VSFTPD error 530 on fresh install

I need to setup an FTP server and SFTP server on EC2 supporting both password and cert logins. I just used the stock RHEL and Amazon AMI's and I can't login to either.

$ sudo yum install vsftpd
$ sudo adduser someuser
$ sudo passwd someuser

#edit /etc/ssh/sshd_config
PasswordAuthentication yes

#Comment out this line on /etc/pam.d/vsftpd for good measure, read about it elsewhere
#auth       required    pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

$ sudo systemctl start vsftpd

My vsftpd conf is as follows

#edit /etc/vsftpd/vsftpd.conf to disable anon login
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

I do all this, then attempt connecting from another host. SFTP hangs with the error below and I have to Ctrl+C to get sftp to exit.

$ sftp -v -P 21 someuser@ec2host
...
debug1: ssh_exchange_identification: 530 Please login with USER and PASS.

I expect to be prompted for a password and see the users directory! Note: sftp works against port 22 with the regular sshd install. Any idea what I'm doing wrong?


Solution 1:

There seems to be a lot of confusion on the internet between the SSH file transfer client sftp, and FTP with SSL ftps (cf http->https).

vsftpd does not support sftp connections. For ftps connections you would need an SSL key+certificate, and the appropriate configuration eg

rsa_cert_file=/etc/vsftpd/vsftpd.pem
ssl_enable=YES

and then you would need to use an FTP client that supports ftps (eg lftp)

The ProFTPd server has an SFTP module that can be enabled, but it cannot share the same port with regular FTP since it is a completely incompatible protocol. You would need to either run it on a non-standard port, or move openssh server to a nonstandard port to have proftpd listen on port 22.