vsftp work only without TLS

Question

Hi I installed vsftpd on ubuntu 20.04, at the beginning I tested my FTP server without having secured and it worked fine !!

But when I use the TLS certification the server does not work anymore I do not know what it is where it is what's the problem please help me! This is the configuration of my certification in vsftpd.conf

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
user_sub_token=$USER
local_root=/home/$USER/ftp
allow_writeable_chroot=YES
pasv_min_port=10000
pasv_max_port=11000
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

my error output of fillezilla is :

Error: The data connection cannot be established: ECONNREFUSED - Connection refused by the server

in log file i get :

Fri Apr  9 21:30:18 2021 [pid 5390] DEBUG: Client "::ffff:196.178.36.3", "SSL version: TLSv1.3, SSL cipher: TLS_AES_256_GCM_SHA384, not reused, no cert"

OUtupt systemctl status vsftpd :

vsftpd.service - vsftpd FTP server
     Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-04-10 08:14:06 UTC; 3h 40min ago
    Process: 5466 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
   Main PID: 5467 (vsftpd)
      Tasks: 10 (limit: 2282)
     Memory: 4.1M
     CGroup: /system.slice/containerd.service/system.slice/vsftpd.service
             |-5467 /usr/sbin/vsftpd /etc/vsftpd.conf
             |-5483 /usr/sbin/vsftpd /etc/vsftpd.conf
             |-5484 /usr/sbin/vsftpd /etc/vsftpd.conf
             |-5485 /usr/sbin/vsftpd /etc/vsftpd.conf
             |-5486 /usr/sbin/vsftpd /etc/vsftpd.conf
             |-5487 /usr/sbin/vsftpd /etc/vsftpd.conf
             |-5488 /usr/sbin/vsftpd /etc/vsftpd.conf
             |-5490 /usr/sbin/vsftpd /etc/vsftpd.conf
             |-5491 /usr/sbin/vsftpd /etc/vsftpd.conf
             `-5492 /usr/sbin/vsftpd /etc/vsftpd.conf

Apr 10 08:14:06 VPS systemd[1]: Starting vsftpd FTP server...
Apr 10 08:14:06 VPS systemd[1]: Started vsftpd FTP server.

can you try to explain to me more ??? wchich firewall ?? i'm working with docker — Rayen Ben Said, Apr 09 '21 at 20:46

score 1 · Answer 1 · answered Apr 09 '21 at 22:07

1

The problem come from the two lines:

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

Use the following line to create the SSL certificates:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.pem

Edit your /etc/vsftpd.conf :

rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.key

Then restart vsftpd:

sudo systemctl restart vsftpd

Check the status:

systemctl status vsftpd

answered Apr 09 '21 at 22:07

GAD3R

63,407
31
131
192

i get the same error in log DEBUG: Client "::ffff:196.178.36.3", "SSL version: TLSv1.3, SSL cipher: TLS_AES_256_GCM_SHA384, not reused, no cert" – Rayen Ben Said Apr 10 '21 at 08:15
@RayenBenSaid Could you add the output of `systemctl status vsftpd` – GAD3R Apr 10 '21 at 10:43
i did in the publication question – Rayen Ben Said Apr 10 '21 at 11:51
@RayenBenSaid The problem come from FileZilla. vsftpd is correctly set. – GAD3R Apr 10 '21 at 14:20
it's normal that ftp:\\x.x.x.x don't work ??? i enter my user name and passwrd and nothings happen – Rayen Ben Said Apr 10 '21 at 18:38

score 1 · Answer 2 · answered Oct 24 '21 at 07:13

I found the following, similar question: https://askubuntu.com/questions/1111209/16-04-server-using-vsftpd-using-tls-getting-econnrefused

The answer there worked for me, that is,

If anyone having the same issue, removing the following lines solved the problem for me:

ssl_tlsv1=YES

ssl_tlsv2=NO

ssl_tlsv3=NO

vsftp work only without TLS

2 Answers2