Passive mode issue with vsftpd on Ubuntu (EC2)

In your specific case, I see that you have an error 550 which makes me think there is a file permission problem.

In general, the most common cause for PASV mode to fail when vsftpd is running on EC2 is that vsftpd is telling the client to connect to the private IP address of the EC2 instance and the client cannot connect to it, for obvious reasons.

One possible solution is to assign an Elastic IP address to that instance and then tell vsftpd to announce itself with this public IP address (e.g. 1.2.3.4) by adding the following line to vsftpd.conf:

pasv_address=1.2.3.4

Let's take a step back and look at how PASV mode works:

  • Client opens up a command channel by connecting to port 21 on the public IP of the EC2 instance, which is mapped to the private IP of the instance by AWS itself.
  • Client sends a PASV command to EC2 instance on the opened channel
  • vsftpd knows that it's listening on the private IP address of the EC2 instance (the public IP of the instance is managed by AWS and it's not visible from within the instance) and sends a response to the Client which contains the private IP address of the instance and a random port between 12000 and 12100
  • Client attempts to connect to the IP and port provided by vsftpd and fails

With pasv_address you force vsftpd to return the specified ip address when a PASV command is received, instead of trying to guess the IP address.


as @Luca Gibelli said, it's mainly a file permission problem.

Could be better if you posting the file list and check what permissions has.

But I would answer this question in order to provide a small detail about the use pasv_address on EC2

If you using Elastic IP

pasv_address={your public IP address}

otherwise, maybe it's better to use

pasv_addr_resolve={your public domain or DNS}

take a look here: https://www.gosquared.com/blog/fix-ftp-passive-mode-problems-on-amazon-ec2-instances