vsftpd - sftp works fine, ftp freezes
by emm386 from LinuxQuestions.org on (#5G9WC)
Hello,
Recently I've set up vsftpd, everything's running fine, however I was asked to allow the ftp connections also, as I was informed that it wasn't working at all.
So I ftp'd to 127.0.0.1 and got:
Connected to 127.0.0.1 (127.0.0.1).
And it's sitting there, doing nothing. No 200, no nothing. I have to Ctrl+Z out of it. The process is getting created but that's it. I've created new users, changed paths, tried so many thing I lost count. I can't even diagnose what's happening, because nothing is being written to the logs (except for sftp.log, which is for sftp and doesn't help me in any way).
I've adjusted sebools (ftpd_use_nfs, ftpd_full_access, use_nfs_home_dirs) but then I've just switched it to permissive so I could narrow down what's the culprit, so SELinux can be taken out from the equation.
Xfer.log, vsftpd.log and sftp.log are all in the same path (nfs). Homedirs are on a separate nfs. Permissions are set so the jail would work properly. Socket for each user is created to get info about the connections.
Here are my configs:
sshd_config
Code:Subsystem sftp internal-sftp -f LOCAL3 -l VERBOSE
Match Group root
PubkeyAuthentication yes
Match Group ftpusers
AllowTCPForwarding no
AuthorizedKeysFile .ssh/authorized_keys
Banner none
ChrootDirectory /sftp_path/chroot_%u/
ForceCommand internal-sftp -f LOCAL3 -l VERBOSE
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-dss
Match User *,!root,!emm
Banner /etc/sftp_banner_nosftp
ForceCommand /bin/false
rsyslog.conf
Code:$AddUnixListenSocket /sftp_path/chroot_username ## a lot of those, one per user
local3.* /var/log/log_archive/servername/sftp.log
vsftpd.conf
Code:anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=NO
ftpd_banner=Welcome to ABC sFTP service.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/userlist_allow
secure_chroot_dir=/sftp_path
allow_writeable_chroot=YES
listen=YES
listen_ipv6=NO
pam_service_name=vsftpd
userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd/userlist_allow
dual_log_enable=YES
vsftpd_log_file=/var/log/log_archive/servername/vsftpd.log
xferlog_file=/var/log/log_archive/servername/xfer.log
log_ftp_protocol=YES
syslog_enable=NO
Recently I've set up vsftpd, everything's running fine, however I was asked to allow the ftp connections also, as I was informed that it wasn't working at all.
So I ftp'd to 127.0.0.1 and got:
Connected to 127.0.0.1 (127.0.0.1).
And it's sitting there, doing nothing. No 200, no nothing. I have to Ctrl+Z out of it. The process is getting created but that's it. I've created new users, changed paths, tried so many thing I lost count. I can't even diagnose what's happening, because nothing is being written to the logs (except for sftp.log, which is for sftp and doesn't help me in any way).
I've adjusted sebools (ftpd_use_nfs, ftpd_full_access, use_nfs_home_dirs) but then I've just switched it to permissive so I could narrow down what's the culprit, so SELinux can be taken out from the equation.
Xfer.log, vsftpd.log and sftp.log are all in the same path (nfs). Homedirs are on a separate nfs. Permissions are set so the jail would work properly. Socket for each user is created to get info about the connections.
Here are my configs:
sshd_config
Code:Subsystem sftp internal-sftp -f LOCAL3 -l VERBOSE
Match Group root
PubkeyAuthentication yes
Match Group ftpusers
AllowTCPForwarding no
AuthorizedKeysFile .ssh/authorized_keys
Banner none
ChrootDirectory /sftp_path/chroot_%u/
ForceCommand internal-sftp -f LOCAL3 -l VERBOSE
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-dss
Match User *,!root,!emm
Banner /etc/sftp_banner_nosftp
ForceCommand /bin/false
rsyslog.conf
Code:$AddUnixListenSocket /sftp_path/chroot_username ## a lot of those, one per user
local3.* /var/log/log_archive/servername/sftp.log
vsftpd.conf
Code:anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=NO
ftpd_banner=Welcome to ABC sFTP service.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/userlist_allow
secure_chroot_dir=/sftp_path
allow_writeable_chroot=YES
listen=YES
listen_ipv6=NO
pam_service_name=vsftpd
userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd/userlist_allow
dual_log_enable=YES
vsftpd_log_file=/var/log/log_archive/servername/vsftpd.log
xferlog_file=/var/log/log_archive/servername/xfer.log
log_ftp_protocol=YES
syslog_enable=NO