VSFTPD FileZilla GnuTLS error -15 (unexpected TLS packet was received)
I had same error after PASS command in CENTOS 7. (GnuTLS error -15: An unexpected TLS packet was received.)
My solution is following:
I had to add following to vsftpd.conf:
allow_writeable_chroot=YES
chroot_local_user=YES
local_root=/ftphome/$USER
user_sub_token=$USER
I am posting this answer in hopes that it might help someone in the future, possibly me, as I suffered solving this problem.
I did not have local_root
in the /etc/vsftpd/vsftpd.conf
file set properly. The setting pointed to a folder, which did not exist.
What through me was that I saw the failure on the password command in FileZilla, so I thought that it did not like the password. What got me thinking in the right direction was that I took the time to research why I was not receiving detailed logs. I received no logs. Once I started receiving debug logs, where I saw the FTP protocols, I saw that the FTP server said OK to the password. Sadly, there was no logging of any kind, but I came across the thought that negotiating the local root would be the next course of action after authenticating the password. I was right and that led me to the problem.
Here is the code fragment in the /etc/vsftpd/vsftpd.conf
file, containing the local root.
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
chroot_local_user=YES
#local_root=/mnt/raid1
local_root=/ftproot
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
Here is how I finally turned on verbose logging, though I will turn that off now to conserve disk space and improve performance.
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=NO
log_ftp_protocol=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
IMHO, I would consider the comment a bug, as xferlog_enable is more than the actual upload and download of files. This property also turns on logging. A Google research proves that log_ftp_protocol=YES
requires xferlog_enable=YES
.