#StackBounty: Why is my VSFTP server not serving up FTPS on 990?

Bounty: 50

I have a Jessie VPS and would like to serve up FTPS; I am trying to get VSFTP to work but I have not yet successfully opened a connection to 990. I don’t know if there is a firewall issue; when I run curl ftps://flooring.ninja or telnet localhost 990, I get an immediate refusal from the server’s command line, and an eventual timeout from my Mac’s command line. I have tried this with /etc/vsftpd.conf having both listen=NO and LISTEN=YES and experienced the same results both ways.

In my research before this question I’ve found numerous tidbits on troubleshooting VSFTP; however I have not found, under either VSFTPD or WordPress auspices, what a sample /etc/vsftpd.conf should look like to support WordPress’s ability to use FTPS in lieu of plain old FTP, or rather I found some instructions but they were old and didn’t do anything useful when followed.

My present /etc/vsftpd.conf has, with comments stripped out besides genuine code that is commented out,

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
#ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
#chroot_local_user=YES
#chroot_local_user=YES
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
#ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/letsencrypt/live/cjshayward.com-0002/cert.pem
rsa_private_key_file=/etc/letsencrypt/live/cjshayward.com-0002/privkey.key
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES

This may not be the best starting point for a template; the rsa_cert_file line and below are from one high-ranked HOWTO.

Is there anything glaringly wrong with my config file settings?

TIA,

–UPDATE–

I’ve modified some of the settings in light of the comments given so far, but I am still not noticing any change in behavior. I have listen=YES and listen_port=990, and I still have yet to successfully open a connection. My /etc/vsftpd.conf, with comments (other than commented code) stripped out, is now:

listen=YES
listen_port=990
implicit_ssl=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
#ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
#chroot_local_user=YES
#chroot_local_user=YES
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/letsencrypt/live/cjshayward.com-0002/cert.pem
rsa_private_key_file=/etc/letsencrypt/live/cjshayward.com-0002/privkey.key
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO


Get this bounty!!!

Leave a Reply