vsftp Response: 530 Login incorrect.

10 views
Skip to first unread message

Rick

unread,
May 1, 2022, 8:37:59 PMMay 1
to
I have installed and configured vsftpd through YAST. When I try to log in
i get the following:

Response: 530 Login incorrect.
Error: Critical error: Could not connect to server

My /var/log/vsftp.log:
Sun May 1 20:26:57 2022 [pid 12835] CONNECT: Client "xx.xxx.xx.xxx"
Sun May 1 20:26:57 2022 [pid 12835] FTP response: Client
"xx.xxx.xx.xxx", "220 No matter where you go, there you are."
Sun May 1 20:26:57 2022 [pid 12835] FTP command: Client "xx.xxx.xx.xxx",
"AUTH TLS"
Sun May 1 20:26:57 2022 [pid 12835] FTP response: Client
"xx.xxx.xx.xxx", "234 Proceed with negotiation."
Sun May 1 20:26:58 2022 [pid 12835] FTP command: Client "xx.xxx.xx.xxx",
"USER xxxx"
Sun May 1 20:26:58 2022 [pid 12835] [rick] FTP response: Client
"xx.xxx.xx.xxx", "331 Please specify the password."
Sun May 1 20:26:58 2022 [pid 12835] [rick] FTP command: Client
"xx.xxx.xx.xxx", "PASS <password>"
Sun May 1 20:26:58 2022 [pid 12833] [rick] FAIL LOGIN: Client
"xx.xxx.xx.xxx"
Sun May 1 20:26:59 2022 [pid 12835] [rick] FTP response: Client
"xx.xxx.xx.xxx", "530 Login incorrect."
Sun May 1 20:26:59 2022 [pid 12835] DEBUG: Client "xx.xxx.xx.xxx",
"Control connection terminated without SSL shutdown."
Sun May 1 20:26:59 2022 vsftpd [pid 12835]: "" xx.xxx.xx.xxx":
vsf_sysutil_recv_peekSun May 1 20:26:59 2022 vsftpd [pid 12833]: "xxxx"
from "xx.xxx.xx.xxx": priv_sock_get_cmd


I am behind a cable router with a forward Xfinity ip linked to my domain
through DNS Exit.
ftp port is forwarded.
The self signed ssl certificate is recognized.
I get the same error whether trying to connect vie FQDN or internal ip.
I am not sure what to look at to fix the problem.
Any and all help appreciated.

Marco Moock

unread,
May 2, 2022, 10:51:31 AMMay 2
to
Am Sonntag, 01. Mai 2022, um 19:37:52 Uhr schrieb Rick:

> I get the same error whether trying to connect vie FQDN or internal
> ip. I am not sure what to look at to fix the problem.

As the message says, the login credentials are not correct. What user
database does your service use?
How is vsftpd configured on your system?
Be aware that user/pass are case-sensitive.

Andrew

unread,
May 2, 2022, 11:01:18 AMMay 2
to
https://askubuntu.com/questions/354178/what-is-ftp-username-and-password-for-vsftpd#354204
https://askubuntu.com/questions/545600/ftp-refuses-any-and-all-connections-vsftpd?rq=1
Mind you, both of those threads are from years ago.

I got them by feeding >> vsftp login linux << into duckduckgo,
https://docs.rockylinux.org/guides/file_sharing/secure_ftp_server_vsftpd/
looks helpful and was last updated 4 days ago.

--
This mail has been tested by https://RKIvirus.com/ and has been found to
contain Covid-19. Disinfect after reading.

Rick

unread,
May 2, 2022, 1:50:53 PMMay 2
to
I do not know what use database OpensSuse uses. I have no idea how to
find out.
I configured vsftpd using YAsT, the "control panel" used by OpenSuse.
I log into the system many times a day,

Marco Moock

unread,
May 2, 2022, 1:57:37 PMMay 2
to
Am Montag, 02. Mai 2022, um 12:50:42 Uhr schrieb Rick:

> I do not know what use database OpensSuse uses. I have no idea how to
> find out.

Check the /etc/vsftpd.conf. Post the content here, but without
commented lines please.

Rick

unread,
May 2, 2022, 2:14:50 PMMay 2
to
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_upload_enable=NO
anonymous_enable=NO
chroot_local_user=NO
ftpd_banner=No matter where you go, there you are.
idle_session_timeout=900
local_enable=YES
local_root=/public_ftp
log_ftp_protocol=YES
max_clients=10
max_per_ip=3
pasv_enable=YES
pasv_max_port=40500
pasv_min_port=40000
rsa_cert_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
write_enable=YES
xferlog_enable=YES

Marco Moock

unread,
May 2, 2022, 2:31:49 PMMay 2
to
That looks good. Does vsftpd create a special log file unter /var/log?
Please check that and check it for log messages.

Rick

unread,
May 2, 2022, 3:01:41 PMMay 2
to
On Mon, 2 May 2022 20:31:47 +0200, Marco Moock wrote:

> That looks good. Does vsftpd create a special log file unter /var/log?
> Please check that and check it for log messages.

Mon May 2 14:52:19 2022 [pid 7526] CONNECT: Client "xx.xxx.xx.xxx"
Mon May 2 14:52:19 2022 [pid 7526] FTP response: Client "xx.xxx.xx.xxx",
"220 No matter where you go, there you are."
Mon May 2 14:52:19 2022 [pid 7526] FTP command: Client "xx.xxx.xx.xxx",
"AUTH TLS"
Mon May 2 14:52:19 2022 [pid 7526] FTP response: Client "xx.xxx.xx.xxx",
"234 Proceed with negotiation."
Mon May 2 14:52:19 2022 [pid 7526] FTP command: Client "xx.xxx.xx.xxx",
"USER xxxx"
Mon May 2 14:52:19 2022 [pid 7526] [xxxx] FTP response: Client
"xx.xxx.xx.xxx", "331 Please specify the password."
Mon May 2 14:52:19 2022 [pid 7526] [xxxx] FTP command: Client
"xx.xxx.xx.xxx", "PASS <password>"
Mon May 2 14:52:19 2022 [pid 7525] [xxxx] FAIL LOGIN: Client
"xx.xxx.xx.xxx"
Mon May 2 14:52:20 2022 [pid 7526] [xxxx] FTP response: Client
"xx.xxx.xx.xxx", "530 Login incorrect."
Mon May 2 14:52:20 2022 [pid 7526] DEBUG: Client "xx.xxx.xx.xxx",
"Control connection terminated without SSL shutdown."
Mon May 2 14:52:20 2022 vsftpd [pid 7526]: "" from "xx.xxx.xx.xxx":
vsf_sysutil_recv_peek

Marco Moock

unread,
May 2, 2022, 3:21:13 PMMay 2
to
I think we should increase the log level.
Additionally, I assume that the login attempt should appear in
/var/log/auth.log. Please check that.
Another guess: Try a new created test user with a password containing
only ASCII chars. Maybe a password with special characters creates
problems. Just a guess, but maybe try it out.

Rick

unread,
May 2, 2022, 3:49:30 PMMay 2
to
I haven't been able to get more verbose logging.
I don't find /etc/log/auth.log
I added another user name, test password, test. Same results.

Carlos E.R.

unread,
May 2, 2022, 5:56:08 PMMay 2
to
On 2022-05-02 21:49, Rick wrote:
> On Mon, 2 May 2022 21:21:10 +0200, Marco Moock wrote:
>
>> I think we should increase the log level.
>> Additionally, I assume that the login attempt should appear in
>> /var/log/auth.log. Please check that.
>> Another guess: Try a new created test user with a password containing
>> only ASCII chars. Maybe a password with special characters creates
>> problems. Just a guess, but maybe try it out.
>
>
> I haven't been able to get more verbose logging.
> I don't find /etc/log/auth.log

He did not say "/etc/log/auth.log".

But it will not exist.


--
Cheers, Carlos.

Carlos E.R.

unread,
May 2, 2022, 6:04:08 PMMay 2
to
On 2022-05-02 21:49, Rick wrote:
> On Mon, 2 May 2022 21:21:10 +0200, Marco Moock wrote:
>
>> I think we should increase the log level.
>> Additionally, I assume that the login attempt should appear in
>> /var/log/auth.log. Please check that.
>> Another guess: Try a new created test user with a password containing
>> only ASCII chars. Maybe a password with special characters creates
>> problems. Just a guess, but maybe try it out.
>
>
> I haven't been able to get more verbose logging.

syslog_enable=YES
log_ftp_protocol=YES
xferlog_enable=YES


debug_ssl=YES


see "vsftpd.conf".


--
Cheers, Carlos.

Carlos E.R.

unread,
May 2, 2022, 6:12:08 PMMay 2
to
local_enable=YES
local_root=/public_ftp

is a bit of a contradiction. With the first, a local user would go to
/home/username, but with "local_root" defined, it goes instead to
/public_ftp which must exist and be populated, I understand.



--
Cheers, Carlos.

Rick

unread,
May 2, 2022, 7:32:54 PMMay 2
to
I have commented out /public_ftp

Rick

unread,
May 2, 2022, 7:34:58 PMMay 2
to
I don't have /var/log/auth.log, either.

Rick

unread,
May 2, 2022, 7:36:12 PMMay 2
to
I have added debug_ssl=YES to vsftpd.conf

Marco Moock

unread,
May 3, 2022, 2:29:48 AMMay 3
to
Am Montag, 02. Mai 2022, um 18:34:51 Uhr schrieb Rick:

> I don't have /var/log/auth.log, either.

Is there another file in Suse where logins are being logged? Check the
file names in /var/log.
Also check the syslog for login attempts.

Carlos E.R.

unread,
May 3, 2022, 4:44:08 AMMay 3
to
On 2022-05-03 08:29, Marco Moock wrote:
> Am Montag, 02. Mai 2022, um 18:34:51 Uhr schrieb Rick:
>
>> I don't have /var/log/auth.log, either.
>
> Is there another file in Suse where logins are being logged? Check the
> file names in /var/log.

They go to the /var/log/messages file, all of it. Only news, mail,
firewall, go to a different file each.


> Also check the syslog for login attempts.

That's syslog :-)

Maybe you meant the journal?


--
Cheers, Carlos.

Carlos E.R.

unread,
May 3, 2022, 4:44:09 AMMay 3
to
And you are using your normal user/password pair? Try with anonymous.

What release of openSUSE are you using?

--
Cheers, Carlos.

Carlos E.R.

unread,
May 3, 2022, 4:56:09 AMMay 3
to
On 2022-05-03 10:43, Carlos E.R. wrote:
> On 2022-05-03 01:32, Rick wrote:
>> On Tue, 3 May 2022 00:09:32 +0200, Carlos E.R. wrote:

...

>> I have commented out /public_ftp
>
> And you are using your normal user/password pair? Try with anonymous.
>
> What release of openSUSE are you using? Or is it SLES?

I have not used vsftp in a long time, but I still have it installed. So
I tried to connect. Initially I got connection refused. True enough,
both the systemd service and sockets are disabled. Starting the service
complained that "vsftpd: not configured for standalone, must be started
from inetd". Okay, so disable service and start socket. Then I could
login instantly, and list my home directory.

But I do not use certificates.

I do not have /var/log/vsftp.log, all goes to my syslog:

> cer@Telcontar:~> grep ftp /var/log/messages
> ...
> <3.6> 2022-05-03T10:44:44.177197+02:00 Telcontar systemd 1 - - Listening on vsftpd.socket.
> <3.6> 2022-05-03T10:44:57.915835+02:00 Telcontar systemd 1 - - Created slice Slice /system/vsftpd.
> <11.6> 2022-05-03T10:44:57.926951+02:00 Telcontar vsftpd 1769 - - CONNECT: Client "::ffff:127.0.0.1"
> <10.3> 2022-05-03T10:45:05.655305+02:00 Telcontar vsftpd 1760 - - gkr-pam: unable to locate daemon control file
> <11.6> 2022-05-03T10:45:05.660801+02:00 Telcontar vsftpd 1760 - - [cer] OK LOGIN: Client "::ffff:127.0.0.1"
> <3.6> 2022-05-03T10:48:57.217794+02:00 Telcontar systemd 1 - - vsf...@0-127.0.0.1:21-127.0.0.1:42834.service: Succeeded.
> cer@Telcontar:~>


--
Cheers, Carlos.

Marco Moock

unread,
May 3, 2022, 6:10:52 AMMay 3
to
Am Dienstag, 03. Mai 2022, um 10:53:06 Uhr schrieb Carlos E.R.:

> I tried to connect. Initially I got connection refused. True enough,
> both the systemd service and sockets are disabled. Starting the
> service complained that "vsftpd: not configured for standalone, must
> be started from inetd". Okay, so disable service and start socket.
> Then I could login instantly, and list my home directory.

There are 2 possibilities to run an ftp server:
With or without inetd.

inetd listens on port 21, does the TCP handshake and then starts
vsftpd. There is no vsftp service needed.

Without inetd, you need a service that runs all the time and listens on
port 21. IIRC this is the normal behavior of vsftpd.

Rick

unread,
May 3, 2022, 7:23:20 AMMay 3
to
Anonymous:
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server
address instead.

Command: LIST
Error: Connection timed out after 20 seconds of inactivity
Error: Failed to retrieve directory listing

opensuse 15.3

Rick

unread,
May 3, 2022, 7:27:44 AMMay 3
to
I have vsftpd set to run manually. When I work with vsftpd, I start the
service manually. I installed it using YAsT. I have configured it using
YAsT.

Marco Moock

unread,
May 3, 2022, 9:10:35 AMMay 3
to
Use Wireshark to check the reply for the unroutable address. To which
address did you connect?

Rick

unread,
May 3, 2022, 9:47:28 AMMay 3
to
I have removed and reinstalled vsftpd.
I am using the stock vsftpd.conf file that came with the package.
I am not using ssl.
I configured vsftpd using YAST and manually.
vsftpd is set to start manually as a service.
Anonymous is enabled.
Anonymous is enabled to /srv/ftp

I did have passive ports listed in the router for forwarding, but they
weren't enabled. Now they are.

Changes made to the stock conf file:

syslog_enable=YES commented out
log_ftp_protocol=YES
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd.log

I can now login as anonymous, with anonymous directory, and my user in my
home.
I can upload using anonymous.
I have created a user just for ftp. I can upload using that.

I'm going to backup the .conf file and then try to again use ssl, and
disable anonymous.
I'll report back.
Thanks for the help so far.

Rick

unread,
May 3, 2022, 10:39:24 AMMay 3
to
I inserted this into the working .conf:

rsa_cert_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

And agson started getting login incorrect.

Rick

unread,
May 3, 2022, 2:46:37 PMMay 3
to
I now have sftp working

Marco Moock

unread,
May 3, 2022, 3:20:30 PMMay 3
to
Am Dienstag, 03. Mai 2022, um 13:46:30 Uhr schrieb Rick:

> I now have sftp working

That is something completely different to ftp or ftps (FTP over
SSL/TLS).

Rick

unread,
May 3, 2022, 3:52:32 PMMay 3
to
Yes, I know, but I can send/receive files with it and everything should
be encrypted.
I'd still like to get vsftp working with ssl.

Andrew

unread,
May 4, 2022, 4:16:21 AMMay 4
to
Rick wrote:
> I now have sftp working
>
I posted a general guide on how to get vsftp running a couple of days
ago (the docs.rockylinux.org link) and one of the things they said was:
> Even with the security settings used here to set up vsftpd, you may want to consider sftp instead. sftp will encrypt the entire connection stream and is more secure for this reason. We've created a document here that deals with setting up sftp and the locking down SSH.

(there's a link where the word "here" is, but you obviously don't need it)

--
This mail has been tested by https://RKIvirus.com/ and has been found to
contain Covid-19. Disinfect after reading.

Carlos E.R.

unread,
May 4, 2022, 6:08:09 AMMay 4
to
I know that. But this is openSUSE, inetd is deprecated, it is done
instead using systemd, via file vsftpd.socket. And it works here.

--
Cheers, Carlos.

Carlos E.R.

unread,
May 4, 2022, 6:16:09 AMMay 4
to
Ok, then it is a problem with the certificate, not really with login.
Try a different client.

--
Cheers, Carlos.

Carlos E.R.

unread,
May 4, 2022, 6:16:09 AMMay 4
to
On 2022-05-03 16:39, Rick wrote:
Why do you disable 2 and 3? Maybe that's the problem.

--
Cheers, Carlos.

Carlos E.R.

unread,
May 4, 2022, 6:16:09 AMMay 4
to
You should do your initial testing inside the LAN, avoiding the router.
One thing less to figure out.


> Changes made to the stock conf file:
>
> syslog_enable=YES commented out
> log_ftp_protocol=YES
> xferlog_enable=YES
> vsftpd_log_file=/var/log/vsftpd.log
>
> I can now login as anonymous, with anonymous directory, and my user in my
> home.
> I can upload using anonymous.
> I have created a user just for ftp. I can upload using that.

Ok, so the router was a problem.



> I'm going to backup the .conf file and then try to again use ssl, and
> disable anonymous.
> I'll report back.
> Thanks for the help so far.

Anonynmous doesn't conflict with system users, you can have both.


--
Cheers, Carlos.

Marco Moock

unread,
May 4, 2022, 7:39:04 AMMay 4
to
Am Mittwoch, 04. Mai 2022, um 12:13:52 Uhr schrieb Carlos E.R.:

> Why do you disable 2 and 3? Maybe that's the problem.

These are really old versions that have known vulnerabilities.

Marco Moock

unread,
May 4, 2022, 10:22:55 AMMay 4
to
Am Dienstag, 03. Mai 2022, um 14:52:25 Uhr schrieb Rick:

> I'd still like to get vsftp working with ssl.

ok, did you try to disable FTPS and just use plain FTP (just for the
test)?

Rick

unread,
May 4, 2022, 10:50:11 AMMay 4
to
directions on the interent

Andrew

unread,
May 4, 2022, 11:02:08 AMMay 4
to
You could always enable 2 and 3, disabling them again if it works.
I assume you are restarting vsftp after config changes.

Rick

unread,
May 4, 2022, 11:14:36 AMMay 4
to
On Wed, 4 May 2022 17:02:02 +0200, Andrew wrote:

> Rick wrote:
>> On Wed, 4 May 2022 12:13:52 +0200, Carlos E.R. wrote:
>>
>>> On 2022-05-03 16:39, Rick wrote:
>>>> I inserted this into the working .conf:
>>>>
>>>> rsa_cert_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES
>>>> ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
>>>>
>>>> And agson started getting login incorrect.
>>>
>>> Why do you disable 2 and 3? Maybe that's the problem.
>>
>> directions on the interent
>>
>>
> You could always enable 2 and 3, disabling them again if it works.
> I assume you are restarting vsftp after config changes.

Usually. I have made several changes without restarting and then had to
move back several steps :-)

Rick

unread,
May 4, 2022, 4:37:36 PMMay 4
to
I generated a new certificate. The system recognizes the certificate, and
then again says incorrect login.

Rick

unread,
May 4, 2022, 4:40:27 PMMay 4
to
On Wed, 4 May 2022 10:16:18 +0200, Andrew wrote:

> Rick wrote:
>> I now have sftp working
>>
> I posted a general guide on how to get vsftp running a couple of days
> ago (the docs.rockylinux.org link) and one of the things they said was:
>> Even with the security settings used here to set up vsftpd, you may
>> want to consider sftp instead. sftp will encrypt the entire connection
>> stream and is more secure for this reason. We've created a document
>> here that deals with setting up sftp and the locking down SSH.
>
> (there's a link where the word "here" is, but you obviously don't need
> it)

I have sftp working.

Rick

unread,
May 4, 2022, 4:50:26 PMMay 4
to
I'm not sure how to disable FTPS... if you mean SFTP, I don't know how to
do that either.
I have several vsftp.conf files (vdftpd.conf, .ssl, and .ftp). When I
test a certain protocol (ftp ssl), I copy that file to vsftpd.conf and
restart vsftpd.
Insecure with only authenticated users works. SSL does not. I have also
generated a another certificate.

https://www.vultr.com/docs/how-to-secure-vsftpd-with-ssl-tls/

Carlos E.R.

unread,
May 5, 2022, 4:36:08 AMMay 5
to
Wouldn't version 1 be even older and more vulnerable?

Anyway, try first with them enabled, as it is not working.

--
Cheers, Carlos.

Marco Moock

unread,
May 5, 2022, 5:00:10 AMMay 5
to
Am Donnerstag, 05. Mai 2022, um 10:32:54 Uhr schrieb Carlos E.R.:

> Wouldn't version 1 be even older and more vulnerable?

TLSv1 is newer than SSL3.

Marco Moock

unread,
May 5, 2022, 6:34:07 AMMay 5
to
Am Mittwoch, 04. Mai 2022, um 15:50:19 Uhr schrieb Rick:

> I'm not sure how to disable FTPS... if you mean SFTP, I don't know
> how to do that either.

SFTP is via SSH and is not FTP.
FTPS is FTP inside an SSL or TLS tunnel.
This should be controllable via the ssl_enable setting.

Marco Moock

unread,
May 5, 2022, 6:35:16 AMMay 5
to
Am Mittwoch, 04. Mai 2022, um 15:37:28 Uhr schrieb Rick:

> I generated a new certificate. The system recognizes the certificate,
> and then again says incorrect login.

Then please test without TLS. The normal FTP login does no require a
certificate nor a private key, they are only needed for SSL/TLS.

Rick

unread,
May 5, 2022, 11:04:24 AMMay 5
to
When I remove ssl from the .conf, no security, I can log in.

Rick

unread,
May 5, 2022, 11:15:53 AMMay 5
to
When I rmove the ssl from the .conf, and set filezill to use plain ftp, I
can login. I can also use "explicit ftp over TLS if available" without ssl
enable but get "Insecure server, it does not support FTP over TLS" and am
able to log in.
When I enable the ssl settings, and set FileZilla to use "explicit ftp
over TLS if available" I get login incorrect.

Carlos E.R.

unread,
May 5, 2022, 2:04:09 PMMay 5
to
Well, try another client instead.

Also, you can read the documents in /usr/share/doc/packages/vsftpd/,
maybe there is something.

--
Cheers, Carlos.

Marco Moock

unread,
May 5, 2022, 2:15:07 PMMay 5
to
Am Donnerstag, 05. Mai 2022, um 10:04:17 Uhr schrieb Rick:

> When I remove ssl from the .conf, no security, I can log in.

ok that means the connection to the user database on the system works.
Which client do you use to connect?

Marco Moock

unread,
May 5, 2022, 2:20:18 PMMay 5
to
Am Donnerstag, 05. Mai 2022, um 10:15:45 Uhr schrieb Rick:

> When I enable the ssl settings, and set FileZilla to use "explicit
> ftp over TLS if available" I get login incorrect.

Please use the SSL debug features in vsftpd, see the manpage for
vsftpd.conf.
Then check your log files.

Rick

unread,
May 5, 2022, 3:52:49 PMMay 5
to
FileZilla

Rick

unread,
May 5, 2022, 5:15:02 PMMay 5
to
Thu May 5 17:02:01 2022 [pid 31329] CONNECT: Client "xx.xxx.xxx.xxx"
Thu May 5 17:02:01 2022 [pid 31329] FTP response: Client
"xx.xxx.xxx.xxx", "220 No matter where you go, there you are."
Thu May 5 17:06:53 2022 [pid 31966] CONNECT: Client "192.241.222.112"
Thu May 5 17:06:53 2022 [pid 31966] FTP response: Client
"192.241.222.112", "220 No matter where you go, there you are."
Thu May 5 17:06:53 2022 [pid 31966] FTP command: Client
"192.241.222.112", "AUTH TLS"
Thu May 5 17:06:53 2022 [pid 31966] FTP response: Client
"192.241.222.112", "234 Proceed with negotiation."
Thu May 5 17:09:01 2022 [pid 32368] CONNECT: Client "xx.xxx.xx.xxx"
Thu May 5 17:09:01 2022 [pid 32368] FTP response: Client
"xx.xxx.xx.xxx", "220 No matter where you go, there you are."
Thu May 5 17:09:01 2022 [pid 32368] FTP command: Client "xx.xxx.xx.xxx",
"AUTH TLS"
Thu May 5 17:09:01 2022 [pid 32368] FTP response: Client
"xx.xxx.xx.xxx", "234 Proceed with negotiation."
Thu May 5 17:09:01 2022 [pid 32368] FTP command: Client "xx.xxx.xx.xxx",
"PBSZ 0"
Thu May 5 17:09:01 2022 [pid 32368] FTP response: Client
"xx.xxx.xx.xxx", "200 PBSZ set to 0."
Thu May 5 17:09:01 2022 [pid 32368] FTP command: Client "xx.xxx.xx.xxx",
"PROT P"
Thu May 5 17:09:01 2022 [pid 32368] FTP response: Client
"xx.xxx.xx.xxx", "200 PROT now Private."
Thu May 5 17:09:01 2022 [pid 32368] FTP command: Client "xx.xxx.xx.xxx",
"USER xxxx"
Thu May 5 17:09:01 2022 [pid 32368] [xxxx] FTP response: Client
"xx.xxx.xx.xxx", "331 Please specify the password."
Thu May 5 17:09:01 2022 [pid 32368] [xxxx] FTP command: Client
"xx.xxx.xx.xxx", "PASS <password>"
Thu May 5 17:09:01 2022 [pid 32367] [xxxx] FAIL LOGIN: Client
"xx.xxx.xx.xxx"
Thu May 5 17:09:02 2022 [pid 32368] [xxxx] FTP response: Client
"xx.xxx.xx.xxx", "530 Login incorrect."


I do not recognize 192.241.222.112

Marco Moock

unread,
May 6, 2022, 12:31:48 AMMay 6
to
Am Donnerstag, 05. Mai 2022, um 16:14:55 Uhr schrieb Rick:

> I do not recognize 192.241.222.112

Looks like a public IPv4 address.
Is it your?

Bit Twister

unread,
May 6, 2022, 1:45:53 AMMay 6
to
Snippet follows:
$ whois 192.241.222.112

OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: 10th Floor
City: New York
StateProv: NY
PostalCode: 10013

At a glance it appears it not running at this test time.
$ ping -c1 -w3 192.241.222.112
ping: socket: Address family not supported by protocol
PING 192.241.222.112 (192.241.222.112) 56(84) bytes of data.

--- 192.241.222.112 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2081ms

Marco Moock

unread,
May 6, 2022, 2:48:20 AMMay 6
to
Am Freitag, 06. Mai 2022, um 00:45:51 Uhr schrieb Bit Twister:

> On Fri, 6 May 2022 06:31:44 +0200, Marco Moock wrote:
> > Am Donnerstag, 05. Mai 2022, um 16:14:55 Uhr schrieb Rick:
> >
> >> I do not recognize 192.241.222.112
> >
> > Looks like a public IPv4 address.
>
> Snippet follows:
> $ whois 192.241.222.112
>
> OrgName: DigitalOcean, LLC

Maybe someone tries to attack your server and tries to login. This is a
normal behavior if your FTP is accessible from the internet.

Rick

unread,
May 6, 2022, 7:51:50 AMMay 6
to
Looks like...
170.106.115.15
106.115.15
104.206.128.74
66.240.236.109
167.94.138.47 ...


All tried to get in between 8pm last night and 4:30am this morning.I
guess I need to go ahead and change the ftp port. I haven't yet.
... and remember to turn off the server.

Marco Moock

unread,
May 6, 2022, 8:02:32 AMMay 6
to
Am Freitag, 06. Mai 2022, um 06:51:43 Uhr schrieb Rick:

> All tried to get in between 8pm last night and 4:30am this morning.I
> guess I need to go ahead and change the ftp port. I haven't yet.
> ... and remember to turn off the server.

No, you don't need to do it. You just need to make sure that the user
accounts on your system have a long password.
Additionally, you can restrict the ftp access to certain users.
Then there are some login attempts, but these are not a problem.

Rick

unread,
May 6, 2022, 8:23:10 AMMay 6
to
On Thu, 5 May 2022 20:20:15 +0200, Marco Moock wrote:

MUCH progress !!

I added pam_service_name=vsftpd to the .conf and I was able to login. I
just have to set the user root directories and I think it will work.

Oh, yeah ... I changed the ftp port, too.

Marco Moock

unread,
May 6, 2022, 8:36:59 AMMay 6
to
Am Freitag, 06. Mai 2022, um 07:23:03 Uhr schrieb Rick:

> I changed the ftp port, too.

This will not help much, but will annoy allowed people wanting to
connect because they have to change the port every time.

Rick

unread,
May 6, 2022, 9:07:02 AMMay 6
to
I am the only system user.
I do wonder why adding pam_service_name=vsftpd is not more widely
documented.
I guess if I were really trained to do this stuff I'd have figured it
out. Still, I guess it is related to user login databases and methods.
Thanks for he help :-)

Now I'll wander over to the OpenSuse community forums and let them know
what I found, maybe it'll help someone else.

Rick

unread,
May 6, 2022, 9:35:04 AMMay 6
to
On Fri, 6 May 2022 14:36:56 +0200, Marco Moock wrote:

I spoke too soon.
I can connect using FileZilla from the Site Mnager menu, but not from gFTP
or from AndFTP or FTPCafe on 2 cell phones or from the FileZilla
QuickConnect. Same login incorrect.

Marco Moock

unread,
May 6, 2022, 9:39:24 AMMay 6
to
Am Freitag, 06. Mai 2022, um 08:34:57 Uhr schrieb Rick:

> I can connect using FileZilla from the Site Mnager menu, but not from
> gFTP or from AndFTP or FTPCafe on 2 cell phones or from the FileZilla
> QuickConnect. Same login incorrect.

Is the log different for these devices?

Rick

unread,
May 6, 2022, 2:13:01 PMMay 6
to
Found the problem. Seems you actually have to use the correct password to
log in.

New problem.
When I try to log in using the Android phone I get:

522 SSL connection faled: session reuse required

Rick

unread,
May 6, 2022, 2:17:43 PMMay 6
to
On Fri, 6 May 2022 15:39:21 +0200, Marco Moock wrote:

require_ssl_reuse=NO solved the 522 issue.

Marco Moock

unread,
May 6, 2022, 2:38:22 PMMay 6