LL       III  NNN  NN KK KK  EE      RR   RR RR   RR OO   OO RR   RR
LL       III  NN  NNN KK KK  EE      RR  RR  RR  RR  OO   OO RR  RR 
Posted on: Wednesday, April 22nd, 2009 at 03:56.
Filed under: All, ServerAdmin.
RSS 2.0 feed for comments.
You can leave a response, or trackback from your own site.

If you’re ever working with vsftpd, and filezilla dumps out this error:

GnuTLS error -8: A record packet with illegal version was received

You’re not finding any relevant error messages in your vsftpd log file, nor in the xferlog, nor in /var/log/messages ?

Well, vsftpd seems to be horribly un-verbose. The cause of this error is not because of some obscure TLS problem. What’s causing it is vsftpd dumping out a plain-text error in the middle of the encrypted data stream, causing the ftp client to pop out this error.

The only way to debug this was by packet sniffing the actual connection with wireshark. Following the TCP stream with wireshark, the error I was looking for in the log files, was clearly visible at the end of the TLS encrypted data, before the connection dropped.

Something like:

dvU2@:M.&.X=:-A*4aUm3:)!)y5Kt$'&"ZQN:'v%X500 OOPS: Cannot change directory: /foo

It turned out to be a simple permissions issue… .
Why vsftpd isn’t logging these to it’s own log file, or even syslogd, who knows. At the most verbose configuration, it is logging all sorts of things, except the actual error causing the problem!

Had encryption not been enabled in vsftpd, the error would have been visible in the FTP client.

So to any one encountering this, I would recommend either temporarily disabling encryption in vsftpd in order to see the error, or if that is not an option, use a packet sniffer to view the error.

I figured I would post this since google didn’t bring up much useful as I was debugging this. :)

pixelstats trackingpixel

18 Responses to “vsftpd debugging”

  1. mouser says:

    Awesome discovery.. that really is tricky isn’t it? What’s the point of an error log if you don’t log errors!

  2. Mathias says:

    Thanks a bunch for posting this! Just helped me out, big time.

  3. Daniel says:

    Thanks, this did it for me…

    quite a stinker in this respect, vsftpd



  4. Christophe says:

    Thanks a lot, i searched for a while, too.. !

  5. adeger says:

    Thanks for this great tip/observation. I was getting failures with encrypted PASV channel negotiations (due to a known but in VSFTPD 2.2.0) and couldn’t really see them until I retried unencrypted.

  6. Ferdinando says:

    Thanks a LOT from Italy!
    You’ve just allowed me to start an early weekend :-)
    I’ve set up VSFTPD with PAM+MySQL virtual users and TLS/SSL… and I forgot to create the virtual user homedir before connecting.
    Too bad that VSFTPD virtual user’s home directories cannot be created “on-the-fly”… or maybe via PAM??? Who knows… I’ll Google for it on Monday :-)

  7. peter says:

    This is great, still helping. Thanks!

  8. Srinivas says:

    Awesome! you saved me.

  9. ug says:

    Great information here. Not available at many places. In my case I had 700 perms and filezilla+Vsftpd threw this error. Moment I did 750 on my home dir, I saw the dir listing.

    alternatively I have decided to use below two lines in addition to chroot_local_user=YES.


    vsftpd/chroot_list has my username in it. With these three lines and 700 perms on my home directory, it still works fine. Didn’t need to make 750 in this case.

    Ofcourse I force SSL for login and data which i didn’t mention before, but all this is happening because of that so.. :)

  10. Having friend with girls that you like is so much easier due to the emergence of several social networking sites.

    To be sure that very idea of messaging, you will find two methods of an individual to convey his messages.
    Ever see NFL players beat their chest like a gorilla after
    they just made a good play.

  11. Hi there to all, it’s genuinely a plpeasant for me to visit this site, it contains helpful Information.

  12. Bows says:

    Birds don’t need to do this during the autumn season.
    Another friend who came out later to hunt catches up to you and offers you the same number of birds he harvested
    to get you closer to your bag limit. Hunters use this type of
    bows mostly for harvesting deer.

  13. Maybell says:

    Google still preponderates in search market share
    and also virtually whatever they say goes.

  14. Пятно на с этой записи, Я серьезно
    полагают, что Этот удивительный Сайт .
    Я, наверное, быть возвращается прочитать более, спасибо за советы!

  15. Hey! I could have sworn I’ve been to this website before but after checking through
    some of the post I realized it’s new to me. Anyways, I’m definitely delighted I found it and I’ll be bookmarking and checking back

  16. Mickey says:

    Since then, obviously Google has actually gotten this ‘black hat’ SEO method
    – now, those old web link structure techniques will certainly ruin a website’s authority.

  17. If that trailer is outrageously captivating, I’ll
    do my best not to learn any more about the movie until
    I see it for myself. Translated Text for Foreign Language Adult Movie Sub-Titles.
    Moreover, it takes very little amount to download full-length movies.


Leave a Reply