Actually I change all my service to using TLS/SSL. So I want to enable SFTP on proftpd. I enable it in Nodeworx but when I test it, this is the error return in filezilla :
Status: Connecting to ftp.e4y.fr…
Response: fzSftp started
Command: open “ftp@espace4you.com@ftp.e4y.fr” 22
Command: Pass: **********
Error: Authentication failed.
Error: Critical error
Error: Could not connect to server
Port 22 is open and running SSH, searching on the iworx forum’s but no solution. If you have an idea ? Option to enable it ? specificaly mod ?
You probably want to try and connect via FTPES instead of SFTP in Filezilla to utilize encrypted FTP TLS/SSL transmission with the SiteWorx FTP accounts.
SFTP in Filezilla is for FTP over the SSH protocol which I believe only works with unix shell accounts.
You probably want to try and connect via FTPES instead of SFTP in Filezilla to utilize encrypted FTP TLS/SSL transmission with the SiteWorx FTP accounts.
SFTP in Filezilla is for FTP over the SSH protocol which I believe only works with unix shell accounts.[/QUOTE]
I agree with Dan, recently activated TLS/SSL, didn’t really want to offer SFTP (Shell Access) via port 22. So we are having all our clients FTP using FTPES over PORT 21 (optional at the moment but mandatory in the future), as mentioned above, Filezilla works great (although I have heard that the FTPES connections details in Filezilla are encrpted on your local PC, haven’t confirmed this yet. In SmartFTP you will need to select ‘FTP over SSL (Explicit)’, and in Ipswitch WS_FTP Professional (v12) you will need to select Server type 'FTP/SSL [AUTH SSL]
I am sorry but I no longer have that list. I had gotten so busy I never were able to finish that list. Our business model changed and of course that link is no broken. Hopefully someone else might of created a list, even today it would be very useful.
Hmm, I can’t get this to work. I am trying to connect with Total Commander and get this
230 User xxx@xxxx.xxx logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
MDTM
MFMT
TVFS
AUTH TLS
MFF modify;UNIX.group;UNIX.mode;
MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
PBSZ
PROT
REST STREAM
SIZE
211 End
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
OPTS UTF8 ON
500 OPTS UTF8 not understood
Connect ok!
PWD
257 “/” is the current directory
Verzeichnis einlesen
TYPE A
200 Type set to A
PORT 192,168,11,12,221,235
500 Illegal PORT command
PASV
227 Entering Passive Mode (xxx,xxx,xxx,xxx,197,38).
MLSD
SSL data connection error: 5, ERR_get_error=0
ABOR
In Filezilla this happens:
Befehl: AUTH TLS
Antwort: 234 AUTH TLS successful
Status: Initialisiere TLS…
Status: ?berpr?fe Zertifikat…
Befehl: USER xxx@xxxxx.xxx
Status: TLS/SSL-Verbindung hergestellt.
Antwort: 331 Password required for xxx@xxxxx.xxx
Befehl: PASS **********
Antwort: 230 User xxx@xxxxx.xxx logged in
Status: Der Server unterst?tzt keine Nicht-ASCII-Zeichen.
Befehl: PBSZ 0
Antwort: 200 PBSZ 0 successful
Befehl: PROT P
Antwort: 200 Protection set to Private
Status: Verbunden
Status: Empfange Verzeichnisinhalt…
Befehl: PWD
Antwort: 257 “/” is the current directory
Befehl: TYPE I
Antwort: 200 Type set to I
Befehl: PASV
Antwort: 227 Entering Passive Mode (xxx,xxx,xxx,xxx,198,191).
Befehl: MLSD
Fehler: GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server hat die TLS-Verbindung nicht ordnungsgem?? geschlossen
Fehler: Transferverbindung unterbrochen: ECONNABORTED - Connection aborted
Fehler: Zeit?berschreitung der Verbindung
Fehler: Verzeichnisinhalt konnte nicht empfangen werden
Also, where and how would I set the ports for FTPS? Shouldn’t they be 989 and 990?
I hope you don’t mind, but please see our 2 logs from Filezilla. I’m sorry, we do not use total commander.
I’m sure you have seen it already, but you appear to be trying to use TLS 110, and I think you set the ports in Nodeworx, system services, FTP, but I could be wrong sorry, as I have only read your post quickly.
I hope iy helps a little
Many thanks
John
NORMAL LOG
20:56:29 Status: Connecting to ftp..co.uk:24…
20:56:29 Response: fzSftp started
20:56:29 Command: open "testsftp@.co.uk@ftp..co.uk" 24
20:56:30 Command: Pass: **********
20:56:32 Status: Connected to ftp..co.uk
20:56:32 Status: Retrieving directory listing…
20:56:32 Command: pwd
20:56:32 Response: Current directory is: “/”
20:56:32 Command: ls
20:56:32 Status: Listing directory /
20:56:32 Status: Directory listing successful
20:57:13 Status: Disconnected from server
DEBUG LOG
20:58:13 Status: Connecting to ftp..co.uk:24…
20:58:13 Trace: Going to execute “\FileZilla FTP Client\fzsftp.exe”
20:58:13 Response: fzSftp started
20:58:13 Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started)
20:58:13 Trace: CSftpControlSocket::SendNextCommand()
20:58:13 Trace: CSftpControlSocket::ConnectSend()
20:58:13 Command: open "testsftp@.co.uk@ftp..co.uk" 24
20:58:13 Trace: Looking up host "ftp..co.uk"
20:58:13 Trace: Connecting to nnn.nnn.nnn.nnn port 24
20:58:13 Trace: Server version: SSH-2.0-mod_sftp/0.9.8
20:58:13 Trace: Using SSH protocol version 2
20:58:13 Trace: We claim version: SSH-2.0-PuTTY_Local:_Jun__1_2014_11:08:49
20:58:13 Trace: Doing Diffie-Hellman group exchange
20:58:13 Trace: Doing Diffie-Hellman key exchange with hash SHA-256
20:58:14 Trace: Host key fingerprint is:
20:58:14 Trace: ssh-rsa 2048 *******************************************
20:58:14 Trace: Initialised AES-256 SDCTR client->server encryption
20:58:14 Trace: Initialised HMAC-SHA1 client->server MAC algorithm
20:58:14 Trace: Initialised AES-256 SDCTR server->client encryption
20:58:14 Trace: Initialised HMAC-SHA1 server->client MAC algorithm
20:58:14 Command: Pass: **********
20:58:14 Trace: Sent password
20:58:16 Trace: Access granted
20:58:16 Trace: Opened channel for session
20:58:16 Trace: Started a shell/command
20:58:16 Status: Connected to ftp.************.co.uk
20:58:16 Trace: CSftpControlSocket::ConnectParseResponse()
20:58:16 Trace: CSftpControlSocket::ResetOperation(0)
20:58:16 Trace: CControlSocket::ResetOperation(0)
20:58:16 Trace: CFileZillaEnginePrivate::ResetOperation(0)
20:58:16 Status: Retrieving directory listing…
20:58:16 Trace: CSftpControlSocket::SendNextCommand()
20:58:16 Trace: CSftpControlSocket::ChangeDirSend()
20:58:16 Command: pwd
20:58:16 Response: Current directory is: “/”
20:58:16 Trace: CSftpControlSocket::ResetOperation(0)
20:58:16 Trace: CControlSocket::ResetOperation(0)
20:58:16 Trace: CSftpControlSocket::ParseSubcommandResult(0)
20:58:16 Trace: CSftpControlSocket::ListSubcommandResult()
20:58:16 Trace: state = 1
20:58:16 Trace: CSftpControlSocket::ResetOperation(0)
20:58:16 Trace: CControlSocket::ResetOperation(0)
20:58:16 Status: Directory listing successful
20:58:16 Trace: CFileZillaEnginePrivate::ResetOperation(0)
thanks for the input. You are using SFTP, right? Which is fine for myself (and working), but I would like our customers to use FTPES (i.e. FTP through Explicit TLS/SSL), as I don’t want to give them shell access.
I’ve never used it before though, that’s why I am not 100% sure and that’s why I asked Roy for that file
Sorry, it’s late here and I have been onsite at a clients all day with openreach, resolving an issue.
There is 2 methods, explicit or implicit, one works and one fails, reason is additional tls packets which are not understood.
With this in mind, if you look at SSL version used, it is 0.9.8 but using tls 1.2, which maybe the issue then, as tls 1.2 requires a higher version of OpenSSL. I’m sure you have read over heartbleed bug.
I’m sorry, I cannot recall the one which works, but I’ll let you know tommorow as I’m going to have a long cold cold beer .
Implicit is the older version usually runnning on port 990, that doesn’t work at all. But explicit doesn’t work for me either. Not sure what you mean by the SSL version (where? the server?).
But hey, enjoy your beer and have a good night and let’s talk tomorrow or whenever you (or someone else?) finds time.
Sorry, I have just checked my FTP setup on FileZilla for the test I ran, which was removed from siteworx but not FileZilla and I can confirm it is explicit which works, so my log above is explicit connection.
.