VSFTPD, cannot login

panggou · January 11, 2006, 8:01am

I setup vsftpd.conf as follows and tried to login using root and normal user 'winston' but failed authentication. Any idea what's wrong?

========================
CONTENTS OF /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
connect_from_port_20=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
nopriv_user=nobody
chroot_list_enable=YES
chroot_local_user=YES
background=YES
listen=YES

RESTARTED VSFTPD
[root@panggou vsftpd]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@panggou vsftpd]# service vsftpd status
vsftpd (pid 3432) is running...

STILL CAN'T LOGIN WITH ROOT OR NORMAL USER WINSTON
[root@panggou vsftpd]# ftp panggou
Connected to panggou.homeunix.org.
220 (vsFTPd 2.0.3)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (panggou:root): root
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> by
221 Goodbye.
[root@panggou vsftpd]# ftp panggou
Connected to panggou.homeunix.org.
220 (vsFTPd 2.0.3)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (panggou:root): winston
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp>

Any ideas?

Karma · January 11, 2006, 6:04pm

IIRC, vsftpd does not allow one to log in as root period; this is a non-configurable feature implimented to force those misguided enough to try sending their root password unencrypted into adhering to universally accepted minimal security practices. As for the normal user account, try commenting out these lines and restarting the daemon:

chroot_list_enable=YES
chroot_local_user=YES

If that solves your problem, the issue is likely with your chroot_list file (the default location, as you have not specified another, is /etc/vsftpd/chroot_list).

panggou · January 11, 2006, 7:20pm

I managed to configure using root login to vsftp by using the "userlist-enable=YES" and "userlist_deny=NO" options.

The reason for me not being able to log in via ftp with either root or winston is due to the missing option for pam_service_name in vsftpd.conf

"pam_service_name=vsftpd"

Adding this to vsftpd.conf solved my problem.

Note: Understand the risk of allowing "root" to access its home folder via vsftp, will remove root from user_list.

Thanks for the advise and suggestions.

Karma · January 12, 2006, 12:44pm

*jawdrops* really? i could have sworn it was disabled by default but it's been a long while since I had to re-configure my server. I've somehow managed to keep myself from logging in as root on my server which has basically the same configuration as you're using, not like I'm complaining because it's in good practice but I wonder what I did... Glad to hear you got it working; PAM hadn't even crossed my mind >.<