Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

VSFTPD: virtual user with client private key authentication

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
GabrieleMax
Posts: 126
Joined: 2016-09-07 20:24
Location: Senigallia (AN) - Italy
Has thanked: 4 times
Been thanked: 1 time
Contact:
Contact GabrieleMax

VSFTPD: virtual user with client private key authentication

#1 Post by GabrieleMax »

It means mission impossible! :(

I'd like to use virtual users on VSFTPD, in my past I did it by PAM and everywhere people use it but I'd like to generate a private key from my client by openssl like what happen when I use ssh to connect with servers:

This is my config file:

Code: Select all

listen=NO
listen_ipv6=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/certificato.pem
rsa_private_key_file=/etc/ssl/private/vsftpd_pvtkey.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
require_ssl_reuse=NO
ssl_ciphers=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
chroot_local_user=YES
hide_ids=YES
debug_ssl=YES
guest_enable=YES
guest_username=virtual
user_sub_token=$USER
local_root=/home/ftp/$USER
user_config_dir=/etc/vsftpd/vsftpd_user_conf
This is /var/log/vsftpd.log when I try to connect from the client to the server:

Code: Select all

[pid 6732] CONNECT: Client "::ffff:192.168.73.35"
[pid 6732] DEBUG: Client "::ffff:192.168.73.35", "SSL version: TLSv1.3, SSL cipher: TLS_AES_256_GCM_SHA384, not reused, no cert"
[pid 6731] [test01] FAIL LOGIN: Client "::ffff:192.168.73.35"
[pid 6732] DEBUG: Client "::ffff:192.168.73.35", "Control connection terminated without SSL shutdown."
SSL server certificate is ok because when I start the ftp client I can read it and I must confirm it, after this I need to insert a password but in the client SSL key I didn't insert it... maybe I could imported this certificate in the wrong area of the sftpd server... btw I don't know if SFTPD works in this way!

Regards.
GabrieleMax
Top
Post Reply

Return to “General Questions”