vsftpd will not accept passwords encrypted with MD5
I am setting up an server with vsftpd to let virtual users access their space. Now it is fully working but only with CRYPT passwords. So
sudo htpasswd -c /etc/vsftpd/ftpd.passwd phpmyadmin
will not allow me to log in, but
sudo htpasswd -c -d /etc/vsftpd/ftpd.passwd phpmyadmin
will.
/etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/vhosts/$USER.universe.local
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd
/etc/pam.d/vsftpd
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd crypt=2
account required pam_permit.so crypt=2
I installed apache2.4.3 from source as well as PHP.
Things I've tried:
- Google a lot
- Set crypt=2
- ask friends
- use SHA (doesn't work either)
- update htpasswd and vsftpd
I have been struggeling with this for a week now, I hope u guys can help me further
Solution 1:
htpasswd generates MD5 hashes in the Apache format, which you can verify by seeing that they start with $apr1$, but PAM only supports formats that your platform's implementation of crypt(3) implements. For Glibc, the equivalent (MD5-based) would be $1$. You just need to generate the passwords with a different tool. Here's an example:
sh$ openssl passwd -1
Password:
Verifying - Password:
$1$vhzHvIYn$2Ro.R0WdLnxrWjHcs5RbA/
You can copy this hash into your ftpd.passwd file in the username:hash format, and it should work.
Solution 2:
Expanding on @bonsaiviking's answer you can generate the openssl md5 password and add it to the ftpd.passwd file in one line using htpasswd's batch mode -b, and plaintext -p options as follows:
htpasswd -c -p -b ftpd.passwd *username* $(openssl passwd -1 -noverify *password*)
The example above (Ubuntu) also creates a new ftpd.passwd file if it doesn't exist using -c