Join the community today
Register Now

Connection refused. Curl download from sftp 990 port

Discussion in 'System Administration' started by Yury Davydkin, Mar 18, 2021.

Tags:
  1. Yury Davydkin

    Yury Davydkin New Member

    4
    1
    3
    Mar 18, 2021
    Ratings:
    +1
    Local Time:
    1:33 AM
    Just setup new server, created some hosts with self signed certificates, then used acmetool to create subdomain with LetsEncrypt certificate. But i think is should create hostname and add certificate to server. Because on
    curl -v -k -O ftps://XXXX:yyyy@someftp.com/file.zip
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed
    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* About to connect() to someftp.com port 990 (#0)
    * Trying ...
    0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0* Connection refused
    * Failed connect to someftp.com:990; Connection refused
    * Closing connection 0
    curl: (7) Failed connect to someftp.com:990; Connection refused

    Is there some way to set ssl for whole server? Or im doing something wrong?
    Also maybe somebody more experienced in CentminMod can help to set everything up?
     
  2. eva2000

    eva2000 Administrator Staff Member

    46,427
    10,551
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,371
    Local Time:
    8:33 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    where you getting port 990 from ? you configured that via what method/config file ?

    You using which ftp username/password credentials ? When you create a new nginx vhost via centmin.sh menu option 2, 22 or nv command line, the generated FTP user/pass are for a Pure-ftpd virtual FTP user configured for implicit TLS/SSL for secure FTP Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS

    That isn't same as SFTP which on Centmin Mod, only root user has access to.
     
  3. Yury Davydkin

    Yury Davydkin New Member

    4
    1
    3
    Mar 18, 2021
    Ratings:
    +1
    Local Time:
    1:33 AM
    Im trying to connect from new server (Centminmod)(A) to another server (B), to download file. 990 port is on external server.
    I connected to Centminmod powered server by SSH and running
    Code (Text):
    curl -v -k -O ftps://XXXX:yyyy@someftp.com/file.zip
    on it, to take files from server B and it says Connection refused. I think its due no valid SSL installed on my server A.
    Also if i try to run on server C (which have SSL)
    Code (Text):
    openssl s_client -connect "Server A"
    

    , it gives
    error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
     
    Last edited: Mar 18, 2021
  4. eva2000

    eva2000 Administrator Staff Member

    46,427
    10,551
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,371
    Local Time:
    8:33 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    In that case you need to whitelist outbound TCP_OUT/TCP6_OUT ports in CSF Firewall's config file at /etc/csf/csf.conf as per CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS and specify/add port 990 to comma separated list for TCP_OUT and TCP6_OUT settings and restart CSF Firewall service. This tells Centmin Mod CSF Firewall to allow output connections from the server to port 990.

    Or specific for only that external IP would be via /etc/csf/csf.allow adding below and restart CSF Firewall service - which tells CSF Firewall to allow outbound TCP connections to destination port 990 and destination server IP 11.22.33.44
    Code (Text):
    tcp|out|d=990|d=11.22.33.44
    
     
  5. Yury Davydkin

    Yury Davydkin New Member

    4
    1
    3
    Mar 18, 2021
    Ratings:
    +1
    Local Time:
    1:33 AM
    Thank you dear eva2000!
    It was CSF Firewall, im added ports and ip to /etc/csf/csf.allow and everything worked!
     
  6. eva2000

    eva2000 Administrator Staff Member

    46,427
    10,551
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,371
    Local Time:
    8:33 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Great to hear :) You have finer grain control via CSF Firewall as to what connects to and from your server :)