My objective is to create an external ftp server on Ubuntu 20.04.
My problem: When I configure the SSL certificate there is an (code=exited, Staus=2/INVALID ARGUMENT) error. The error logs are not precise and I would at least like to know how to get a very detailed report of the code that is producing the error.
My terminal displays the following when I run the command:
sudo systemctl restart vsftpd.service
sudo systemctl tatus vsftpd. status
Results:
vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sat 2020-10-10 20:12:07 AST; 12s ago
Process: 36977 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
Process: 36987 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf (code=exited, status=2)
When I explore the log using:
journal ctl -xn
The start job is performed successfully. However it closes right after with the message:
The job identifier is 13036.
Oct 10 20:15:13 username-Aspire-A315-51 sudo[37104]: pam_unix(sudo:session): session closed
Oct 10 20:15:13 username-Aspire-A315-51 systemd[1]: vsftpd.service:
Main process exited, code=exited, status=2/INVALIDARGUMENT
Subject: Unit process exited
How is my vsfptd.conf set up?
pam_service_name=vsftpd
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=11000
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1_1=YES
ssl_tlsv1_2=NO
ssl_sslv3=NO
require_ssl_reuse=YES
ssl_ciphers=HIGH
rsa_cert_file=/etc/ssl/certs/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key
The server works when it is configured with SSL_enable = NO and the default rsa_cert and rsa_key_files are as follows:
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
In case there are any questions as to how the SSL certificate and key were produced. This demonstrates the code from the tutorial used:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.crt
I have created and recreated SSL certificates several times. I have also commented out the IPv6_enable=YES.
I have seen some suggestions about commenting out code from the:
/etc/pam.d/vsftpd
This was not productive.
I am open to some further suggestions and maybe help. It's been a few hours and the paucity of log details make it hard to make a good guess as to the solution.
I've reset the permissions for /etc/vsftpd.conf to root:root via sudo chown root:root /etc/vsftpd.conf and now the vsftpd server get started via sudo systemctl restart vsftpd.service and running it manually via sudo /usr/bin/vsftpd.