The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP error over explicit TLS/SSL

Discussion in 'General Discussion' started by imacurious, Jun 11, 2010.

  1. imacurious

    imacurious Member

    Joined:
    Mar 9, 2005
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Was doing some testing with FTP via TL/SSL and came across an error.

    Using
    cPanel 11.25.0-R46156 - WHM 11.25.0 - X 3.9
    CENTOS 5.5 x86_64 standard

    and

    Filezilla v3.3.2.1 linked against GnuTLS 2.8.3

    -----------------
    FileZilla connection defined as:
    FTPES - FTP over explict TLS/SSL
    all other connection parameters are default

    The domain the user is attempting to make the secure ftp connection to does NOT have shell access. I don't want to enable shell access for this account for security reasons, hence the testing with TLS/SSL.

    --------------------------

    FileZilla posts the following during the connection attempt:

    Status: Resolving address of ftp.abcdef.com
    Status: Connecting to 207.xxx.xxx.xxx:21...
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 1 of 50 allowed.
    Response: 220-Local time is now 15:17. Server port: 21.
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command: AUTH TLS
    Response: 234 AUTH TLS OK.
    Status: Initializing TLS...
    Status: Verifying certificate...
    Command: USER accounttest@abcdef.com
    Status: TLS/SSL connection established.
    Response: 331 User accounttest@abcdef.com OK. Password required
    Command: PASS ****
    Response: 230-User accounttest@abcdef.com has group access to: [redacted]
    Response: 230 OK. Current restricted directory is /
    Command: SYST
    Response: 215 UNIX Type: L8
    Command: FEAT
    Response: 211-Extensions supported:
    Response: EPRT
    Response: IDLE
    Response: MDTM
    Response: SIZE
    Response: REST STREAM
    Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
    Response: MLSD
    Response: AUTH TLS
    Response: PBSZ
    Response: PROT
    Response: ESTA
    Response: PASV
    Response: EPSV
    Response: SPSV
    Response: ESTP
    Response: 211 End.
    Command: PBSZ 0
    Response: 200 PBSZ=0
    Command: PROT P
    Response: 200 Data protection level set to "private"
    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Response: 257 "/" is your current location
    Command: TYPE I
    Response: 200 TYPE is now 8-bit binary
    Command: PASV
    Response: 227 Entering Passive Mode (207,210,81,133,26,77)
    Command: MLSD
    Error: GnuTLS error -53: Error in the push function.
    Error: Connection timed out
    Error: Failed to retrieve directory listing

    Looking for some clue as to where (Filezilla? Cpanel?) and why the above error is occurring.

    Thanks
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Are your passive FTP ports open in pure-ftp.conf and your firewall?

    Also, I hear some people have to actually specific TLS Explicit as the protocol
     
  3. luigidelgado

    luigidelgado Well-Known Member

    Joined:
    Nov 6, 2010
    Messages:
    109
    Likes Received:
    2
    Trophy Points:
    16
    Location:
    Mexico
    cPanel Access Level:
    Root Administrator
    Twitter:
    Did you find a solution for this? Im having the same issue.

    thank you!!
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Do you have a firewall running? If so, try taking the firewall down to see the results. If it works when the firewall is down, then the firewall doesn't have the ports opened properly for TLS.

    If you can post your same FileZilla version, FileZilla settings (ensure you are using FTPES for the TLS type in FileZilla), and the FTP log for the connection where it is having the error.
     
  5. luigidelgado

    luigidelgado Well-Known Member

    Joined:
    Nov 6, 2010
    Messages:
    109
    Likes Received:
    2
    Trophy Points:
    16
    Location:
    Mexico
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi.
    Well we are running this ono a secured server, so anything out of port 80 and for DNS is closed to the world, We are trying to find out the best way to give some users access to some ftp folders.

    Would it be better to have Active FTP mode? would it be easyer to configure in WHM?
     
  6. luigidelgado

    luigidelgado Well-Known Member

    Joined:
    Nov 6, 2010
    Messages:
    109
    Likes Received:
    2
    Trophy Points:
    16
    Location:
    Mexico
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sorry my filezilla is 3.3.5.1, the error us the same, after TLS auth it wont find the port... Yes it is the ports situation but how may I configure or reduce the ports to be used or how may I use only one port (active). What I dont understand of Active mode is if the port will always be the same in the server?
     
  7. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    IF you're running PureFTP, edit /etc/pure-ftpd.conf and set:

    PassivePortRange 30000 35000

    Whatever range you picked needs to be open in the firewal along with port 21, for this to work.
     
  8. luigidelgado

    luigidelgado Well-Known Member

    Joined:
    Nov 6, 2010
    Messages:
    109
    Likes Received:
    2
    Trophy Points:
    16
    Location:
    Mexico
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thank you Vanessa, I have solved this opening a range of 10 ports. it Worked. Thank you.
     
Loading...

Share This Page