0

I need to setup an FTP server and SFTP server on EC2 supporting both password and cert logins. I just used the stock RHEL and Amazon AMI's and I can't login to either.

$ sudo yum install vsftpd
$ sudo adduser someuser
$ sudo passwd someuser

#edit /etc/ssh/sshd_config
PasswordAuthentication yes

#Comment out this line on /etc/pam.d/vsftpd for good measure, read about it elsewhere
#auth       required    pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

$ sudo systemctl start vsftpd

My vsftpd conf is as follows

#edit /etc/vsftpd/vsftpd.conf to disable anon login
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

I do all this, then attempt connecting from another host. SFTP hangs with the error below and I have to Ctrl+C to get sftp to exit.

$ sftp -v -P 21 someuser@ec2host
...
debug1: ssh_exchange_identification: 530 Please login with USER and PASS.

I expect to be prompted for a password and see the users directory! Note: sftp works against port 22 with the regular sshd install. Any idea what I'm doing wrong?

Ziplin
  • 485
  • 2
  • 4
  • 16

2 Answers2

1

There seems to be a lot of confusion on the internet between the SSH file transfer client sftp, and FTP with SSL ftps (cf http->https).

vsftpd does not support sftp connections. For ftps connections you would need an SSL key+certificate, and the appropriate configuration eg

rsa_cert_file=/etc/vsftpd/vsftpd.pem
ssl_enable=YES

and then you would need to use an FTP client that supports ftps (eg lftp)

The ProFTPd server has an SFTP module that can be enabled, but it cannot share the same port with regular FTP since it is a completely incompatible protocol. You would need to either run it on a non-standard port, or move openssh server to a nonstandard port to have proftpd listen on port 22.

DerfK
  • 19,313
  • 2
  • 35
  • 51
  • You got me on the right path, I'm surprised that the sftp client didn't provide some sort of other error, vsftpd IS working as designed, it's just running as an FTP server. – Ziplin Dec 15 '16 at 17:28
  • I can use sshd to run my sftp server, and vsftpd for my ftp server. – Ziplin Dec 15 '16 at 17:29
0

Despite its name sftp has absolutely nothing to do with FTP. It does not speak the same protocol. It is an ssh client which transfers files over an ssh connection, not an FTP client. SFTP cannot be used to connect to FTP servers.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940