LL      IIIII NN   NN KK  KK EEEEEEE RRRRRR  RRRRRR   OOOOO  RRRRRR 
LL       III  NNN  NN KK KK  EE      RR   RR RR   RR OO   OO RR   RR
LL       III  NN N NN KKKK   EEEEE   RRRRRR  RRRRRR  OO   OO RRRRRR 
LL       III  NN  NNN KK KK  EE      RR  RR  RR  RR  OO   OO RR  RR 
LLLLLLL IIIII NN   NN KK  KK EEEEEEE RR   RR RR   RR  OOOOO  RR   RR
                                                           ramblings
____________________________________________________________________
Posted on: Wednesday, April 22nd, 2009 at 03:56.
Filed under: All, ServerAdmin.
RSS 2.0 feed for comments.
You can leave a response, or trackback from your own site.

If you’re ever working with vsftpd, and filezilla dumps out this error:

GnuTLS error -8: A record packet with illegal version was received

You’re not finding any relevant error messages in your vsftpd log file, nor in the xferlog, nor in /var/log/messages ?

Well, vsftpd seems to be horribly un-verbose. The cause of this error is not because of some obscure TLS problem. What’s causing it is vsftpd dumping out a plain-text error in the middle of the encrypted data stream, causing the ftp client to pop out this error.

The only way to debug this was by packet sniffing the actual connection with wireshark. Following the TCP stream with wireshark, the error I was looking for in the log files, was clearly visible at the end of the TLS encrypted data, before the connection dropped.

Something like:

\5_TXC,[1d.c}$D12N8(,"ndKm:?Y5O\M)5{nj2*Uaiym8-T4rt2c'#/K(
dvU2@:M.&.X=:-A*4aUm3:)!)y5Kt$'&"ZQN:'v%X500 OOPS: Cannot change directory: /foo

It turned out to be a simple permissions issue… .
Why vsftpd isn’t logging these to it’s own log file, or even syslogd, who knows. At the most verbose configuration, it is logging all sorts of things, except the actual error causing the problem!

Had encryption not been enabled in vsftpd, the error would have been visible in the FTP client.

So to any one encountering this, I would recommend either temporarily disabling encryption in vsftpd in order to see the error, or if that is not an option, use a packet sniffer to view the error.

I figured I would post this since google didn’t bring up much useful as I was debugging this. :)

pixelstats trackingpixel
____________________________________________________________________

30 Responses to “vsftpd debugging”

  1. mouser says:

    Awesome discovery.. that really is tricky isn’t it? What’s the point of an error log if you don’t log errors!

  2. Mathias says:

    Thanks a bunch for posting this! Just helped me out, big time.

  3. Daniel says:

    Thanks, this did it for me…

    quite a stinker in this respect, vsftpd

    Regards,

    Daniel

  4. Christophe says:

    Thanks a lot, i searched for a while, too.. !

  5. adeger says:

    Thanks for this great tip/observation. I was getting failures with encrypted PASV channel negotiations (due to a known but in VSFTPD 2.2.0) and couldn’t really see them until I retried unencrypted.

  6. Ferdinando says:

    Thanks a LOT from Italy!
    You’ve just allowed me to start an early weekend :-)
    I’ve set up VSFTPD with PAM+MySQL virtual users and TLS/SSL… and I forgot to create the virtual user homedir before connecting.
    Too bad that VSFTPD virtual user’s home directories cannot be created “on-the-fly”… or maybe via PAM??? Who knows… I’ll Google for it on Monday :-)

  7. peter says:

    This is great, still helping. Thanks!

  8. Srinivas says:

    Awesome! you saved me.
    Thanks,
    Srinivas

  9. ug says:

    Great information here. Not available at many places. In my case I had 700 perms and filezilla+Vsftpd threw this error. Moment I did 750 on my home dir, I saw the dir listing.

    alternatively I have decided to use below two lines in addition to chroot_local_user=YES.

    chroot_list_enable=YES
    chroot_list_file=/etc/vsftpd/chroot_list

    vsftpd/chroot_list has my username in it. With these three lines and 700 perms on my home directory, it still works fine. Didn’t need to make 750 in this case.

    Ofcourse I force SSL for login and data which i didn’t mention before, but all this is happening because of that so.. :)

  10. Having friend with girls that you like is so much easier due to the emergence of several social networking sites.

    To be sure that very idea of messaging, you will find two methods of an individual to convey his messages.
    Ever see NFL players beat their chest like a gorilla after
    they just made a good play.

  11. Hi there to all, it’s genuinely a plpeasant for me to visit this site, it contains helpful Information.

  12. Bows says:

    Birds don’t need to do this during the autumn season.
    Another friend who came out later to hunt catches up to you and offers you the same number of birds he harvested
    to get you closer to your bag limit. Hunters use this type of
    bows mostly for harvesting deer.

  13. Maybell says:

    Google still preponderates in search market share
    and also virtually whatever they say goes.

  14. Пятно на с этой записи, Я серьезно
    полагают, что Этот удивительный Сайт .
    Я, наверное, быть возвращается прочитать более, спасибо за советы!

  15. Hey! I could have sworn I’ve been to this website before but after checking through
    some of the post I realized it’s new to me. Anyways, I’m definitely delighted I found it and I’ll be bookmarking and checking back
    frequently!

  16. Mickey says:

    Since then, obviously Google has actually gotten this ‘black hat’ SEO method
    – now, those old web link structure techniques will certainly ruin a website’s authority.

  17. If that trailer is outrageously captivating, I’ll
    do my best not to learn any more about the movie until
    I see it for myself. Translated Text for Foreign Language Adult Movie Sub-Titles.
    Moreover, it takes very little amount to download full-length movies.

  18. There are plenty of ways to spend sufficient time with the family and one of
    them is by watching good movies. Good news to all who missed the 1989 blockbuster movie hit,
    Nair Saab, starred by Mammootty. The king of tragedy, Dilip Kumar breaks his stereotype role and plays
    a fearless journalist trying to clean the city of Bombay from crime.

  19. With such passion to do something you can just imagine how good it will
    be turning out. The CIA specialists, Hobbs, has helped
    Dominic (Vin Diesel) in his mission in “Quick & Furious 6”.
    The Ayrton Senna Movie is a documentary of the life of Ayrton Senna and shows all
    his accomplishments, Senna as a person and his relationship with rival drivers.

  20. I really like reading through a post that can make people think.

    Also, many thanks for allowing me to comment!

  21. Many of these vestiges maintain their ancient appearances,
    such as the One Pillar Pagoda, Kim Lien Pagoda, Tay Phuong Pagoda, Tay Dang
    Temple and Chu Quyen Temple in Hanoi, Pho Minh Pagoda-Tower in Nam Dinh Province, Binh Son Tower in Vinh Phuc Province, Keo Pagoda in Thai Binh Province,
    But Thap Pagoda and Dinh Bang Temple in Bac Ninh Province, Cham Towers
    in the provinces of the Central Coast of Viet Nam and
    the royal architectures of Hue Citadel. The only thing that made me disappointed about
    Con Dao island is eating, there are only a few simple restaurants that serve mostly fish.
    At the opposite end of the country the Mekong River
    concludes its 3,050 mile journey from the Himalaya in a tangled mass of
    tributaries covering 15,000 square miles, creating a watery network
    through rich farmland.

  22. Along with that you can also make your Vietnam tours more
    exciting with Ho Chi Minh City excursion. The cities, too offer occasions to capture great images.
    No vehicles are allowed on any of the three Gilis, so visitors must
    travel by foot, bike, or traditional horse-drawn carriage.

  23. That is a good tip particularly to those fresh to the blogosphere.
    Short but very accurate info?Appreciate your sharing this
    one. A must read article!

  24. Thankfulness to my father who shared with me on the topic of
    this weblog, this webpage is truly amazing.

  25. gmjewel.com says:

    What’s up colleagues, how is the whole thing, and what you would like to say concerning
    this post, in my view its really remarkable designed for me.

  26. Forewarned that the residents of Hanoi would be unfriendly towards Americans – and
    who could blame them – we experienced nothing but gracious and caring people.

    s diverse range of religions: Long Son Pagoda in Nha Trang is a good
    example. Hanh grotto One of the most interesting cave I have ever been to.

  27. His learning projects inspire and motivate his students.
    These lakes can finally connect with the sea, and when that occurs you get extraordinary
    rock formations, with large lakes towers around sink
    holes that were previously. s finest scenery by taking an escorted holiday to
    California and the Golden West.

  28. zajrzyj says:

    The brand of Moda in pelle provides extremely stylish, durable and comfortable shoes.
    The Unitron website includes detailed description of the features and benefits
    from this product. 1990’s – Bra became a highlight on women’s wardrobe.

  29. Remote mobile hacking software allows you to monitor a cell phone without
    having to install the hacking program directly to the mobile device you wish to hack.
    hack-tivity,’ is a bold step in the mobile phone industry.

    The man telling me the story was coming in to buy the $80 replacement tongue
    jack.

____________________________________________________________________

Leave a Reply