Results 1 to 2 of 2
Hi All,
Getting lost here. Cannot seem to set a home root directory and connect as a local account to the FTP Service over SSL.
Anonymous works perfectly fine.
Running ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 07-19-2011 #1Just Joined!
- Join Date
- Jul 2011
- Posts
- 2
HELP - VSFTPD over SSL
Hi All,
Getting lost here. Cannot seem to set a home root directory and connect as a local account to the FTP Service over SSL.
Anonymous works perfectly fine.
Running version 2.2.2.
Running as root.
Ports open inbound/outbound
tcp/21
tcp/31350 - tcp/31400
vsftpd.conf
anonymous_enable=NO
#anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ftpd_banner=Welcome to Secure FTP service.
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
#SSL Settings - Added 7/15/2011
ssl_enable=YES
allow_anon_ssl=NO
#allow_anon_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
require_ssl_reuse=NO
pasv_enable=YES
pasv_min_port=21350
pasv_max_port=21400
local_root=/var/www-data
CONNECT AS ANONYMOUS (Testing only)
Connect socket #912 to xxx.xxx.xxx.xxx, port 21...
220 Welcome to Secure FTP service.
AUTH SSL
234 Proceed with negotiation.
TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
USER anonymous
331 Please specify the password.
PASS **********
230 Login successful.
SYST
215 UNIX Type: L8
Keep alive off...
PWD
257 "/"
PBSZ 0
200 PBSZ set to 0.
PROT P
200 PROT now Private.
PASV
227 Entering Passive Mode (xxx,xxx,xxx,xxx,83,122).
LIST
Connect socket #900 to xxx.xxx.xxx.xxx, port 21370...
TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
150 Here comes the directory listing.
226 Directory send OK.
Transferred 61 bytes in 2.295 seconds
CWD /pub
250 Directory successfully changed.
PASV
227 Entering Passive Mode (xxx,xxx,xxx,xxx,83,129).
LIST
Connect socket #928 to xxx.xxx.xxx.xxx, port 21377...
TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
150 Here comes the directory listing.
226 Directory send OK.
Transferred 0 bytes in 2.285 seconds
CDUP
250 Directory successfully changed.
PWD
257 "/"
PASV
227 Entering Passive Mode (xxx,xxx,xxx,xxx,83,114).
LIST
Connect socket #928 to xxx.xxx.xxx.xxx, port 21362...
TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
150 Here comes the directory listing.
226 Directory send OK.
Transferred 61 bytes in 2.287 seconds
QUIT
221 Goodbye.
Connect as LOCALADMIN
Connect socket #984 to xxx.xxx.xxx.xxx, port 21...
220 Welcome to Secure FTP service.
AUTH SSL
234 Proceed with negotiation.
TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
USER localadmin
331 Please specify the password.
PASS **********
- 07-19-2011 #2Just Joined!
- Join Date
- Jul 2011
- Posts
- 2
Ok,
Got that sorted out.
setsebool -P ftp_home_dir=1
Now, I can't seem to write to var/.... Not even as "root" when temporarily enabled.
type=AVC msg=audit(1311082932.993:4935
: avc: denied { write } for pid=4884 comm="vsftpd" name="wordpress" dev=dm-3 ino=4064 scontext=unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:httpd_sys_content_t :s0 tclass=dir
type=SYSCALL msg=audit(1311082932.993:4935: arch=c000003e syscall=2 success=no exit=-13 a0=7fc3977d18c0 a1=c41 a2=1b6 a3=0 items=0 ppid=4877 pid=4884 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1733 comm="vsftpd" exe="/usr/sbin/vsftpd" subj=unconfined_u:system_r:ftpd_t:s0-s0:c0.c1023 key=(null)
Anyone?
Hades666
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
