Why won't vsftpd let me log in with a virtual user account?

Question

I would like to use vsftpd with virtual users and pam_pwdfile.so. I installed vsftpd and added two users (ramon and dragon) via htpasswd to my file /etc/vsftpd.passwd. The /etc/pam.d/vsftpd is configured to use this file.

auth  required        pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth    required pam_pwdfile.so pwdfile /etc/vsftpd.passwd
account required pam_permit.so

@include common-account
@include common-session

The user "ramon" is also available in /etc/passwd. A login to the ftp with the user "ramon" works as expected. But a login using "dragon" does not :/ The result is always

Login failed: 530 Login incorrect.

Since it's possible that I made a mistake I tried the exact way documented in /usr/share/doc/vsftpd/examples/VIRTUAL_USERS/README. Still no luck. I can login with the user "ramon", but not with the user "dragon".

Any ideas?

score 6 · Answer 1 · answered Jul 30 '12 at 10:59

6

I had the same problem, but this thread helped.

Apparently vsftpd has problems with MD5 hashes. When I instructed htpasswd to use crypt() (the -d option), it suddenly worked:

sudo htpasswd -c -d -b /etc/ftpd.passwd twilight sparkle

answered Jul 30 '12 at 10:59

Dawn Drescher

203

score 0 · Answer 2 · answered Dec 09 '22 at 21:07

Install:

apt install vsftpd libpam-pwdfile

Make user:

useradd -N -s /bin/false -d /home/vsftpd vsftpd

Edit/Create files:

# /apt/pam.d/vsftpd
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so
/etc/vsftpd.conf
listen=YES
#listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
xferlog_enable=YES
nopriv_user=vsftpd
chroot_local_user=YES
pam_service_name=vsftpd
utf8_filesystem=YES
hide_ids=YES
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
guest_username=vsftpd
/etc/vsftpd/ftpd.passwd
user names without passwords
user name 'upload' has a password.
if real password is 'MyPassword' then hash created with command:
openssl passwd MyPassword
programming:
videos:
documents:
furnitures:
sound:
engineer:
games:
programs:
shits:
upload:X7nyBRuyuJVyg
/etc/vsftpd_user_conf/documents
local_root=/media/nas/Έγγραφα
/etc/vsftpd_user_conf/engineer
local_root=/media/nas/Μηχανικός
hide_file={/unsorted,/personal}
/etc/vsftpd_user_conf/upload
local_root=/media/nas/downloads/FTP upload
download_enable=NO
write_enable=YES
allow_writeable_chroot=YES

score 0 · Answer 3 · answered Mar 07 '12 at 22:33

0

Use below to configure.

http://en.gentoo-wiki.com/wiki/Vsftpd#b.29_pam_pwdfile

I have tried this on my setup & it is working as expected.

answered Mar 07 '12 at 22:33

atvt

224

score 0 · Answer 4 · edited Jul 17 '13 at 21:47

0

Adding the -d option to htpasswd worked on my Rackspace / Ubuntu setup: htpasswd -c -d passwd username.

edited Jul 17 '13 at 21:47

Renan

8,062

answered Jul 17 '13 at 21:12

Drew Hart

101

Why won't vsftpd let me log in with a virtual user account?

4 Answers4

/etc/vsftpd.conf

/etc/vsftpd/ftpd.passwd

user names without passwords

user name 'upload' has a password.

if real password is 'MyPassword' then hash created with command:

openssl passwd MyPassword

/etc/vsftpd_user_conf/documents

/etc/vsftpd_user_conf/engineer

/etc/vsftpd_user_conf/upload

Linked

Related