In case you have a Proftpd FTP server and you receive the following error message in your FTP log, it does not necessarily mean that your password is wrong:
Status: Verbinde mit xxx.xxx.xxx.xxx:21...
Status: Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort: 220 FTP Server ready.
Befehl: USER web24
Antwort: 331 Password required for web24
Befehl: PASS ********
Antwort: 530 Login incorrect.
Fehler: Kritischer Fehler
Obviously you need to check on the server if the password is really correct.
The next step is to use proftpd's debugging mode. Stop the daemon and launch the following command:
proftpd -nd6
This command launches proftpd in debug mode, where you can trace everything what happens:
# proftpd -nd6
- using TCP receive buffer size of 87380 bytes
- using TCP send buffer size of 16384 bytes
- disabling runtime support for IPv6 connections
- mod_tls/2.4.2: using OpenSSL 0.9.8o 01 Jun 2010
- <IfModule>: using 'mod_tls.c' section at line 9
ftp.server.ip.address -
ftp.server.ip.address - Config for example.com:
ftp.server.ip.address - Limit
ftp.server.ip.address - DenyGroup
ftp.server.ip.address - DefaultServer
ftp.server.ip.address - ServerIdent
ftp.server.ip.address - ListOptions
ftp.server.ip.address - IdentLookups
ftp.server.ip.address - TimesGMT
ftp.server.ip.address - LangEngine
ftp.server.ip.address - Umask
ftp.server.ip.address - UserID
ftp.server.ip.address - UserName
ftp.server.ip.address - GroupID
ftp.server.ip.address - GroupName
ftp.server.ip.address - TransferLog
ftp.server.ip.address - AllowOverwrite
ftp.server.ip.address - DefaultRoot
ftp.server.ip.address - TLSEngine
ftp.server.ip.address - TLSLog
ftp.server.ip.address - TLSRSACertificateFile
ftp.server.ip.address - TLSRSACertificateKeyFile
ftp.server.ip.address - TLSOptions
ftp.server.ip.address - TLSRequired
ftp.server.ip.address - mod_lang/0.9: skipping possible language 'it': not supported by setlocale(3); see `locale -a'
ftp.server.ip.address - mod_lang/0.9: skipping possible language 'ru': not supported by setlocale(3); see `locale -a'
ftp.server.ip.address - mod_tls/2.4.2: passphrase locked into memory
ftp.server.ip.address - ProFTPD 1.3.3a (maint) (built Sun Nov 13 2011 22:40:44 UTC) standalone mode STARTUP
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - session requested from client in unknown class
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - mod_cap/1.0: adding CAP_AUDIT_WRITE capability
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - mod_ident/1.0: ident lookup disabled
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - connected - local : ftp.server.ip.address:21
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - connected - remote : my.remote.ip.address:52478
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - FTP session opened.
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'USER web24' to mod_rewrite
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'USER web24' to mod_tls
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'USER web24' to mod_core
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'USER web24' to mod_core
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'USER web24' to mod_delay
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'USER web24' to mod_auth
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching CMD command 'USER web24' to mod_auth
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching POST_CMD command 'USER web24' to mod_sql
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching POST_CMD command 'USER web24' to mod_delay
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching LOG_CMD command 'USER web24' to mod_sql
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching LOG_CMD command 'USER web24' to mod_log
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_rewrite
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_sql
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching CMD command 'PASS (hidden)' to mod_auth
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - user 'web24' authenticated by mod_auth_pam.c
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - USER web24 (Login failed): Invalid shell: '/bin/false'
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_sql
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching POST_CMD_ERR command 'PASS (hidden)' to mod_delay
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_sql
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_log
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - dispatching LOG_CMD_ERR command 'PASS (hidden)' to mod_auth
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - mod_tls/2.4.2: scrubbing 1 passphrase from memory
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - FTP session closed.
Yes.. the important line is this one:
ftp.server.ip.address (my.remote.ip.address[my.remote.ip.address]) - USER web24 (Login failed): Invalid shell: '/bin/false'
Either the user web24 needs a valid shell like /bin/bash or the proftpd.conf setting needs the following line:
# grep Shell /etc/proftpd/proftpd.conf
RequireValidShell off
By setting this option, proftpd accepts users without valid shells and will allow the FTP session.
E-sportspelaren from Sweden wrote on Jul 23rd, 2021:
Thanks for this!! The only article ive seen for fixing this problem. Claudio for president!
Nobbi from wrote on Aug 28th, 2013:
My problem has been, that the home-directory of the virtual user wasn't existing; so the access was denied.
I set it to the ftp-root and it works - after hours of googling and trying.
Thanks for your advice ;-)
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder