or
    # chroot_list_enable below.
    #chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    #chroot_list_enable=YES
    # (default follows)
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    #
    #
    # Debian customization
    #
    # Some of vsftpd's settings don't fit the Debian filesystem layout by
    # default. These settings are more Debian-friendly.
    #
    # This option should be the name of a directory which is empty. Also, the
    # directory should not be writable by the ftp user. This directory is used
    # as a secure chroot() jail at times vsftpd does not require filesystem
    # access.
    secure_chroot_dir=/var/run/vsftpd
    #
    # This string is the name of the PAM service vsftpd will use.
    pam_service_name=vsftpd
    #
    # This option specifies the location of the RSA certificate to use for SSL
    # encrypted connections.
    rsa_cert_file=/etc/ssl/certs/vsftpd.pem



    well, if you want I paste the other tree... thank you a lot
     
  7. falko

    falko Super Moderator ISPConfig Developer

    That's the crucial part. Remove the # sign in front of
    Code:
    local_enable=YES
    and restart vsftpd.
     
  8. A|fie

    A|fie New Member

    I did it .... and It works !!

    thx a lot for your help !
     
  9. garfabian

    garfabian New Member

    Can't connect using VSFTP

    I installed vsftpd and seems to be running, when I try to connect using SFTP I get an error not able to connect that the server doesnt respond if I do regular FTP it connects fine is there something I can look at I see that I have port 20 in the config of vsftpd using ISPCONFIG control panel I open this port and still no luck. Does anyone have an idea in what could be the problem? Thank you in advance.
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    SFTP is handled by your SSH daemon and not by vsftpd.

    You will have to enable shell access for users that shall use sftp, but I dont recommend that unless you use chrooted SSH accounts.
     
  11. Isterklister

    Isterklister New Member

    Vsftpd - ispconfig web-ftp

    Helo,
    to use vsftpd and WEB-ftp you can edit /etc/vsftpd.conf.

    Change to:

    anonymous_enable=NO
    write_enable=YES
    local_enable=YES
    chroot_local_user=YES

    restart vsftpd (ispconfig_tcp...)

    It worked for me.:) With chroot yuo get little more security too.
    ___________________
    Pelle
     
  12. zxon

    zxon New Member

    I'm having the same problem. I'm still getting the error "This FTP server is anonymous only". It seems to me that vsftpd isn't even reading the changes I make in vsftpd.conf, even though I've tried restarting the service, and even stopping and restarting manually. Can anyone offer any further help on this please?

    Below I have posted the contents of my vsftpd.conf file.

    ----------------------------

    # Example config file /etc/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
    # capabilities.
    #
    #
    # Run standalone? vsftpd can run either from an inetd or as a standalone
    # daemon started from an initscript.
    listen=YES
    #
    # Run standalone with IPv6?
    # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    # instead of an IPv4 one. This parameter and the listen parameter are mutually
    # exclusive.
    #listen_ipv6=YES
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
    anonymous_enable=NO
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # if your users expect that (022 is used by most other ftpd's)
    #local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # has an effect if the above global write enable is activated. Also, you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    #chown_uploads=YES
    #chown_username=whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # below.
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    #xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    #idle_session_timeout=600
    #
    # You may change the default value for timing out a data connection.
    #data_connection_timeout=120
    #
    # It is recommended that you define on your system a unique user which the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # the request. Turn on the below options to have the server actually do ASCII
    # mangling on files when in ASCII mode.
    # Beware that turning on ascii_download_enable enables malicious remote parties
    # to consume your I/O resources, by issuing the command "SIZE /big/file" in
    # ASCII mode.
    # These ASCII options are split into upload and download because you may wish
    # to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
    # without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
    # on the client anyway..
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    ftpd_banner=Welcome to Luggage's FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd.banned_emails
    #
    # You may restrict local users to their home directories. See the FAQ for
    # the possible risks in this before using chroot_local_user or
    # chroot_list_enable below.
    chroot_local_user=YES
    #
    # You may specify an explicit list of local users to chroot() to their home
    # directory. If chroot_local_user is YES, then this list becomes a list of
    # users to NOT chroot().
    #chroot_list_enable=YES
    # (default follows)
    #chroot_list_file=/etc/vsftpd.chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled by
    # default to avoid remote users being able to cause excessive I/O on large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # the presence of the "-R" option, so there is a strong case for enabling it.
    #ls_recurse_enable=YES
    #
    #
    # Debian customization
    #
    # Some of vsftpd's settings don't fit the Debian filesystem layout by
    # default. These settings are more Debian-friendly.
    #
    # This option should be the name of a directory which is empty. Also, the
    # directory should not be writable by the ftp user. This directory is used
    # as a secure chroot() jail at times vsftpd does not require filesystem
    # access.
    secure_chroot_dir=/var/run/vsftpd
    #
    # This string is the name of the PAM service vsftpd will use.
    pam_service_name=vsftpd
    #
    # This option specifies the location of the RSA certificate to use for SSL
    # encrypted connections.
    rsa_cert_file=/etc/ssl/certs/vsftpd.pem
     
    Last edited: Aug 4, 2007
  13. falko

    falko Super Moderator ISPConfig Developer

    Did you get any errors when you tried to restart vsftpd?
    What's the output of
    Code:
    netstat -tap
    ?
     
  14. zxon

    zxon New Member

    No, I get no errors. I only get the "anonymous only" error when I try to connect to the service over ftp from either the local terminal or an ftp program in Windows (SmartFTP).

    Below, I have posted the output of netstat -tap...

    ----------------------------------------------

    Luggage:/etc# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 localhost:2208 *:* LISTEN 2259/hpiod
    tcp 0 0 *:imaps *:* LISTEN 2649/inetd
    tcp 0 0 *:nfs *:* LISTEN -
    tcp 0 0 *:afpovertcp *:* LISTEN 2595/afpd
    tcp 0 0 *:swat *:* LISTEN 2649/inetd
    tcp 0 0 *:netbios-ssn *:* LISTEN 2658/smbd
    tcp 0 0 *:pop3 *:* LISTEN 2649/inetd
    tcp 0 0 *:imap2 *:* LISTEN 2649/inetd
    tcp 0 0 *:sunrpc *:* LISTEN 1943/portmap
    tcp 0 0 localhost:51152 *:* LISTEN 2262/python
    tcp 0 0 *:auth *:* LISTEN 2649/inetd
    tcp 0 0 *:ftp *:* LISTEN 4115/vsftpd
    tcp 0 0 Luggage.local:domain *:* LISTEN 2209/named
    tcp 0 0 *:693 *:* LISTEN 2634/rpc.mountd
    tcp 0 0 localhost:domain *:* LISTEN 2209/named
    tcp 0 0 localhost:ipp *:* LISTEN 2405/cupsd
    tcp 0 0 localhost:smtp *:* LISTEN 2568/exim4
    tcp 0 0 localhost:953 *:* LISTEN 2209/named
    tcp 0 0 *:33627 *:* LISTEN 2743/rpc.statd
    tcp 0 0 localhost:4700 *:* LISTEN 2597/cnid_metad
    tcp 0 0 *:microsoft-ds *:* LISTEN 2658/smbd
    tcp 0 0 *:55966 *:* LISTEN -
    tcp 0 0 Luggage.local:56029 jc-in-f99.google.co:www ESTABLISHED4028/firefox-bin
    tcp 0 0 Luggage.local:60420 84.53.178.27:www ESTABLISHED4028/firefox-bin
    tcp 0 0 Luggage.local:57891 84.53.178.49:www ESTABLISHED4028/firefox-bin
    tcp 0 0 Luggage.local:56477 nf-in-f164.google.c:www ESTABLISHED4028/firefox-bin
    tcp 0 0 Luggage.local:43254 84.53.178.40:www ESTABLISHED4028/firefox-bin
    tcp6 0 0 *:www *:* LISTEN 2822/apache2
    tcp6 0 0 *:domain *:* LISTEN 2209/named
    tcp6 0 0 ip6-localhost:953 *:* LISTEN 2209/named
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    Please make sure that you select "vsftpd" in ISPConfig under management > server > settings on the ftp tab.
     
  16. zxon

    zxon New Member

    Sorry, but where is this option? If it's meant to be in the system menu I can't see it. If it's any help I'm running Debian Linux under KDE 3.5.

    [EDIT]
    OK I had a look and found I did not have ISPConfig installed on my system. After following instructions to install it on howtoforge, I went to 127.0.0.1:81 and logged in. I found the option "management > server > settings > ftp tab" and indeed VS-FTP was already selected, and the conf file was identified to be in "/etc/vsftpd.conf" (which is correct).

    I applied the settings again anyway and also restarted vsftpd but unfortunately I still can't log onto the FTP server with an actual user and it keeps insisting that its anonymous only. Can anyone suggest anything else?
     
    Last edited: Aug 5, 2007
  17. till

    till Super Moderator Staff Member ISPConfig Developer

    And you craeted this user in ISPConfig?
     
  18. zxon

    zxon New Member

    Ahh! Got it working! BTW To answer your question, yes I made the user in ISPConfig.

    The problem was that I wasn't restarting the service properly. In the terminal, I was running:
    Code:
    #service vsftpd restart
    ...when really I should've been running...

    Code:
    /etc/init.d/vsftpd restart
    However, to re-answer a previous question, I do get errors when I restart the service:

    How can I resolve this little error?
     
  19. falko

    falko Super Moderator ISPConfig Developer

    You're running the command from a directory which doesn't exist anymore (I assume it's the ISPConfig installation directory?). Go to an existing directory, and the warning disappears. :)
     
  20. zxon

    zxon New Member

    It seems to happen regardless of whichever directory I run it from. Nonetheless its working now.

    Thank you all for your help :) :) :)
     

Share This Page