Environment
- Red Hat Enterprise Linux 6/7
- vsftpd
Issue
- Not able to login to vsftpd with a valid login and password
# ftp localhost
Trying ::1...
Connected to localhost (::1).
220 (vsFTPd 3.0.2)
Name (localhost:root): test
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp>
Resolution
Here could be 2 possible solutions:
1) Change user’s shell to one listed in /etc/shells
[root@localhost ~]# usermod -s /bin/bash test
2) Include user’s shell in /etc/shells file
[root@localhost ~]# cat /etc/shells
/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
[root@localhost ~]# echo /bin/ksh >> /etc/shells
Root Cause
vsftpd’s PAM module (pam_shells.so) checks if the user is using a valid shell
# cat /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
Diagnostic Steps
1) check user’s shell
[root@localhost ~]# getent passwd test
test:x:1000:1000::/home/test:/bin/ksh
2) check the shells list /etc/shells
[root@localhost ~]# cat /etc/shells
/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
[root@localhost ~]#
Technical Blog for System Administrator 