Learn about Centmin Mod LEMP Stack today
Register Now

ftp dont login with ftps

Discussion in 'Other Centmin Mod Installed software' started by Eduardo, Nov 12, 2019.

  1. Eduardo

    Eduardo Member

    36
    3
    8
    Feb 7, 2015
    Ratings:
    +5
    Local Time:
    2:08 AM
    1.7.9
    Hi,

    My ftp dont work when I try to connect using explict tls, it works well with plain logins. I want to disable all plain ftp to avoid possible attacks.

    Code:
    [22:08:31] [L] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    [22:08:31] [L] 220-You are user number 17 of 1000 allowed.
    [22:08:31] [L] 220-Local time is now 22:08. Server port: 21.
    [22:08:31] [L] 220-This is a private system - No anonymous login
    [22:08:31] [L] 220 You will be disconnected after 15 minutes of inactivity.
    [22:08:31] [L] AUTH SSL
    [22:08:50] [L] Network Error (10054): Connection reset by peer
    [22:08:51] [L] Connection failed (Connection closed by server)
    

     
  2. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    3:08 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Pure-FTP will only authenticate secure FTPS TLS connections. Which FTP client you using ?
    • Did you let the script generate a password for you or set your own ?
    • Did you make sure to enable explicit TLS/SSL mode and enable PASV passive mode like in 1st post here.
    • Which FTP client ? As not all FTP clients support FTP explicit TLS/SSL mode only clients listed at bottom of this post.
    • If you are having trouble with logging in using the generated pure-ftpd username and password, you can try changing the password for the pure-ftpd username with instructions outlined at Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS
    • Check if you're ISP IP address is being blocked by CSF Firewall. See FAQ items 40 & 41.
    You can read up on pure-ftpd virtual ftp user setup at Pure-FTPD Virtual FTP Users
    ilezilla Exampl with transfer settings set passive mode with Host = your server ip

    Filezilla settings

    Screenshots at Nginx - How to create FTP account for an domain? | Centmin Mod Community
     
  3. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    3:08 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    what is verbose FTP log banner displayed for a plain connaction as it shouldn't work
     
  4. Eduardo

    Eduardo Member

    36
    3
    8
    Feb 7, 2015
    Ratings:
    +5
    Local Time:
    2:08 AM
    1.7.9
    i'm using filezilla to test, i've changed the password by myself, Im using the user who centmin created with domain, also i stopped csf to see if it is the problem. Ill try remove and readd the user to see what happen


    Code:
    Status:   Connection established, waiting for welcome message...
    Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:   220-You are user number 4 of 1000 allowed.
    Response:   220-Local time is now 23:05. Server port: 21.
    Response:   220-This is a private system - No anonymous login
    Response:   220-IPv6 connections are also welcome on this server.
    Response:   220 You will be disconnected after 15 minutes of inactivity.
    Command:   AUTH TLS
    Error:   Could not connect to server
    
    Code:
    Status:   Connection established, waiting for welcome message...
    Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:   220-You are user number 7 of 1000 allowed.
    Response:   220-Local time is now 23:08. Server port: 21.
    Response:   220-This is a private system - No anonymous login
    Response:   220-IPv6 connections are also welcome on this server.
    Response:   220 You will be disconnected after 15 minutes of inactivity.
    Status:   Plain FTP is insecure. Please switch to FTP over TLS.
    Command:   USER user
    Response:   421-Sorry, cleartext sessions and weak ciphers are not accepted on this server.
    Response:   421 Please reconnect using TLS security mechanisms.
    Error:   Could not connect to server
    
     
  5. Eduardo

    Eduardo Member

    36
    3
    8
    Feb 7, 2015
    Ratings:
    +5
    Local Time:
    2:08 AM
    1.7.9
    is it right?!?

    Code:
    # Certificate file, for TLS
    
    #CertFile                     /etc/ssl/private/pure-ftpd.pem
    
     
  6. eva2000

    eva2000 Administrator Staff Member

    42,268
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    3:08 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x