Debian Jessie vsftpd SSL problem

TLDR: idle_session_timeout must not be zero.

Recently updated Debian server from Wheezy to Jessie left my SSL only vsftpd based FTP access crippled. Total Commander didn’t return any error, but log said:

SSL_read returned -1, SSL_get_error=1
OFFLINE2, error=0
SSL_read returned -1, SSL_get_error=5, ERR_get_error=0
Socket error: 10054

FileZilla returned:

Error:    GnuTLS error -15: An unexpected TLS packet was received.
Error:    Could not connect to server
Status:    Disconnected from server

On the server side in vsftpd log file there was only a successful log-in recorded.

I found many possible solutions to similar errors on the web, but none of them worked for me. First, you should check if non-SSL access is working by turning off force_local_logins_ssl and force_local_data_ssl and ssl_enable. Since that was working for me and no additional error was found in logs I kept looking. In the end I took stock vsftpd config and first enabled SSL. It was working, so I was enabling option by option from my config and this is the option that was problematic:


Other solutions mentioned online that worked for others:

  • allow_writeable_chroot=YES
  • missing file /etc/vsftpd.chroot_list
  • chroot_local_user=YES and ssl_ciphers=HIGH
  • setsebool -P ftp_home_dir 1
  • remove the write rights on the new user’s home directory

Leave a Reply