Announcement

Collapse
No announcement yet.

[question] Proftpd in SFTP mode

Collapse
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Gimly
    started a topic [question] Proftpd in SFTP mode

    [question] Proftpd in SFTP mode

    Hi All,

    Actually I change all my service to using TLS/SSL. So I want to enable SFTP on proftpd. I enable it in Nodeworx but when I test it, this is the error return in filezilla :

    Status: Connecting to ftp.e4y.fr...
    Response: fzSftp started
    Command: open "ftp@espace4you.com@ftp.e4y.fr" 22
    Command: Pass: **********
    Error: Authentication failed.
    Error: Critical error
    Error: Could not connect to server
    Port 22 is open and running SSH, searching on the iworx forum's but no solution. If you have an idea ? Option to enable it ? specificaly mod ?

    Thank you :)

  • d2d4j
    replied
    Hi Michael

    Please can you try the following, which I thought about last night

    Open port 21 as normal ie reverse any changes to port 21 you may have completed

    In FileZilla, using explicit, set port to 21 and test connection.

    I am thinking it uses port 21 as first connect, then upgrades connection to TLS 1.2

    I'm sorry if I am wrong, it's hard because your logs are not complete as mine are.

    If this does not work for you, I would advise open a support ticket so IW can see what's happening

    Many thanks

    John

    Leave a comment:


  • d2d4j
    replied
    Hi Michael

    Sorry, I have just checked my FTP setup on FileZilla for the test I ran, which was removed from siteworx but not FileZilla and I can confirm it is explicit which works, so my log above is explicit connection.

    Hope that helps

    Many thanks

    John

    Leave a comment:


  • d2d4j
    replied
    Hi Michael

    Many thanks, and please look at my logs at 20.58.13 ssh mod/0.9.8, which I think is OpenSSL 0.9.8.

    Yes, my last log is implicit or explicit, but I'll confirm tommorow.

    As I said, I could be wrong sorry, so I apologise if I'm introducing a red Herron

    Also, looking your log, to me quickly it looks like your tls is trying to use tls 110, so this maybe your issue perhaps

    Have a lovely night yourself

    Many thanks

    John

    Many thanks

    John

    Leave a comment:


  • mdeinhardt
    replied
    Implicit is the older version usually runnning on port 990, that doesn't work at all. But explicit doesn't work for me either. Not sure what you mean by the SSL version (where? the server?).

    But hey, enjoy your beer and have a good night and let's talk tomorrow or whenever you (or someone else?) finds time.

    gn8

    Michael

    Leave a comment:


  • d2d4j
    replied
    Hi Michael

    Sorry, it's late here and I have been onsite at a clients all day with openreach, resolving an issue.

    There is 2 methods, explicit or implicit, one works and one fails, reason is additional tls packets which are not understood.

    With this in mind, if you look at SSL version used, it is 0.9.8 but using tls 1.2, which maybe the issue then, as tls 1.2 requires a higher version of OpenSSL. I'm sure you have read over heartbleed bug.

    I'm sorry, I cannot recall the one which works, but I'll let you know tommorow as I'm going to have a long cold cold beer 😃.

    Many thanks

    John

    Leave a comment:


  • mdeinhardt
    replied
    Rereading your answer I stumbled over "explicit does not appear to work". It works or you, doesn't it?

    Leave a comment:


  • mdeinhardt
    replied
    my log looks the same up to MSLD, but then the error occurs...

    Befehl: MLSD
    Trace: CTransferSocket::OnConnect
    Trace: CTlsSocket::Handshake()
    Trace: Trying to resume existing TLS session.
    Trace: CTlsSocket::ContinueHandshake()
    Trace: CTlsSocket::Failure(-110, 106)
    Fehler: GnuTLS error -110: The TLS connection was non-properly terminated.
    Status: Server hat die TLS-Verbindung nicht ordnungsgemäß geschlossen
    Trace: CTransferSocket::TransferEnd(3)
    Trace: CFtpControlSocket::TransferEnd()
    Fehler: Zeitüberschreitung der Verbindung
    Trace: CControlSocket::DoClose(2050)
    Trace: CFtpControlSocket::ResetOperation(2114)
    Trace: CControlSocket::ResetOperation(2114)
    Trace: CFtpControlSocket::ResetOperation(2114)
    Trace: CControlSocket::ResetOperation(2114)
    Fehler: Verzeichnisinhalt konnte nicht empfangen werden
    Trace: CFileZillaEnginePrivate::ResetOperation(2114)
    Trace: CFileZillaEnginePrivate::ResetOperation(0)
    Last edited by mdeinhardt; 07-02-2014, 03:50 PM.

    Leave a comment:


  • mdeinhardt
    replied
    Lol, it took me so long to type, that you beat me to it ;-)

    The cert is working, and the initial connect works too, so it must be some other setting I guess...

    Leave a comment:


  • mdeinhardt
    replied
    Hi John,

    thanks for the input. You are using SFTP, right? Which is fine for myself (and working), but I would like our customers to use FTPES (i.e. FTP through Explicit TLS/SSL), as I don't want to give them shell access.

    I've never used it before though, that's why I am not 100% sure and that's why I asked Roy for that file ;-)

    Cheers,

    Michael

    Leave a comment:


  • d2d4j
    replied
    Hi Michael

    Sorry, please see below for FTPS, however, explicit does not appear to work but I am thinking it is tied in with SSL cert perhaps.

    Many thanks

    John

    21:21:56 Status: Resolving address of ftp.************.co.uk
    21:21:56 Status: Connecting to nnn.nnn.nnn.nnn:21...
    21:21:56 Status: Connection established, waiting for welcome message...
    21:21:56 Trace: CFtpControlSocket::OnReceive()
    21:21:56 Response: 220 FTP Server Ready
    21:21:56 Trace: CFtpControlSocket::SendNextCommand()
    21:21:56 Command: AUTH TLS
    21:21:56 Trace: CFtpControlSocket::OnReceive()
    21:21:56 Response: 234 AUTH TLS successful
    21:21:56 Status: Initializing TLS...
    21:21:56 Trace: CTlsSocket::Handshake()
    21:21:56 Trace: CTlsSocket::ContinueHandshake()
    21:21:56 Trace: CTlsSocket::OnSend()
    21:21:56 Trace: CTlsSocket::OnRead()
    21:21:56 Trace: CTlsSocket::ContinueHandshake()
    21:21:56 Trace: CTlsSocket::OnRead()
    21:21:56 Trace: CTlsSocket::ContinueHandshake()
    21:21:56 Trace: CTlsSocket::OnRead()
    21:21:56 Trace: CTlsSocket::ContinueHandshake()
    21:21:56 Trace: CTlsSocket::OnRead()
    21:21:56 Trace: CTlsSocket::ContinueHandshake()
    21:21:56 Trace: TLS Handshake successful
    21:21:56 Trace: Protocol: TLS1.2, Key exchange: RSA, Cipher: AES-256-GCM, MAC: AEAD
    21:21:56 Status: Verifying certificate...
    21:21:56 Trace: CFtpControlSocket::SendNextCommand()
    21:21:56 Command: USER ftpstls@************.co.uk
    21:21:56 Status: TLS/SSL connection established.
    21:21:56 Trace: CTlsSocket::OnRead()
    21:21:56 Trace: CFtpControlSocket::OnReceive()
    21:21:56 Response: 331 Password required for ftpstls@************.co.uk
    21:21:56 Trace: CFtpControlSocket::SendNextCommand()
    21:21:56 Command: PASS **********
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 230 User ftpstls@************.co.uk logged in
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Command: SYST
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 215 UNIX Type: L8
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Command: FEAT
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 211-Features:
    21:21:59 Response: MDTM
    21:21:59 Response: MFMT
    21:21:59 Response: TVFS
    21:21:59 Response: AUTH TLS
    21:21:59 Response: MFF modify;UNIX.group;UNIX.mode;
    21:21:59 Response: MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX .mode*;UNIX.owner*;
    21:21:59 Response: PBSZ
    21:21:59 Response: PROT
    21:21:59 Response: REST STREAM
    21:21:59 Response: SIZE
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 211 End
    21:21:59 Status: Server does not support non-ASCII characters.
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Command: PBSZ 0
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 200 PBSZ 0 successful
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Command: PROT P
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 200 Protection set to Private
    21:21:59 Status: Connected
    21:21:59 Trace: CFtpControlSocket::ResetOperation(0)
    21:21:59 Trace: CControlSocket::ResetOperation(0)
    21:21:59 Trace: CFileZillaEnginePrivate::ResetOperation(0)
    21:21:59 Trace: Measured latency of 403 ms
    21:21:59 Status: Retrieving directory listing...
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Trace: CFtpControlSocket::ChangeDirSend()
    21:21:59 Command: PWD
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 257 "/" is the current directory
    21:21:59 Trace: CFtpControlSocket::ResetOperation(0)
    21:21:59 Trace: CControlSocket::ResetOperation(0)
    21:21:59 Trace: CFtpControlSocket::ParseSubcommandResult(0)
    21:21:59 Trace: CFtpControlSocket::ListSubcommandResult()
    21:21:59 Trace: state = 1
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Trace: CFtpControlSocket::TransferSend()
    21:21:59 Trace: state = 1
    21:21:59 Command: TYPE I
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 200 Type set to I
    21:21:59 Trace: CFtpControlSocket::TransferParseResponse()
    21:21:59 Trace: code = 2
    21:21:59 Trace: state = 1
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Trace: CFtpControlSocket::TransferSend()
    21:21:59 Trace: state = 2
    21:21:59 Command: PASV
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,195,235).
    21:21:59 Trace: CFtpControlSocket::TransferParseResponse()
    21:21:59 Trace: code = 2
    21:21:59 Trace: state = 2
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Trace: CFtpControlSocket::TransferSend()
    21:21:59 Trace: state = 4
    21:21:59 Command: MLSD
    21:21:59 Trace: CTransferSocket::OnConnect
    21:21:59 Trace: CTlsSocket::Handshake()
    21:21:59 Trace: Trying to resume existing TLS session.
    21:21:59 Trace: CTlsSocket::ContinueHandshake()
    21:21:59 Trace: CTlsSocket::OnSend()
    21:21:59 Trace: CTlsSocket::OnSend()
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CTlsSocket::ContinueHandshake()
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 150 Opening ASCII mode data connection for MLSD
    21:21:59 Trace: CFtpControlSocket::TransferParseResponse()
    21:21:59 Trace: code = 1
    21:21:59 Trace: state = 4
    21:21:59 Trace: CFtpControlSocket::SendNextCommand()
    21:21:59 Trace: CFtpControlSocket::TransferSend()
    21:21:59 Trace: state = 5
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CTlsSocket::ContinueHandshake()
    21:21:59 Trace: TLS Handshake successful
    21:21:59 Trace: TLS Session resumed
    21:21:59 Trace: Protocol: TLS1.2, Key exchange: RSA, Cipher: AES-256-GCM, MAC: AEAD
    21:21:59 Trace: CTransferSocket::OnConnect
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CTransferSocket::OnReceive(), m_transferMode=0
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CTransferSocket::OnReceive(), m_transferMode=0
    21:21:59 Trace: CTransferSocket::TransferEnd(1)
    21:21:59 Trace: CFtpControlSocket::TransferEnd()
    21:21:59 Trace: CTlsSocket::OnRead()
    21:21:59 Trace: CFtpControlSocket::OnReceive()
    21:21:59 Response: 226 Transfer complete
    21:21:59 Trace: CFtpControlSocket::TransferParseResponse()
    21:21:59 Trace: code = 2
    21:21:59 Trace: state = 7
    21:21:59 Trace: CFtpControlSocket::ResetOperation(0)
    21:21:59 Trace: CControlSocket::ResetOperation(0)
    21:21:59 Trace: CFtpControlSocket::ParseSubcommandResult(0)
    21:21:59 Trace: CFtpControlSocket::ListSubcommandResult()
    21:21:59 Trace: state = 3
    21:21:59 Trace: CFtpControlSocket::ResetOperation(0)
    21:21:59 Trace: CControlSocket::ResetOperation(0)
    21:21:59 Status: Directory listing successful
    21:21:59 Trace: CFileZillaEnginePrivate::ResetOperation(0)

    Leave a comment:


  • d2d4j
    replied
    Hi Michael

    I hope you don't mind, but please see our 2 logs from Filezilla. I'm sorry, we do not use total commander.

    I'm sure you have seen it already, but you appear to be trying to use TLS 110, and I think you set the ports in Nodeworx, system services, FTP, but I could be wrong sorry, as I have only read your post quickly.

    I hope iy helps a little

    Many thanks

    John

    NORMAL LOG

    20:56:29 Status: Connecting to ftp.************.co.uk:24...
    20:56:29 Response: fzSftp started
    20:56:29 Command: open "testsftp@************.co.uk@ftp.************.co.u k" 24
    20:56:30 Command: Pass: **********
    20:56:32 Status: Connected to ftp.************.co.uk
    20:56:32 Status: Retrieving directory listing...
    20:56:32 Command: pwd
    20:56:32 Response: Current directory is: "/"
    20:56:32 Command: ls
    20:56:32 Status: Listing directory /
    20:56:32 Status: Directory listing successful
    20:57:13 Status: Disconnected from server

    DEBUG LOG

    20:58:13 Status: Connecting to ftp.************.co.uk:24...
    20:58:13 Trace: Going to execute "\FileZilla FTP Client\fzsftp.exe"
    20:58:13 Response: fzSftp started
    20:58:13 Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started)
    20:58:13 Trace: CSftpControlSocket::SendNextCommand()
    20:58:13 Trace: CSftpControlSocket::ConnectSend()
    20:58:13 Command: open "testsftp@************.co.uk@ftp.************.co.u k" 24
    20:58:13 Trace: Looking up host "ftp.************.co.uk"
    20:58:13 Trace: Connecting to nnn.nnn.nnn.nnn port 24
    20:58:13 Trace: Server version: SSH-2.0-mod_sftp/0.9.8
    20:58:13 Trace: Using SSH protocol version 2
    20:58:13 Trace: We claim version: SSH-2.0-PuTTY_Local:_Jun__1_2014_11:08:49
    20:58:13 Trace: Doing Diffie-Hellman group exchange
    20:58:13 Trace: Doing Diffie-Hellman key exchange with hash SHA-256
    20:58:14 Trace: Host key fingerprint is:
    20:58:14 Trace: ssh-rsa 2048 *******************************************
    20:58:14 Trace: Initialised AES-256 SDCTR client->server encryption
    20:58:14 Trace: Initialised HMAC-SHA1 client->server MAC algorithm
    20:58:14 Trace: Initialised AES-256 SDCTR server->client encryption
    20:58:14 Trace: Initialised HMAC-SHA1 server->client MAC algorithm
    20:58:14 Command: Pass: **********
    20:58:14 Trace: Sent password
    20:58:16 Trace: Access granted
    20:58:16 Trace: Opened channel for session
    20:58:16 Trace: Started a shell/command
    20:58:16 Status: Connected to ftp.************.co.uk
    20:58:16 Trace: CSftpControlSocket::ConnectParseResponse()
    20:58:16 Trace: CSftpControlSocket::ResetOperation(0)
    20:58:16 Trace: CControlSocket::ResetOperation(0)
    20:58:16 Trace: CFileZillaEnginePrivate::ResetOperation(0)
    20:58:16 Status: Retrieving directory listing...
    20:58:16 Trace: CSftpControlSocket::SendNextCommand()
    20:58:16 Trace: CSftpControlSocket::ChangeDirSend()
    20:58:16 Command: pwd
    20:58:16 Response: Current directory is: "/"
    20:58:16 Trace: CSftpControlSocket::ResetOperation(0)
    20:58:16 Trace: CControlSocket::ResetOperation(0)
    20:58:16 Trace: CSftpControlSocket::ParseSubcommandResult(0)
    20:58:16 Trace: CSftpControlSocket::ListSubcommandResult()
    20:58:16 Trace: state = 1
    20:58:16 Trace: CSftpControlSocket::ResetOperation(0)
    20:58:16 Trace: CControlSocket::ResetOperation(0)
    20:58:16 Status: Directory listing successful
    20:58:16 Trace: CFileZillaEnginePrivate::ResetOperation(0)

    Leave a comment:


  • mdeinhardt
    replied
    Hmm, I can't get this to work. I am trying to connect with Total Commander and get this

    230 User xxx@xxxx.xxx logged in
    SYST
    215 UNIX Type: L8
    FEAT
    211-Features:
    MDTM
    MFMT
    TVFS
    AUTH TLS
    MFF modify;UNIX.group;UNIX.mode;
    MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX .mode*;UNIX.owner*;
    PBSZ
    PROT
    REST STREAM
    SIZE
    211 End
    PBSZ 0
    200 PBSZ 0 successful
    PROT P
    200 Protection set to Private
    OPTS UTF8 ON
    500 OPTS UTF8 not understood
    Connect ok!
    PWD
    257 "/" is the current directory
    Verzeichnis einlesen
    TYPE A
    200 Type set to A
    PORT 192,168,11,12,221,235
    500 Illegal PORT command
    PASV
    227 Entering Passive Mode (xxx,xxx,xxx,xxx,197,38).
    MLSD
    SSL data connection error: 5, ERR_get_error=0
    ABOR
    In Filezilla this happens:

    Befehl: AUTH TLS
    Antwort: 234 AUTH TLS successful
    Status: Initialisiere TLS...
    Status: Überprüfe Zertifikat...
    Befehl: USER xxx@xxxxx.xxx
    Status: TLS/SSL-Verbindung hergestellt.
    Antwort: 331 Password required for xxx@xxxxx.xxx
    Befehl: PASS **********
    Antwort: 230 User xxx@xxxxx.xxx logged in
    Status: Der Server unterstützt keine Nicht-ASCII-Zeichen.
    Befehl: PBSZ 0
    Antwort: 200 PBSZ 0 successful
    Befehl: PROT P
    Antwort: 200 Protection set to Private
    Status: Verbunden
    Status: Empfange Verzeichnisinhalt...
    Befehl: PWD
    Antwort: 257 "/" is the current directory
    Befehl: TYPE I
    Antwort: 200 Type set to I
    Befehl: PASV
    Antwort: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,198,191).
    Befehl: MLSD
    Fehler: GnuTLS error -110: The TLS connection was non-properly terminated.
    Status: Server hat die TLS-Verbindung nicht ordnungsgemäß geschlossen
    Fehler: Transferverbindung unterbrochen: ECONNABORTED - Connection aborted
    Fehler: Zeitüberschreitung der Verbindung
    Fehler: Verzeichnisinhalt konnte nicht empfangen werden
    Also, where and how would I set the ports for FTPS? Shouldn't they be 989 and 990?

    Thanks

    Michael

    Leave a comment:


  • R-n-R
    replied
    Originally posted by mdeinhardt View Post
    Do you still have that post somewhere? Would save me some time.. ;-)
    I am sorry but I no longer have that list. I had gotten so busy I never were able to finish that list. Our business model changed and of course that link is no broken. Hopefully someone else might of created a list, even today it would be very useful.

    Leave a comment:


  • mdeinhardt
    replied
    Originally posted by R-n-R View Post
    I have made a post with links to some of the more popular FTP clients and FTP Client settings needed to connect via FTPES.
    Do you still have that post somewhere? Would save me some time.. ;-)

    Leave a comment:

Working...
X