vsftpd 无法从 linux 访问

tag-icon tag-icon ubuntu ftp
vsftpd 无法从 linux 访问

我有安装了 vsftpd-ext(用于允许可写 chroot)的 ubuntu 12.04 lts 服务器。它一直运行稳定,甚至在 ftps 支持下也是如此(我有手动签名的证书)。

到目前为止,我一直使用 total commander 的内置 ftp/ftps 客户端从 Windows 访问该服务器。问题是,无论我使用什么客户端,我都无法从 Linux 访问它们。

以下是我的尝试的结果:

文件管理:

Status: Resolving address of myserver.com
Status: Connecting to myip:21...
Status: Connection established, waiting for welcome message...
Response:   220 (vsFTPd 2.3.5)
Command:    AUTH TLS
Response:   234 Proceed with negotiation.
Status: Initializing TLS...
Error:  GnuTLS error -12: A TLS fatal alert has been received.
Error:  Could not connect to server
Status: Waiting to retry...

FTP 服务器:

Looking up myserver.com
Trying myserver.com
Connected to myserver.com
220 (vsFTPd 2.3.5)
AUTH TLS
234 Proceed with negotiation.
SSL connection established using TLSv1/SSLv3 (DES-CBC3-SHA)
PBSZ 0
200 PBSZ set to 0.
PROT P
200 PROT now Private.
USER xxxx
331 Please specify the password.
PASS xxxx
230 Login successful.
SYST
215 UNIX Type: L8
TYPE I
200 Switching to Binary mode.
PWD    Looking up myserver.com
Trying myserver.com
Connected to myserver.com
220 (vsFTPd 2.3.5)
AUTH TLS
234 Proceed with negotiation.
SSL connection established using TLSv1/SSLv3 (DES-CBC3-SHA)
PBSZ 0
200 PBSZ set to 0.
PROT P
200 PROT now Private.
USER xxxx
331 Please specify the password.
PASS xxxx
230 Login successful.
SYST
215 UNIX Type: L8
TYPE I
200 Switching to Binary mode.
PWD
257 "/"
Loading directory listing / from server (LC_TIME=en_US.utf8)
PASV
227 Entering Passive Mode (ip,200,107).
LIST
150 Here comes the directory listing.
257 "/"
Loading directory listing / from server (LC_TIME=en_US.utf8)
PASV
227 Entering Passive Mode (ip,200,107).
LIST
150 Here comes the directory listing.
(hangs at this point)

火力FTP:

220 (vsFTPd 2.3.5)
       AUTH TLS
234 Proceed with negotiation.
       PBSZ 0
200 PBSZ set to 0.
       USER xxxx
331 Please specify the password.
       PASS (password not shown)
230 Login successful.
       FEAT
211-Features:
AUTH TLS
EPRT
EPSV
MDTM
PASV
PBSZ
PROT
REST STREAM
SIZE
TVFS
UTF8
211 End
       OPTS UTF8 ON
200 Always in UTF8 mode.
       PWD
257 "/"
       TYPE A
200 Switching to ASCII mode.
       PROT P
200 PROT now Private.
       PASV
227 Entering Passive Mode (ip,193,37).
       LIST
150 Here comes the directory listing.
(hangs at this point)

我尝试使用 fireftp 进行各种编码,但是没有成功。有趣的是,这个服务器仍然可以通过 total commander 客户端访问。

这是我的 vsftpd 配置文件(已删除注释):

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=NO
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem

答案1

如果你的 iptables 防火墙已打开,则需要加载连接跟踪模块

modprobe nf_conntrack_ftp

相关内容