2

On a Wheezy server, I used: aptitude install vsftpd. I edited the config file at /etc/vsftpd, disabled anonymous login, enabled local accounts, enabled FTP write, enabled the user vsftpduser, disabled ASCII mangling, activated umask 022 to avoid breaking Wordpress plugins (as per the doc)…

Then I used:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

I also added local_root=public_html (but I'd like to know why, I just followed a tutorial on this one).

With 

openssl req -x509 -nodes -days 365 -newkey rsa:1024 \
 -keyout /etc/vsftpd/vsftpd.pem \
 -out /etc/vsftpd/vsftpd.pem

I created a certificate and added the path to the vsftpd.conf file.

Finally I also set up the vsftp client in /etc/ssh/sshd_config with Subsystem sftp internal-sftp instead of the standard.

I modified the banner too. My issue: I don't see the banner when sftp-ing into the server. I do see it if I ftp into the server (though I get kicked because I enabled force_*_ssl). I've rebooted the server to no avail.

It looks to me like SFTP still sends me to the openssh sftp server.

syslog and vsftpd.log aren't helping me this day. Where should I look now?

Kheldar
  • 157
  • 1
  • 5
  • 2
    Please be aware of the big confusion between SFTP and FTPS. The first is SSH File Transfer Protocol (which is not quite scp and definitely not FTP), the other the incompatible FTP over SSL protocol. Looks like you're using the wrong client to test your VSFTPD configuration. Wikipedia on: [FTPS](http://en.wikipedia.org/wiki/FTPS) and [SFTP](http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) – HBruijn Feb 13 '14 at 11:56
  • Thanks @HBruijn, I had indeed my SFTP/FTPS mixed up... Not sure if I should delete the question though, since it is a valid answer, you can have the points if you want them. – Kheldar Feb 13 '14 at 13:03
  • I'll make it proper answer and then you can close the question, you're welcome :) – HBruijn Feb 13 '14 at 14:51

1 Answers1

4

For completeness sake, as the issue was mostly linguistic and already resolved from my comment.

By configuring an SSL certificate in VSFTP you're setting up an SSL secured FTP server. That protocol is FTPS.

That protocol is often confused with the incompatible SSH File Transfer Protocol; SFTP. You obviously can't test the VSFTP configuration with an sftp client.

As a footnote, a good multi-purpose tool for transferring data that supports both protocols and more is curl.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • so if SFTP is on port 22 what port is FTPS on? – Jacksonkr Sep 04 '14 at 00:14
  • 2
    FTPS uses starttls over the regular FTP control port (IANA reserved TCP port 21) , as defined in RFC 4217 [section 4](http://tools.ietf.org/html/rfc4217#section-4) and [section 16](http://tools.ietf.org/html/rfc4217#section-16) – HBruijn Sep 04 '14 at 07:48