Show ftp user only his folder (vsftp)

Question

I know this question has been answered few times, but I tried everything, and it still not working.

I tried to create user and chroot them to a specific folder, but after ftp, I was able to go up the tree and see for example the '/' folder and its content.

I am not trying to use 'virtual users' with PAM, but current issue is 'Authentication failed'.

/etc/vsftpd.conf

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
secure_chroot_dir=/var/run/vsftpd/empty
ssl_enable=YES
allow_anon_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
user_sub_token=$USER
local_root=/home/bgftp/ftp/$USER
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=50000
chroot_list_enable=yes
pasv_address=[ip]
chroot_local_user=YES
hide_ids=YES
allow_writeable_chroot=YES
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd
virtual_use_local_privs=YES

vsftpd: version 3.0.3 ubuntu: 18.04

/etc/pam.d/vsftpd

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd crypt=2
account required pam_permit.so crypt=2

/etc/vsftpd/ftpd.passwd is in the format user:hash the hash was created using openssl passwd -1 and I manually copied the result.

the user1 folder exists:

/home/bgftp/ftp/user1# cat /etc/vsftpd_user_conf/user1
local_root=/home/bgftp/ftp/user1/folder1

current response:

Status: Connecting to [ip]...
Response:   fzSftp started, protocol_version=2
Command:    open "user1@[ip]" 22
Command:    Trust new Hostkey: Once
Command:    Pass: ******
Error:  Authentication failed.
Error:  Critical error: Could not connect to server

If you need more info, just let me know

score 2 · Answer 1 · answered Mar 18 '19 at 21:17

2

It looks like you may be confused. The vsftp program is an FTP server and as such it will be listening on port 21(ftp) for your connections. You are using an sftp client to try to connect to your server and as such you are connecting on port 22(ssh).

The FTP and SFTP protocols are not compatible.

If you want to connect to your server using the vsftpd service as above, you will need to use an ftp client. You may also need to open up the relevant ports.

If you want to connect to your server using sftp you will need to configure your sshd service to allow it.

answered Mar 18 '19 at 21:17

user9517

115,471
20
215
297

Yes, it is all confusing, I admit. But I a know that I connected to the ftp using filezilla with sftp protocol using user+pass. But when I did, it allowed me to change to any folder, and I want to user to be jailed to a specific folder. Please let me know how to do it, I am stuck on this for hours now – justadev Mar 18 '19 at 21:35
I tried to follow basically the guideline in here https://askubuntu.com/questions/575523/how-to-setup-virtual-users-for-vsftpd-with-access-to-a-specific-sub-directory, but it didn't work. – justadev Mar 18 '19 at 21:37

Show ftp user only his folder (vsftp)

1 Answers1