OpenWrt 22.03 vsftpd not working

richjoh · January 23, 2023, 3:13am

Does vsftpd work in OpenWrt 22.03? If someone has this working please post your configuration file, /etc/vsftpd.conf here. I keep getting "access denied" no matter the setting.

background=YES
listen=YES
#listen_address=192.168.1.2
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
check_shell=NO
chroot_local_user=YES
passwd_chroot_enable=YES
local_root=/mnt/sdb1
#dirmessage_enable=YES
#ftpd_banner=Welcome to blah FTP service.
session_support=NO
syslog_enable=YES
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/vsftpd.userlist
#xferlog_enable=YES
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
###
### TLS/SSL options
### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd_privkey.pem -out /etc/vsftpd/vsftpd_cert.pem -subj /C="DE"/ST="Saxony"/L="Leipzig"/CN="OpenWrt"
#ssl_enable=YES
#allow_anon_ssl=NO
#force_local_data_ssl=NO
#force_local_logins_ssl=NO
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
#rsa_cert_file=/etc/vsftpd/vsftpd_cert.pem
#rsa_private_key_file=/etc/vsftpd/vsftpd_privkey.pem
pasv_enable=YES
pasv_max_port=30100
pasv_min_port=30000
seccomp_sandbox=NO
isolate_network=NO

pavelgl · January 23, 2023, 8:38am

Yes, it works just fine.

Load the default settings (posted below), restart the vsftpd service and try to connect from the LAN side using the root account.

/etc/vsftpd.conf

background=YES
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
check_shell=NO
#dirmessage_enable=YES
#ftpd_banner=Welcome to blah FTP service.
session_support=NO
#syslog_enable=YES
#userlist_enable=YES
#userlist_deny=NO
#userlist_file=/etc/vsftpd/vsftpd.users
#xferlog_enable=YES
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
###
### TLS/SSL options
### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd_privkey.pem -out /etc/vsftpd/vsftpd_cert.pem -subj /C="DE"/ST="Saxony"/L="Leipzig"/CN="OpenWrt"
#ssl_enable=YES
#allow_anon_ssl=NO
#force_local_data_ssl=NO
#force_local_logins_ssl=NO
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
#rsa_cert_file=/etc/vsftpd/vsftpd_cert.pem
#rsa_private_key_file=/etc/vsftpd/vsftpd_privkey.pem

If it starts working, let us know what you're trying to achieve and we'll help you fine-tune the configuration.

richjoh · January 24, 2023, 6:43am

I'm still getting Access denied or Permission denied using your 8 lines of vsftpd.conf for my /etc/vsftpd.conf file with the username I setup. If I use root as the login, WinSCP responds with "Cannot initialize SFTP protocol.", Connection has been unexpectedly closed.

I have 3 HD, connected to my Linksys wrt3200 router shared via Samba, NTFS.

pavelgl · January 24, 2023, 7:09am

SFTP is a different protocol and requires a specific package to be installed.

You could use SCP, but now we want to test the FTP server.

richjoh · January 24, 2023, 1:08pm

OK, root is successful with FTP. When I try a user, setup with Samba then vsftp error message is
CannotChangeDirectory

Ultimately, I want to login username, password and access drives on the LAN and from WAN side using vsftp, not using plain text login.

frollic · January 24, 2023, 1:10pm

well, it can't access the dir you've set up as home (?) dir
that's not vsftp's fault ...

does the dir exist, and have proper permissions ?

d687r02j8g · January 24, 2023, 1:49pm

If you don't want plain text then you shouldn't be using FTP. Use SFTP instead.

frollic · January 24, 2023, 1:50pm

... or SCP using winscp.

d687r02j8g · January 24, 2023, 1:54pm

I tried using scp using the command line but I got

user@machine ~ ❯ scp root@192.168.50.1:/etc/config/network .
ash: /usr/libexec/sftp-server: not found
scp: Connection closed

So maybe sftp-server is required before scp will work?

frollic · January 24, 2023, 2:01pm

works fine here, from Windows though.

openwrt to openwrt works too, this was however 22.03 connecting to 19.07.

root@OpenWrt:~# scp root@192.168.10.240:/etc/config/firewall .
Host '192.168.10.240' is not in the trusted hosts file.
(ssh-rsa fingerprint SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Do you want to continue connecting? (y/n) y
root@192.168.10.240's password:
firewall                                      100% 2628     2.6KB/s   00:00
root@OpenWrt:~#

d687r02j8g · January 24, 2023, 2:10pm

Worked for me openwrt to openwrt!

Ah looks like my machine is too up to date

@richjoh : You could use scp instead. Its secure and widely supported. Could use keys to auth too I think.

richjoh · January 25, 2023, 5:24am

I need to connect from the WAN side using sftp clients or something other than plain ftp. Maybe using VLC as the client, it has sftp and ftp.

All files in /mnt/sdxx are set rwx for the owner (root), group, and others. Was wondering if the problem is root owns the files, I haven't been able to change the owner, I've used the chown command multiple times. I do a ls -l on the /mnt/sdxx, root persistently is the owner after doing multiple chown commands or changing rights. The instructions for setting up the permission or chown are minimal when reading the OpenWrt instructions for FTP and/or Samba.

OK a few and I confirms that SCP works with vsftp, but does this work from the WAN side with port forwarding setup?

frollic · January 25, 2023, 5:33am

Scp doesn't rely on vsftp, you can uninstall it, and yes it'll work from the WAN side, if you open the port.

hnyman · January 25, 2023, 5:47am

That is due to a too new scp in your PC. Newest scp versions use sftp as the protocol under the hood. I have run into that with Ubuntu 22.10.

You need

scp -O option (to enable the "Old" transfer method), or
install openssh-sftp-server in the router to enable sftp