Am 22.09.2016 um 19:56 schrieb Marc Chamberlin:
Thanks Becki and Carlos, I guess I understand what "Standalone" really means but find it confusing terminology. I just assumed "Standalone" meant to run vsftpd like an ordinary application, not as any sort of service that will be handled by the OS.
I have made a breakthrough! But am not out of the woods yet. Thank the Gods for Emacs, still one of the best all time editors around IMHO! It was a dumb mistake after all, in the vsftpd.conf file, I had a trailing space on the end of the line specifying the path to the rsa_cert_file! Kinda hard to see without a good editor that can highlight such things. yep ... told you earlier to check the config file for tiny typos ;) i've already spend hundreds of hours looking for tiny commas , or dot comma ; in config files ;) and yes ... some software is not that good in error reporting, but to catch all those tiny empty space and comma config typo mistake might also be a challenge? and come on ... vsftpd is for free!
so ... a good editor ... well you figured that one out by now ;)
As an aside, I can't say I am all that impressed with the quality of programming that has gone into vsftpd. To simply report that there is an invalid argument within a config file and not convey more information about what argument or why, is poor error handling and very user unfriendly. And to not remove trailing whitespace during the parsing of statements is the kind of mistake that I would expect out of beginner programmers, not in an robust application released for production environments.
Anywise, I can now start vsftpd with SSL enabled, but am running into another problem compounded yet again by poor error reporting. To test the SSL/TLS connection I started up FileZilla on my laptop and tried to connect to the vsftpd service using "Explicit FTP over TLS if available". When I do this I get this dumb error message -
19:51:24 Status: Resolving address of ftp.mydomain.com 19:51:24 Status: Connecting to 192.168.10.100:21... 19:51:24 Status: Connection established, waiting for welcome message... 19:51:24 Response: 220 "Welcome to the VSFTPD FTP server." 19:51:24 Command: AUTH TLS 19:51:24 Response: 234 Proceed with negotiation. 19:51:24 Status: Initializing TLS... 19:51:24 Error: GnuTLS error -15: An unexpected TLS packet was received. 19:51:24 Error: Could not connect to server
which doesn't tell me a whole lot. Google searches are revealing that this too is a very generic error message that can be caused by a lot of things, and there are lots of different solutions reported. But so far I have been unable to find one that works for me or is even applicable. The reason I am saying this is that, for example, a lot of people report it happens after getting much further, i.e. after the FTP client requests a directory listing. But I am seeing it during the initial phase of TLS negotiation between the client and the server.
On the suspicion that this could be a FileZilla bug, I tried a different FTP client, the FireFTP addon for Firefox, and it too fails during the initial phase of TLS (or SSL) negotiations, before the user name or passwords are asked for. So this leads me back to thinking I still got a problem with vsftpd. The log file for vsftpd tell me nothing either, all I get is this. -
Thu Sep 22 10:15:51 2016 [pid 16694] CONNECT: Client "192.168.10.15" Thu Sep 22 10:15:51 2016 [pid 16694] FTP response: Client "192.168.10.15", "220 "Welcome to the VSFTPD FTP server."" Thu Sep 22 10:15:51 2016 [pid 16694] FTP command: Client "192.168.10.15", "AUTH TLS" Thu Sep 22 10:15:51 2016 [pid 16694] FTP response: Client "192.168.10.15", "234 Proceed with negotiation."
Will continue to do more research, but perhaps someone on here as seen this problem and knows of a solution? I am also going to bring up Wireshark to see if that will show me anything interesting/understandable....
yes, i do remember this error too ;) also with filezilla ... i would first enable SSL debugging in vsftpd.conf debug_ssl=YES and check the error logs i would also try another FTP client, my personal choice is mostly WINSCP https://winscp.net/eng/download.php which finally also helped me to completely remove FTP from my servers. but only after i had no more customers in the need of using FTP if you don't have any customers, doing all that FTP stuff only for yourself, then simply just use WINSCP, which does SFTP over SSH, and works out of the box. but WINSCP can also connect via FTP and encrypted FTP so, give that one a try with vsftpd and tell us more about the TLS error also ... i do remember having errors when the directory had wrong owner or permissions what's the folder path you're trying to access via FTP and what are the permissions on that folder? best of luck & greetings becki
I will add this note, if I don't tell the client to use TLS or SSL, just make a plain unsecured connection, then the FTP connection works fine.
Thanks again, Marc..
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org