Am 20.09.2016 um 01:48 schrieb Marc Chamberlin:
Hello - I am trying to configure the vsftpd server to use SSL on an openSuSE 42.1 (Leap) and running into troubles. I have the basic server running just fine, no firewall issues or anything like that. But when I configure vsftpd to enable SSL I get the following cryptic error messages -
bigbang: rcvsftpd restart bigbang: rcvsftpd status vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled) Active: failed (Result: exit-code) since Mon 2016-09-19 15:04:25 PDT; 5s ago Process: 27223 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf (code=exited, status=2) Main PID: 27223 (code=exited, status=2)
Sep 19 15:04:24 bigbang systemd[1]: Starting Vsftpd ftp daemon... Sep 19 15:04:24 bigbang systemd[1]: Started Vsftpd ftp daemon. Sep 19 15:04:25 bigbang systemd[1]: vsftpd.service: main process exited, code=exited, status=2/INVALIDARGUMENT Sep 19 15:04:25 bigbang systemd[1]: Unit vsftpd.service entered failed state.
Who knows what the "INVALIDARGUMENT" is, my examination of log files reveal nothing, nor do GOOGLE searches. (I did find others having this problem as well, but no solutions.)
The parts of the vsftpd.conf file that are relevant to SSL configuration is:
ssl_enable=YES debug_ssl=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem
I am pretty sure I created the certificate and private key files correctly, following the instructions at:
https://www.unixmen.com/how-to-setup-ftp-server-on-opensuse-42-1/
The only possible hint I have found is in the FAQs for the vsftpd server which says -
Q) Does vsftpd support SSL / TLS based encryption? A) Yes, as of v2.0.0, this is supported for the control and data connections (hurrah). You need a build of vsftpd with this support enabled, and then you need to activate the ssl_enable setting. NOTE there are security considerations with this support. Please make sure to read the ssl_enable section in the vsftpd.conf.5 man page thoroughly before using.
I don't know how to determine whether the version of vsftpd released with opensuse42.1 was built with support for SSL/TLS or not, I would assume so... but consider me asking? Was it? Does anyone know if the vsftpd server is seriously broken as far as using SSL/TLS? If so, any recommendation on using a different server?
Thanks in advance for any and all helpful replies... Marc...
hello marc, to check if your vsftpd has SSL support build in you can run the following command: ldd /usr/sbin/vsftpd | grep ssl perhaps fist check where your vsftpd is via which vsftpd perhaps this might help? greetings becki -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org