Internet Services from KKoncepts

We use the vsftpd FTP server to give our clients FTP access for uploading to their web sites. But being the paranoid types that we are, we require everything to be encrypted. So you need an FTP client which can do FTPES - FTP with Explicit SSL/TLS. We recommend FileZilla, but any client which can do FTPES will work.

Occasionally, however, the client's username and password will be accepted, but then FileZilla will report the following error and close the connection:Error: GnuTLS error -8: A record packet with illegal version was received.

Turns out this has nothing to do with Encryption. The problem is that vsftpd is reporting an error with this account, but sending it in plain text. The FTP client expects encrypted content but doesn't get it, hence the error about encryption rather than the actual error message.

To see what the real problem is, you'll probably need enable some more verbose logging in vsftpd. Check out "man vsftpd.conf" to see your options. Commonly (for us at least), it's a configuration error - the user's "local_root" directory doesn't exist or has the wrong permissions, the "guest_username" item is mis-spelled; you get the idea. Check your configuration carefully.

If you still can't figure out what the problem is, then you'll need to run tcpdump, wireshark, etc. to actually sniff the connection. Since the error message is in plain text, you'll see it at the end of all the encrypted traffic right before FileZilla drops the connection and reports the GnuTLS error.