vsftpd Error 530 – Login Incorrect Solutions

I know this question has been asked countless times already, but I feel like I've tried every possible solution and none seem to work.

Some articles I've read and tried to use:

vsftpd error 530 login incorrect occurs with valid credentials and the 5 articles that one links to.
AskUbuntu – vsftpd 530 login incorrect and about 10 that offer the same solution.
LinuxQuestions.org – vsftpd login incorrect

I used to have UFW enabled (with 20:22/tcp and 20000:20200/tcp allowed) for both active and passive FTP, but have at some point disabled the entire thing.

I tried using xinetd, but got it working just as well as vsftpd-standalone, with exception of errors '500 OOPS: run two copies of vsftpd for IPv4 and IPv6' and '500 OOPS: could not bind listening IPv4 socket'. However, after solving those two, the same problem (Error 530) occured.

My normal configuration file (/etc/vsftpd.conf) looks like this:

anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
ftpd_banner=Welcome to the 'server name' FTP server.
deny_email_enable=YES
banned_email_file=/etc/vsftpd.banned_emails
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/etc/vsftpdjail
listen=YES
#listen_ipv6=YES
ssl_enable=YES
force_local_logins_ssl=NO
force_local_data_ssl=NO
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
require_ssl_reuse=NO
pasv_min_port=20000
pasv_max_port=20200
pasv_enable=YES
pam_service_name=vsftpd

However, commenting everything from deny_email_enable and downward (disabling passive, ssl and pam), with exception of 'listen=YES' doesn't yield other results.

vsftpd.service is enabled and started in systemctl

xinetd.service is disabled and stopped in systemctl (after some testing)

The PAM file (/etc/pam.d/vsftpd) contains:

#%PAM-1.0
auth    required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
#@include common-account
#@include common-session
#@include common-auth
auth    required    pam_shells.so

The files referred to DO exist and have the permissions: root:root 744

My user name is NOT in /etc/ftpusers

My user's login shell (/bin/bash) IS in /etc/shells

My user IS in /etc/passwd

Whenever I try to login I just get the same error over and over again:

Connecting to 192.168.178.49:21...
Connection made, awaiting welcome message...
Initializing TLS...
Checking certificate...
Established TLS-connection.
USER username
331 Please specify the password.
PASS ************
530 Login incorrect.
Fatal error: Can't connect to server.

'sudo netstat -tulpn' shows:
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 342/vsftpd

/var/log/vsftpd.log shows the same message over and over again:

CONNECT: Client "192.168.178.69"
[username] FAIL LOGIN: Client "192.168.178.69"

without any further info. (Using the same login credentials as I use to login through SSH and locally on the server)

I am completely out of ideas, after having researched this issue for 6 continuous hours. So any help is appreaciated.

Also, system info: Processor: 2xIntel Pentium G6950@2.800GHz (intel-ucode IS installed) OS: Arch Linux 5.0.9-arch1-1-ARCH x86_64 (Up-to-date and installed today) RAM: 8192MB Internet both Server and Client: 1Gbps cat 5e cable directly to modem No firewall on client or modem

Edit1: Edited typos in /etc/pam.d/vsftpd

Best Answer

After I posted the question, I tried a for a little longer, but to no avail. Fast-forward one day and I've decided to completely wipe the operating system, reinstall and make vsftpd the very, very first thing to do after OS essentials. Therefore, I am not sure if what I changed fixed the issue, or if something went wrong during the initial installation of the operating system, but here we go anyway:

I was completely baffled why NO solutions from others, who had the same issue, helped, until I read the last entry in the Arch Linux vsftpd troubleshooting page which states, that PAM has been updated in 2019(!) and that authentication for local users now works differently. Provided is also, an example /etc/pam.d/vsftpd file:

#%PAM-1.0
account    required    pam_listfile.so onerr=fail item=user sense=allow file=/etc/vsftpd.user_list
account    required    pam_unix.so
auth       required    pam_unix.so

And all of a sudden, it works.

I only added one line to the config file, when I was testing things and had enabled the 'anonymous' user, and got a 'directory listing' error. This was also adviced in the troubleshooting section of the same page.

seccomp_sandbox=NO

But I honestly doubt that changed anything for logging in for local users, which was my initial question.

Best Answer

Related Solutions

Centos – VSFTPD 530 Login incorrect

Ftp – Amazon Ec2: Issue with Setting up FTP Server

Related Topic