Hi, My ftp dont work when I try to connect using explict tls, it works well with plain logins. I want to disable all plain ftp to avoid possible attacks. Code: [22:08:31] [L] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- [22:08:31] [L] 220-You are user number 17 of 1000 allowed. [22:08:31] [L] 220-Local time is now 22:08. Server port: 21. [22:08:31] [L] 220-This is a private system - No anonymous login [22:08:31] [L] 220 You will be disconnected after 15 minutes of inactivity. [22:08:31] [L] AUTH SSL [22:08:50] [L] Network Error (10054): Connection reset by peer [22:08:51] [L] Connection failed (Connection closed by server)
Pure-FTP will only authenticate secure FTPS TLS connections. Which FTP client you using ? Did you let the script generate a password for you or set your own ? Did you make sure to enable explicit TLS/SSL mode and enable PASV passive mode like in 1st post here. Which FTP client ? As not all FTP clients support FTP explicit TLS/SSL mode only clients listed at bottom of this post. If you are having trouble with logging in using the generated pure-ftpd username and password, you can try changing the password for the pure-ftpd username with instructions outlined at Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS Check if you're ISP IP address is being blocked by CSF Firewall. See FAQ items 40 & 41. You can read up on pure-ftpd virtual ftp user setup at Pure-FTPD Virtual FTP Users ilezilla Exampl with transfer settings set passive mode with Host = your server ip Filezilla settings Screenshots at Nginx - How to create FTP account for an domain? | Centmin Mod Community
i'm using filezilla to test, i've changed the password by myself, Im using the user who centmin created with domain, also i stopped csf to see if it is the problem. Ill try remove and readd the user to see what happen Code: Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 4 of 1000 allowed. Response: 220-Local time is now 23:05. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Error: Could not connect to server Code: Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 7 of 1000 allowed. Response: 220-Local time is now 23:08. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Status: Plain FTP is insecure. Please switch to FTP over TLS. Command: USER user Response: 421-Sorry, cleartext sessions and weak ciphers are not accepted on this server. Response: 421 Please reconnect using TLS security mechanisms. Error: Could not connect to server
if you stop CSF Firewall, pure-ftpd FTP won't work as it needs passive port whitelisting to allow FTP over TLS see how to properly disable FTP over TLS at Pure-FTPD Virtual FTP Users - CentminMod.com LEMP Nginx web stack for CentOS under title How to Disable Pure-FTPD Forced TLS/SSL Encrypted Mode?