ubuntu vsftpd not connecting

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












Fresh install of vsftpd is not accepting connections. I have got to be missing something simple, but I can't seem to figure it out. BTW lots of articles on this, read most of them...



running ubuntu: 16.04.3 LTS



running vsftpd: 3.0.3




  1. Things that ARE working (using lftp as client, TLS connection)



    • validation locally from 127.0.0.1

    • validation locally from local server IP address (172.31.26.169)



  2. Unable to connect from any external client using exact same syntax for lftp client.



    lftp -d -u username,password 172.31.26.169 -e "set ssl:verify-certificate false"


Supporting information



/etc/vsftpd.conf



listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
user_sub_token=$USER
local_root=/home/$USER/ftp
pasv_min_port=40000
pasv_max_port=50000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
debug_ssl=YES
#implicit_ssl=YES (This setting causes 127.0.0.1 login testing to fail)
log_ftp_protocol=YES
require_cert=NO


ufw status verbose



Status: active
Logging: on (high)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From
-- ------ ----
8080 ALLOW IN Anywhere 
22 ALLOW IN Anywhere 
54.210.201.141 22/tcp ALLOW IN Anywhere 
80,443,8080/tcp ALLOW IN Anywhere 
53 ALLOW IN Anywhere # open tcp and udp port 53 for dns
20/tcp ALLOW IN Anywhere # ftp
21/tcp ALLOW IN Anywhere # ftp
22/tcp ALLOW IN Anywhere # port 22 for ssh
40000:50000/tcp ALLOW IN Anywhere 
990/tcp ALLOW IN Anywhere 
8080 (v6) ALLOW IN Anywhere (v6) 
22 (v6) ALLOW IN Anywhere (v6) 
80,443,8080/tcp (v6) ALLOW IN Anywhere (v6) 
53 (v6) ALLOW IN Anywhere (v6) # open tcp and udp port 53 for dns
20/tcp (v6) ALLOW IN Anywhere (v6) # ftp
21/tcp (v6) ALLOW IN Anywhere (v6) # ftp
22/tcp (v6) ALLOW IN Anywhere (v6) # port 22 for ssh
40000:50000/tcp (v6) ALLOW IN Anywhere (v6) 
990/tcp (v6) ALLOW IN Anywhere (v6)


netstat -tlnp



Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23158/vsftpd 
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1269/sshd 
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1377/postgres 
tcp6 0 0 :::8080 :::* LISTEN 3236/java 
tcp6 0 0 :::22 :::* LISTEN 1269/sshd 
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 3236/java 
tcp6 0 0 :::8009 :::* LISTEN 3236/java


/etc/vsftpd.userlist



has only 1 line with local username for ftp login access




ubuntu vsftpd




share|improve this question


























    up vote
    0
    down vote

    favorite












    Fresh install of vsftpd is not accepting connections. I have got to be missing something simple, but I can't seem to figure it out. BTW lots of articles on this, read most of them...



    running ubuntu: 16.04.3 LTS



    running vsftpd: 3.0.3




    1. Things that ARE working (using lftp as client, TLS connection)



      • validation locally from 127.0.0.1

      • validation locally from local server IP address (172.31.26.169)



    2. Unable to connect from any external client using exact same syntax for lftp client.



      lftp -d -u username,password 172.31.26.169 -e "set ssl:verify-certificate false"


    Supporting information



    /etc/vsftpd.conf



    listen=YES
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    dirmessage_enable=YES
    use_localtime=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    chroot_local_user=YES
    secure_chroot_dir=/var/run/vsftpd/empty
    pam_service_name=vsftpd
    rsa_cert_file=/etc/ssl/private/vsftpd.pem
    rsa_private_key_file=/etc/ssl/private/vsftpd.pem
    ssl_enable=YES
    allow_anon_ssl=NO
    force_local_data_ssl=YES
    force_local_logins_ssl=YES
    ssl_tlsv1=YES
    ssl_sslv2=NO
    ssl_sslv3=NO
    require_ssl_reuse=NO
    ssl_ciphers=HIGH
    user_sub_token=$USER
    local_root=/home/$USER/ftp
    pasv_min_port=40000
    pasv_max_port=50000
    userlist_enable=YES
    userlist_file=/etc/vsftpd.userlist
    userlist_deny=NO
    debug_ssl=YES
    #implicit_ssl=YES (This setting causes 127.0.0.1 login testing to fail)
    log_ftp_protocol=YES
    require_cert=NO


    ufw status verbose



    Status: active
    Logging: on (high)
    Default: deny (incoming), allow (outgoing), disabled (routed)
    New profiles: skip

    To Action From
    -- ------ ----
    8080 ALLOW IN Anywhere 
    22 ALLOW IN Anywhere 
    54.210.201.141 22/tcp ALLOW IN Anywhere 
    80,443,8080/tcp ALLOW IN Anywhere 
    53 ALLOW IN Anywhere # open tcp and udp port 53 for dns
    20/tcp ALLOW IN Anywhere # ftp
    21/tcp ALLOW IN Anywhere # ftp
    22/tcp ALLOW IN Anywhere # port 22 for ssh
    40000:50000/tcp ALLOW IN Anywhere 
    990/tcp ALLOW IN Anywhere 
    8080 (v6) ALLOW IN Anywhere (v6) 
    22 (v6) ALLOW IN Anywhere (v6) 
    80,443,8080/tcp (v6) ALLOW IN Anywhere (v6) 
    53 (v6) ALLOW IN Anywhere (v6) # open tcp and udp port 53 for dns
    20/tcp (v6) ALLOW IN Anywhere (v6) # ftp
    21/tcp (v6) ALLOW IN Anywhere (v6) # ftp
    22/tcp (v6) ALLOW IN Anywhere (v6) # port 22 for ssh
    40000:50000/tcp (v6) ALLOW IN Anywhere (v6) 
    990/tcp (v6) ALLOW IN Anywhere (v6)


    netstat -tlnp



    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23158/vsftpd 
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1269/sshd 
    tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1377/postgres 
    tcp6 0 0 :::8080 :::* LISTEN 3236/java 
    tcp6 0 0 :::22 :::* LISTEN 1269/sshd 
    tcp6 0 0 127.0.0.1:8005 :::* LISTEN 3236/java 
    tcp6 0 0 :::8009 :::* LISTEN 3236/java


    /etc/vsftpd.userlist



    has only 1 line with local username for ftp login access




    ubuntu vsftpd




    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Fresh install of vsftpd is not accepting connections. I have got to be missing something simple, but I can't seem to figure it out. BTW lots of articles on this, read most of them...



      running ubuntu: 16.04.3 LTS



      running vsftpd: 3.0.3




      1. Things that ARE working (using lftp as client, TLS connection)



        • validation locally from 127.0.0.1

        • validation locally from local server IP address (172.31.26.169)



      2. Unable to connect from any external client using exact same syntax for lftp client.



        lftp -d -u username,password 172.31.26.169 -e "set ssl:verify-certificate false"


      Supporting information



      /etc/vsftpd.conf



      listen=YES
      anonymous_enable=NO
      local_enable=YES
      write_enable=YES
      dirmessage_enable=YES
      use_localtime=YES
      xferlog_enable=YES
      connect_from_port_20=YES
      chroot_local_user=YES
      secure_chroot_dir=/var/run/vsftpd/empty
      pam_service_name=vsftpd
      rsa_cert_file=/etc/ssl/private/vsftpd.pem
      rsa_private_key_file=/etc/ssl/private/vsftpd.pem
      ssl_enable=YES
      allow_anon_ssl=NO
      force_local_data_ssl=YES
      force_local_logins_ssl=YES
      ssl_tlsv1=YES
      ssl_sslv2=NO
      ssl_sslv3=NO
      require_ssl_reuse=NO
      ssl_ciphers=HIGH
      user_sub_token=$USER
      local_root=/home/$USER/ftp
      pasv_min_port=40000
      pasv_max_port=50000
      userlist_enable=YES
      userlist_file=/etc/vsftpd.userlist
      userlist_deny=NO
      debug_ssl=YES
      #implicit_ssl=YES (This setting causes 127.0.0.1 login testing to fail)
      log_ftp_protocol=YES
      require_cert=NO


      ufw status verbose



      Status: active
      Logging: on (high)
      Default: deny (incoming), allow (outgoing), disabled (routed)
      New profiles: skip

      To Action From
      -- ------ ----
      8080 ALLOW IN Anywhere 
      22 ALLOW IN Anywhere 
      54.210.201.141 22/tcp ALLOW IN Anywhere 
      80,443,8080/tcp ALLOW IN Anywhere 
      53 ALLOW IN Anywhere # open tcp and udp port 53 for dns
      20/tcp ALLOW IN Anywhere # ftp
      21/tcp ALLOW IN Anywhere # ftp
      22/tcp ALLOW IN Anywhere # port 22 for ssh
      40000:50000/tcp ALLOW IN Anywhere 
      990/tcp ALLOW IN Anywhere 
      8080 (v6) ALLOW IN Anywhere (v6) 
      22 (v6) ALLOW IN Anywhere (v6) 
      80,443,8080/tcp (v6) ALLOW IN Anywhere (v6) 
      53 (v6) ALLOW IN Anywhere (v6) # open tcp and udp port 53 for dns
      20/tcp (v6) ALLOW IN Anywhere (v6) # ftp
      21/tcp (v6) ALLOW IN Anywhere (v6) # ftp
      22/tcp (v6) ALLOW IN Anywhere (v6) # port 22 for ssh
      40000:50000/tcp (v6) ALLOW IN Anywhere (v6) 
      990/tcp (v6) ALLOW IN Anywhere (v6)


      netstat -tlnp



      Active Internet connections (only servers)
      Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
      tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23158/vsftpd 
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1269/sshd 
      tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1377/postgres 
      tcp6 0 0 :::8080 :::* LISTEN 3236/java 
      tcp6 0 0 :::22 :::* LISTEN 1269/sshd 
      tcp6 0 0 127.0.0.1:8005 :::* LISTEN 3236/java 
      tcp6 0 0 :::8009 :::* LISTEN 3236/java


      /etc/vsftpd.userlist



      has only 1 line with local username for ftp login access




      ubuntu vsftpd




      share|improve this question














      Fresh install of vsftpd is not accepting connections. I have got to be missing something simple, but I can't seem to figure it out. BTW lots of articles on this, read most of them...



      running ubuntu: 16.04.3 LTS



      running vsftpd: 3.0.3




      1. Things that ARE working (using lftp as client, TLS connection)



        • validation locally from 127.0.0.1

        • validation locally from local server IP address (172.31.26.169)



      2. Unable to connect from any external client using exact same syntax for lftp client.



        lftp -d -u username,password 172.31.26.169 -e "set ssl:verify-certificate false"


      Supporting information



      /etc/vsftpd.conf



      listen=YES
      anonymous_enable=NO
      local_enable=YES
      write_enable=YES
      dirmessage_enable=YES
      use_localtime=YES
      xferlog_enable=YES
      connect_from_port_20=YES
      chroot_local_user=YES
      secure_chroot_dir=/var/run/vsftpd/empty
      pam_service_name=vsftpd
      rsa_cert_file=/etc/ssl/private/vsftpd.pem
      rsa_private_key_file=/etc/ssl/private/vsftpd.pem
      ssl_enable=YES
      allow_anon_ssl=NO
      force_local_data_ssl=YES
      force_local_logins_ssl=YES
      ssl_tlsv1=YES
      ssl_sslv2=NO
      ssl_sslv3=NO
      require_ssl_reuse=NO
      ssl_ciphers=HIGH
      user_sub_token=$USER
      local_root=/home/$USER/ftp
      pasv_min_port=40000
      pasv_max_port=50000
      userlist_enable=YES
      userlist_file=/etc/vsftpd.userlist
      userlist_deny=NO
      debug_ssl=YES
      #implicit_ssl=YES (This setting causes 127.0.0.1 login testing to fail)
      log_ftp_protocol=YES
      require_cert=NO


      ufw status verbose



      Status: active
      Logging: on (high)
      Default: deny (incoming), allow (outgoing), disabled (routed)
      New profiles: skip

      To Action From
      -- ------ ----
      8080 ALLOW IN Anywhere 
      22 ALLOW IN Anywhere 
      54.210.201.141 22/tcp ALLOW IN Anywhere 
      80,443,8080/tcp ALLOW IN Anywhere 
      53 ALLOW IN Anywhere # open tcp and udp port 53 for dns
      20/tcp ALLOW IN Anywhere # ftp
      21/tcp ALLOW IN Anywhere # ftp
      22/tcp ALLOW IN Anywhere # port 22 for ssh
      40000:50000/tcp ALLOW IN Anywhere 
      990/tcp ALLOW IN Anywhere 
      8080 (v6) ALLOW IN Anywhere (v6) 
      22 (v6) ALLOW IN Anywhere (v6) 
      80,443,8080/tcp (v6) ALLOW IN Anywhere (v6) 
      53 (v6) ALLOW IN Anywhere (v6) # open tcp and udp port 53 for dns
      20/tcp (v6) ALLOW IN Anywhere (v6) # ftp
      21/tcp (v6) ALLOW IN Anywhere (v6) # ftp
      22/tcp (v6) ALLOW IN Anywhere (v6) # port 22 for ssh
      40000:50000/tcp (v6) ALLOW IN Anywhere (v6) 
      990/tcp (v6) ALLOW IN Anywhere (v6)


      netstat -tlnp



      Active Internet connections (only servers)
      Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
      tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23158/vsftpd 
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1269/sshd 
      tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1377/postgres 
      tcp6 0 0 :::8080 :::* LISTEN 3236/java 
      tcp6 0 0 :::22 :::* LISTEN 1269/sshd 
      tcp6 0 0 127.0.0.1:8005 :::* LISTEN 3236/java 
      tcp6 0 0 :::8009 :::* LISTEN 3236/java


      /etc/vsftpd.userlist



      has only 1 line with local username for ftp login access





      ubuntu vsftpd





      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 4 at 19:32









      jayhendren

      5,09721341




      5,09721341










      asked Jan 4 at 19:20









      Ralph Sr

      11




      11

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f414834%2fubuntu-vsftpd-not-connecting%23new-answer', 'question_page');

          );

          Post as a guest






















          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes










           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f414834%2fubuntu-vsftpd-not-connecting%23new-answer', 'question_page');

          );

          Post as a guest
































































          -

          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
          Read more

          Bahrain

          Image
          For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
          Read more

          Postfix configuration issue with fips on centos 7; mailgun relay

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
          Read more