vsftp doesn't work with ssl_enable=yes

kerrytec · October 16, 2009, 10:09pm

Hello,

I’m trying to get my vsftp server to run.
When ssl is disabled it works pretty fine, but after turning on I get the following error:

# /etc/init.d/vsftpd status
Checking for service vsftpd                                               unused
# /etc/init.d/vsftpd start
Starting vsftpd startproc:  exit status of parent of /usr/sbin/vsftpd: 1
                                                                          failed

here’s my config (/etc/vsftpd.conf):

write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="Welcome to ..."
local_enable=YES
chroot_local_user=YES
listen=YES
ssl_enable=YES
pasv_min_port=30000
pasv_max_port=30100

/var/log/messages and /var/log/warn don’t say anything about vsftp and /var/log/rcvsftp is empty.

Has anybody an idea what the problem could be?
May the firewall/ports have sth to with it?

Thanks for help.

erikro · October 17, 2009, 12:03am

Hi,

you should tell your server where the cert file is. A line like this


rsa_cert_file=/etc/vsftpd/vsftpd.pem

is missing. For more information look here:

Configuring vsftpd for secure connections (TLS/SSL/SFTP - VPSLink Wiki

hth

Erik

kerrytec · October 17, 2009, 8:58am

Hey,

Thanks for the advice. I’ll give it a try when I’m back at home tomorrow.

regards

kerrytec · October 17, 2009, 3:14pm

I’ve created a certificate as it is described in the guide but unfortunately it doesn’t fix the problem.
I get the same error like before.
Any other ideas?

Thanks

erikro · October 17, 2009, 4:14pm

Hi,

did you also add the missing line in the config file?

Bye

Erik

kerrytec · October 17, 2009, 4:32pm

Hi Erik,

Yes I did. I’ve checked everything twice. Even I knew that it was senseless, I’ve generated the certificate a second time…

My vsftpd.conf looks like this now:

write_enable=YES
dirmessage_enable=YES
nopriv_user=ftpsecure
ftpd_banner="Welcome to ..."
local_enable=YES
chroot_local_user=YES
listen=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pasv_min_port=30000
pasv_max_port=30100

Thanks for your efforts!

erikro · October 17, 2009, 8:29pm

Hi,

please type


vsftpd

and post the output here. Do it as root.

Bye

Erik

erikro · October 17, 2009, 8:34pm

Hi again,

I was a bit confusing I think. I like you NOT to use the startscript but the command vsftpd itself. So you should type the command with another working dir than /etc/init.d to be sure to call the daemon itself since your start script seems to have also the name vsftpd.

Bye

Erik

kerrytec · October 18, 2009, 3:17pm

Hi Erik,

when I try to execute vsftpd the following Error comes:

# vsftpd
500 OOPS: SSL: cannot load RSA certificate

When I googled this error I found plenty of sites, but none of these outline my problem.
So have you any idea whats the issue of this error?
Cannot figure out why he can’t load it…

Thanks again for your help!

erikro · October 18, 2009, 3:34pm

Hi,

could be a problem with the file permissions. Type:


ls -l /etc/vsftpd

and post the result here.

Bye

Erik

kerrytec · October 18, 2009, 3:38pm

read permission should be enough shouldn’t it?

-rw-r--r-- 1 root root 2209 Oct 16 15:07 vsftpd.pem

regards

kerrytec · October 18, 2009, 4:02pm

Yeaah, I got it!!
I’ve updated the openssl package, generated a new key and now it runs surprisingly lol!

But I’m a bit confused of this message when I try to execute vsftp not within /etc/init.d/:

# vsftpd
500 OOPS: could not bind listening IPv4 socket

I tried to connect with a FTP-Client and everything seems to work fine…

Anyway, thank you very much Erik!

erikro · October 18, 2009, 7:41pm

You’re welcome. Nice to hear that you resolved the problem.

Bae

Erik

bkwiencien · December 20, 2010, 5:14pm

I am bewitched by the same problem. If I followed correctly, You merely updated openssl and that cured what ailed you. What version of openssl did the trick?

Bob