ftp secure connections

[Radio_Head]

Hello

My clients want to connect to ftp using an encrypt connection for commands and data .

Anyone knows how to offer ftp secure connections to users ?.

Thank you!

[ciphervendor]

I use ProFTP and cPanel recently added the ability to use TLS to connect to the machine. I would suggest that you have your client consider TLS over SSL and enable TLS in their FTP client. Further to this, cPanel doesn't verify the authenticity of the client certificate, so you can either use a fake one or try to connect without one.

cPanel.net Support Ticket Number:

[Radio_Head]

Originally posted by ciphervendor
I use ProFTP and cPanel recently added the ability to use TLS to connect to the machine. I would suggest that you have your client consider TLS over SSL and enable TLS in their FTP client. Further to this, cPanel doesn't verify the authenticity of the client certificate, so you can either use a fake one or try to connect without one.

cPanel.net Support Ticket Number:

i use proftp too , however is the first time I read about TLS .
How to connect with TLS ? I use WsFTP and there is no menu regarding TLS ...

Thank you!!

cPanel.net Support Ticket Number:

[ciphervendor]

I don't use wsFTP, but rather an awesome alternative...smartftp.com

Once you install smart ftp, you can go into the options and configure the ftp client to detect and connect via TLS.

cPanel.net Support Ticket Number:

[Radio_Head]

tls use a particular port to connect ? Or use always port 21 ?
I am trying to use smartftp but I am not able to connect using tls ...

Thank you!

cPanel.net Support Ticket Number:

[annamarie]

Hello Radio_Head!

Have you solved your tls/smartftp problem yet?

I connect with smartftp and tls to my cpanel box running proftpd 1.2.8

In smartftp you still use port 21.
In settings - connection - ssl - set AUTH mode to TLS, data connection mode Private and tick Use client cert.

Also, make sure next to your ftp address click the icon next to "address" and select "FTP over SSL explicit"

Thats it!

cPanel.net Support Ticket Number:

[Radio_Head]

Thank you Annamarie .


However I have still problems to connect .

I have proftpd-1.2.8tls-2_linuxprivs on my box , and it should be ok .

I followed your instructions step by step but I receive

220 ProFTPD 1.2.8 Server (ftp.mybox) [my_ip]
AUTH TLS
500 AUTH not understood



on my proftpd.conf file I have this

<IfModule mod_tls.c>
TLSEngine on
TLSProtocol TLSv1
TLSRequired off
TLSRSACertificateFile /etc/ftpd-rsa.pem
TLSRSACertificateKeyFile /etc/ftpd-rsa-key.pem
TLSVerifyClient off
</IfModule>


All seems ok ,...argh.. , why is it not working on my box ?

[annamarie]

Hi Radio Head,

your proftpd.conf file looks the same as mine.

Do you have the files /etc/ftpd-rsa.pem /etc/ftpd-rsa-key.pem on your box? I have them and they are dated Aug17.

BTW i am running WHM 7.4.2 cPanel 7.4.2-S82
RedHat 7.3 - WHM X v2.1

I just checked in SmrtFTP and I can also connect not only through TLS, but TLS-C TLS-P and SSL.

eg

220 ProFTPD 1.2.8 Server (ProFTPD) [xx.xx.net]
AUTH SSL
234 AUTH SSL successful
Connected. Exchanging encryption keys...
Session Cipher: 128 bit RC4
SSL encrypted session established.
PBSZ 0
200 PBSZ 0 successful


FYI:
# locate mod_tls.c
/root/installd/buildapache/apache_1.3.27/src/os/netware/mod_tls.c
/home/cpapachebuild/buildapache/apache_1.3.28/src/os/netware/mod_tls.c

Hope this helps

cPanel.net Support Ticket Number:

[Radio_Head]

Hi Annamarie

I have mod_tls.c only on
/home/cpapachebuild/buildapac~pache_1.3.28/src/os/netware/

probably I will have to execute a /scripts/easyapache to fix the problem .


Thanks a lot

[Radio_Head]

nothing to do ... execute /scripts/easyapache but I still cannot connect using tls ...

cPanel.net Support Ticket Number:

[NeutralGold]

Originally posted by Radio_Head
anyone can help ?

cPanel.net Support Ticket Number:

If I'm not mistakin you will need to generate a key for this? It uses an ssl key I believe because it allows me to connect to one of my site's that has an ssl key and the other's it won't.

cPanel.net Support Ticket Number:

[annamarie]

I think NeutralGold is right, I have a self signed cert on my main domain, same ip as the sites I am ftping to.

cPanel.net Support Ticket Number:

[jamesbond]

Originally posted by Radio_Head

AUTH mode > TLS
Data Connection mode > Private
Client Certificate > Disable (I tried also Enable and creating a cert with the wizard)

And I connect using explicit SSL .

But , nothing to do , always "500 AUTH not understood"

I tried it and I get the same error.

I'm running proftpd-1.2.8tls-2_linuxprivs

cPanel.net Support Ticket Number:

[Radio_Head]

I opened a ticket and I received this

========
[cPanel tickets ID# 22672] Re:
Ok this is a known issue I have been informed, The developers are now looking into it.
========

ok

They are working also to permit us to connect
via ftps on port 21 .

cPanel.net Support Ticket Number: 22672

[SigilStudios]

I am also very much interested in this. i had a ticket in for the exact same thing.

What I would realy like is for them to support tls on PureFTPD. Now that would be spiffy.

cPanel.net Support Ticket Number: