Login ok, no transfer - vsftpd

Message

salmonix · Post by **salmonix** » Tue Mar 02, 2010 12:49 pm

The problem is the following:
1. first I could only log in but ls command did nothing.
As vsftpd INSTALL says:

2b) vsftpd needs the (empty) directory /usr/share/empty in the default
configuration. Add this directory in case it does not already exist. e.g.:

I checked /usr/share/empty directory, made it and from then on I could do anything locally.

I see that the ebuild has a keepdir /usr/share/vsftpd/empty line.

Now I can log in and browse directory from localhost - still working from the outside seems to be pending.

The setting is this:
listen=YES
local_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
idle_session_timeout=600
ftpd_banner=Welcome to FACE-R service
max_per_ip=2
hide_ids=yes
ssl_enable=yes
allow_anon_ssl=no
force_local_data_ssl=no
force_local_logins_ssl=no
ssl_tlsv1=yes
ssl_sslv2=no
ssl_sslv3=no
rsa_cert_file=/etc/CA/CA.cert
rsa_private_key_file=/etc/CA/private/private.pk
debug_ssl=YES
log_ftp_protocol=YES

It s log says:
Tue Mar 2 22:02:44 2010 [pid 18650] CONNECT: Client "127.0.0.1"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", "220 Welcome to FACE-R service"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP command: Client "127.0.0.1", "FEAT"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", "211-Features:"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " AUTH SSL??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " AUTH TLS??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " EPRT??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " EPSV??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " MDTM??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " PASV??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " PBSZ??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " PROT??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " SIZE??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " TVFS??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", " UTF8??"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", "211 End"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP command: Client "127.0.0.1", "AUTH TLS"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", "234 Proceed with negotiation."
Tue Mar 2 22:02:44 2010 [pid 18650] DEBUG: Client "127.0.0.1", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Mar 2 22:02:44 2010 [pid 18650] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Mar 2 22:02:44 2010 [pid 18650] FTP command: Client "127.0.0.1", "USER arcadmin"
Tue Mar 2 22:02:44 2010 [pid 18650] [arcadmin] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Mar 2 22:02:44 2010 [pid 18650] [arcadmin] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Mar 2 22:02:44 2010 [pid 18649] [arcadmin] OK LOGIN: Client "127.0.0.1"
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP command: Client "127.0.0.1", "PWD"
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "257 "/home/arcadmin""
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP command: Client "127.0.0.1", "PBSZ 0"
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "200 PBSZ set to 0."
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP command: Client "127.0.0.1", "PROT P"
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "200 PROT now Private."
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP command: Client "127.0.0.1", "PASV"
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,121,234)."
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP command: Client "127.0.0.1", "LIST"
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "150 Here comes the directory listing."
Tue Mar 2 22:02:44 2010 [pid 18650] [arcadmin] DEBUG: Client "127.0.0.1", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, reused, no cert"
Tue Mar 2 22:02:44 2010 [pid 18650] [arcadmin] DEBUG: Client "127.0.0.1", "SSL shutdown state is: NONE"
Tue Mar 2 22:02:44 2010 [pid 18650] [arcadmin] DEBUG: Client "127.0.0.1", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Tue Mar 2 22:02:44 2010 [pid 18650] [arcadmin] DEBUG: Client "127.0.0.1", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Tue Mar 2 22:02:44 2010 [pid 18650] [arcadmin] DEBUG: Client "127.0.0.1", "SSL shutdown state is: SSL_SENT_SHUTDOWN"
Tue Mar 2 22:02:44 2010 [pid 18650] [arcadmin] DEBUG: Client "127.0.0.1", "SSL ret: 0, SSL error: error:00000000:lib(0):func(0):reason(0), errno: 0"
Tue Mar 2 22:02:44 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "226 Directory send OK."
Tue Mar 2 22:02:48 2010 [pid 18651] [arcadmin] FTP command: Client "127.0.0.1", "CWD /home"
Tue Mar 2 22:02:48 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Mar 2 22:02:54 2010 [pid 18651] [arcadmin] FTP command: Client "127.0.0.1", "QUIT"
Tue Mar 2 22:02:54 2010 [pid 18651] [arcadmin] FTP response: Client "127.0.0.1", "221 Goodbye."
Tue Mar 2 22:03:46 2010 [pid 18655] CONNECT: Client "195.228.9.100"
Tue Mar 2 22:03:46 2010 [pid 18655] FTP response: Client "195.228.9.100", "220 Welcome to FACE-R service"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP command: Client "195.228.9.100", "FEAT"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", "211-Features:"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " AUTH SSL??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " AUTH TLS??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " EPRT??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " EPSV??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " MDTM??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " PASV??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " PBSZ??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " PROT??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " REST STREAM??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " SIZE??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " TVFS??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", " UTF8??"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", "211 End"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP command: Client "195.228.9.100", "AUTH TLS"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", "234 Proceed with negotiation."
Tue Mar 2 22:03:47 2010 [pid 18655] DEBUG: Client "195.228.9.100", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP command: Client "195.228.9.100", "OPTS UTF8 ON"
Tue Mar 2 22:03:47 2010 [pid 18655] FTP response: Client "195.228.9.100", "200 Always in UTF8 mode."
Tue Mar 2 22:03:49 2010 [pid 18655] FTP command: Client "195.228.9.100", "USER arcadmin"
Tue Mar 2 22:03:49 2010 [pid 18655] [arcadmin] FTP response: Client "195.228.9.100", "331 Please specify the password."
Tue Mar 2 22:03:50 2010 [pid 18655] [arcadmin] FTP command: Client "195.228.9.100", "PASS <password>"
Tue Mar 2 22:03:50 2010 [pid 18654] [arcadmin] OK LOGIN: Client "195.228.9.100"
Tue Mar 2 22:03:50 2010 [pid 18656] [arcadmin] FTP response: Client "195.228.9.100", "230 Login successful."
Tue Mar 2 22:03:51 2010 [pid 18656] [arcadmin] FTP command: Client "195.228.9.100", "PWD"
Tue Mar 2 22:03:51 2010 [pid 18656] [arcadmin] FTP response: Client "195.228.9.100", "257 "/home/arcadmin""
Tue Mar 2 22:03:51 2010 [pid 18656] [arcadmin] FTP command: Client "195.228.9.100", "PBSZ 0"
Tue Mar 2 22:03:51 2010 [pid 18656] [arcadmin] FTP response: Client "195.228.9.100", "200 PBSZ set to 0."
Tue Mar 2 22:03:51 2010 [pid 18656] [arcadmin] FTP command: Client "195.228.9.100", "CWD /home/arcadmin/.."
Tue Mar 2 22:03:51 2010 [pid 18656] [arcadmin] FTP response: Client "195.228.9.100", "250 Directory successfully changed."
Tue Mar 2 22:03:54 2010 [pid 18656] [arcadmin] FTP command: Client "195.228.9.100", "PROT P"
Tue Mar 2 22:03:54 2010 [pid 18656] [arcadmin] FTP response: Client "195.228.9.100", "200 PROT now Private."
Tue Mar 2 22:03:55 2010 [pid 18656] [arcadmin] FTP command: Client "195.228.9.100", "PASV"
Tue Mar 2 22:03:55 2010 [pid 18656] [arcadmin] FTP response: Client "195.228.9.100", "227 Entering Passive Mode (10,10,13,3,57,80)."
Both attempt was done using lftp.
The first and successful login was local and has a successful listing. The second was remote and the connection got frozen with an ls command. It shows that changing directory was successful.

lftp says for remote:

lftp -u arcadmin x.x.x.x -p y
Password:
lftp arcadmin@x.x.x.x:~> ls
[Making data connection...]

`ls' at 0 [Making data connection...]
and nothing happens, no life on Earth anymore. When I CTRL-C lftp, one line added to vsftpd.log:
Tue Mar 2 13:06:47 2010 [pid 18797] [arcadmin] FTP command: Client "195.228.9.100", "LIST"
And a bit later:

Tue Mar 2 13:07:06 2010 [pid 18792] [arcadmin] FTP response: Client "195.228.9.100", "425 Failed to establish connection."
Tue Mar 2 13:07:06 2010 [pid 18792] [arcadmin] FTP command: Client "195.228.9.100", "ABOR"
Tue Mar 2 13:07:06 2010 [pid 18792] [arcadmin] FTP response: Client "195.228.9.100", "225 No transfer to ABOR."
Tue Mar 2 13:07:06 2010 [pid 18791] [arcadmin] DEBUG: Client "195.228.9.100", "Connection terminated without SSL shutdown - buggy client?"
I use version 2.2.2 ~amd64 with option require_ssl_reuse=NO and without, but the same problem was with 2.0.1-r1 stable.
Also no success with FireFTP Firefox plugin.

No related entry in /var/log/messages. End of strace says this for remote:

stat("vsftpd.conf", {st_mode=S_IFREG|0644, st_size=4931, ...}) = 0
getuid() = 0
getuid() = 0
getpid() = 17190
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
poll([{fd=3, events=POLLIN}], 1, 10) = 1 ([{fd=3, revents=POLLIN}])
read(3, "4\302\253\207>\0\365y\365-W\350\320\25r\t\273Q\7\227\2236\302\343\315n\211= \0003\214", 32) = 32
close(3) = 0
getuid() = 0
gettimeofday({1267534367, 641572}, NULL) = 0
open("/etc/CA/FACERca.cert", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1281, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9470852000
read(3, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1281
read(3, "", 4096) = 0
close(3) = 0
munmap(0x7f9470852000, 4096) = 0
open("/etc/CA/private/FACER.pk", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0400, st_size=887, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9470852000
read(3, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 887
close(3) = 0
munmap(0x7f9470852000, 4096) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
rt_sigaction(SIGCHLD, {0x414a80, ~[RTMIN RT_1], SA_RESTORER, 0x7f946f1081d0}, NULL, = 0
rt_sigaction(SIGALRM, {0x414ac0, ~[RTMIN RT_1], SA_RESTORER, 0x7f946f1081d0}, NULL, = 0
rt_sigaction(SIGHUP, {0x414a80, ~[RTMIN RT_1], SA_RESTORER, 0x7f946f1081d0}, NULL, = 0
rt_sigaction(SIGALRM, {0x414ac0, ~[RTMIN RT_1], SA_RESTORER, 0x7f946f1081d0}, NULL, = 0
bind(3, {sa_family=AF_INET, sin_port=htons(21), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
listen(3, 32) = 0
accept(3, {sa_family=AF_INET, sin_port=htons(2073), sin_addr=inet_addr("195.228.9.100")}, [16]) = 4
clone(child_stack=0, flags=0x28000000|SIGCHLD) = -1 EINVAL (Invalid argument)
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f9470839780) = 17191
close(4) = 0
accept(3,
Firewall down.
No idea.

salmonix · Post by **salmonix** » Wed Mar 03, 2010 7:29 am

Now, uncommenting the ssl-related lines connection is OK.
It seems to be ssl related problem somehow.
Local access was ok because local ssl was not forced.

Vojtech · Post by **Vojtech** » Tue Jun 01, 2010 10:21 am

Hi.
I use vsftpd.
allow_anon_ssl=NO
anonymous_enable=NO

and

If
force_local_data_ssl=NO
force_local_logins_ssl=NO
Then everything is OK and server works exactly how it is expected. And all clients are able to work with it.

but

If
force_local_data_ssl=YES
force_local_logins_ssl=YES
Then
shell command-line tool "ftp" works fine
Windows' "Total Commander" (!) works fine
Firefox plugin "FireFTP" announces succes up to the moment of "directory listing"

331 Please specify the password.
PASS (password not shown)
230 Login successful.
FEAT
211-Features:
AUTH SSL
AUTH TLS
EPRT
EPSV
MDTM
PASV
PBSZ
PROT
REST STREAM
SIZE
TVFS
UTF8
211 End
OPTS UTF8 ON
200 Always in UTF8 mode.
PWD
257 "/"
TYPE A
200 Switching to ASCII mode.
PROT P
200 PROT now Private.
PASV
227 Entering Passive Mode (147,32,4,111,244,104).
LIST -al
150 Here comes the directory listing.

...and that's all...

"gFTP" behaves exactly like "FireFTP"

331 Please specify the password.
PASS xxxx
230 Login successful.
SYST

215 UNIX Type: L8
TYPE I

200 Switching to Binary mode.
PWD

257 "/"
Загрузка списка файлов каталога / с сервера (LC_TIME=ru_RU.UTF-8)
PASV

227 Entering Passive Mode (147,32,4,111,249,163).
LIST -aL

150 Here comes the directory listing.

...and that's all...

Where the problem could be? In the server or in clients..?

Please try also "ftp" (if it is not the same as lftp...) I wonder if it works with your server.

Login ok, no transfer - vsftpd

Login ok, no transfer - vsftpd

ssl related problem?