我一直在尝试在我的 CentOS 7 机器上设置 VSFTPd,但在通过 FileZilla 连接时遇到了问题。我不断收到error -15
有关 TLS 数据包的消息。
以下是我的完整 FileZilla 调试日志。
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220 (vsFTPd 3.0.2)
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnSend()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::ContinueHandshake()
Trace: TLS Handshake successful
Trace: Protocol: TLS1.2, Key exchange: RSA, Cipher: AES-256-GCM, MAC: AEAD
Status: Verifying certificate...
Trace: CFtpControlSocket::SendNextCommand()
Command: USER jflory
Status: TLS/SSL connection established.
Trace: CTlsSocket::OnRead()
Trace: CFtpControlSocket::OnReceive()
Response: 331 Please specify the password.
Trace: CFtpControlSocket::SendNextCommand()
Command: PASS ****************
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::Failure(-15, 53)
Error: GnuTLS error -15: An unexpected TLS packet was received.
Trace: CRealControlSocket::OnClose(53)
Trace: CControlSocket::DoClose(64)
Trace: CFtpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)
我对自己做错的事情感到非常困惑。我跟着本 DigitalOcean 指南用于设置使用 TLS 的 VSFTPd。
以下是我的配置/etc/vsftpd/vsftpd.conf
。
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
listen_ipv6=NO
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_enable=YES
pasv_min_port=21
pasv_max_port=21
pasv_address=<IP address>
#allow_writable_chroot=YES
直到其他故障排除策略提示我时,我才添加被动部分 - 但是,甚至在添加有关被动模式的整个部分之前,我仍然收到同样的问题。
另外,我尝试打开,allow_writable_chroot
因为许多其他人报告说这是解决方案这个 Ubuntu 论坛主题,但我的情况并非如此。每当我尝试运行时sudo systemctl restart vsftpd
,它都会启动失败,从配置中删除该行就可以解决这个问题。
欢迎提供任何故障排除帮助!谢谢。