Learn about Centmin Mod LEMP Stack today
Become a Member

ftp dont login with ftps

Discussion in 'Other Centmin Mod Installed software' started by Eduardo, Nov 12, 2019.

  1. Eduardo

    Eduardo Member

    36
    3
    8
    Feb 7, 2015
    Ratings:
    +5
    Local Time:
    4:48 PM
    1.7.9
    Hi,

    My ftp dont work when I try to connect using explict tls, it works well with plain logins. I want to disable all plain ftp to avoid possible attacks.

    Code:
    [22:08:31] [L] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    [22:08:31] [L] 220-You are user number 17 of 1000 allowed.
    [22:08:31] [L] 220-Local time is now 22:08. Server port: 21.
    [22:08:31] [L] 220-This is a private system - No anonymous login
    [22:08:31] [L] 220 You will be disconnected after 15 minutes of inactivity.
    [22:08:31] [L] AUTH SSL
    [22:08:50] [L] Network Error (10054): Connection reset by peer
    [22:08:51] [L] Connection failed (Connection closed by server)
    

     
  2. eva2000

    eva2000 Administrator Staff Member

    42,262
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    5:48 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Pure-FTP will only authenticate secure FTPS TLS connections. Which FTP client you using ?
    • Did you let the script generate a password for you or set your own ?
    • Did you make sure to enable explicit TLS/SSL mode and enable PASV passive mode like in 1st post here.
    • Which FTP client ? As not all FTP clients support FTP explicit TLS/SSL mode only clients listed at bottom of this post.
    • If you are having trouble with logging in using the generated pure-ftpd username and password, you can try changing the password for the pure-ftpd username with instructions outlined at Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS
    • Check if you're ISP IP address is being blocked by CSF Firewall. See FAQ items 40 & 41.
    You can read up on pure-ftpd virtual ftp user setup at Pure-FTPD Virtual FTP Users
    ilezilla Exampl with transfer settings set passive mode with Host = your server ip

    Filezilla settings

    Screenshots at Nginx - How to create FTP account for an domain? | Centmin Mod Community
     
  3. eva2000

    eva2000 Administrator Staff Member

    42,262
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    5:48 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    what is verbose FTP log banner displayed for a plain connaction as it shouldn't work
     
  4. Eduardo

    Eduardo Member

    36
    3
    8
    Feb 7, 2015
    Ratings:
    +5
    Local Time:
    4:48 PM
    1.7.9
    i'm using filezilla to test, i've changed the password by myself, Im using the user who centmin created with domain, also i stopped csf to see if it is the problem. Ill try remove and readd the user to see what happen


    Code:
    Status:   Connection established, waiting for welcome message...
    Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:   220-You are user number 4 of 1000 allowed.
    Response:   220-Local time is now 23:05. Server port: 21.
    Response:   220-This is a private system - No anonymous login
    Response:   220-IPv6 connections are also welcome on this server.
    Response:   220 You will be disconnected after 15 minutes of inactivity.
    Command:   AUTH TLS
    Error:   Could not connect to server
    
    Code:
    Status:   Connection established, waiting for welcome message...
    Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:   220-You are user number 7 of 1000 allowed.
    Response:   220-Local time is now 23:08. Server port: 21.
    Response:   220-This is a private system - No anonymous login
    Response:   220-IPv6 connections are also welcome on this server.
    Response:   220 You will be disconnected after 15 minutes of inactivity.
    Status:   Plain FTP is insecure. Please switch to FTP over TLS.
    Command:   USER user
    Response:   421-Sorry, cleartext sessions and weak ciphers are not accepted on this server.
    Response:   421 Please reconnect using TLS security mechanisms.
    Error:   Could not connect to server
    
     
  5. Eduardo

    Eduardo Member

    36
    3
    8
    Feb 7, 2015
    Ratings:
    +5
    Local Time:
    4:48 PM
    1.7.9
    is it right?!?

    Code:
    # Certificate file, for TLS
    
    #CertFile                     /etc/ssl/private/pure-ftpd.pem
    
     
  6. eva2000

    eva2000 Administrator Staff Member

    42,262
    9,550
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,708
    Local Time:
    5:48 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x