FTPS and Pure FTP - Working?

myusername

Well-Known Member
PartnerNOC
Mar 6, 2003
693
1
168
chown -R us.*yourbase*
cPanel Access Level
DataCenter Provider
Twitter
I am seeing a lot of old threads on this with conflicting results.

Does anyone know the current state of FTPS and Pure FTP?

I notice in the welcome message from the server is says:

--Welcome To Pure-FTPD[TLS]--

But this is coming from a log in a program that does not support TLS as far as I know. (old WS_FTP LE) So I am assuming the welcome messages is just that, a message and not indicating the connection has performed the TLS handshake.

I tried a newer FTP client built into Firefox which has TLS options available but none of them seem to work on port 21, which was my understanding as how cPanel finally decided to integrate TLS into the ftp daemon.

Anyone have any updated info on this?
 

myusername

Well-Known Member
PartnerNOC
Mar 6, 2003
693
1
168
chown -R us.*yourbase*
cPanel Access Level
DataCenter Provider
Twitter
No, that would be SFTP.

I am talking about FTPs which is FTP over TLS. Completely diffferent from SFTP which is SSH File Transfer Protocol and is pointless to enable on cPanel IMHO since you have to give out a shell or hack it with rssh just to allow access.

Anyways the answer to my own questions is yes thats just a message header and does not mean that one has successfully connected to the FTP server over TLS.
 
Last edited:

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
This is what FTP with TLS/SSL should look like if successful (from a standard cPanel install):

[15:29:35] [R] 220---------- Welcome to Pure-FTPd [TLS] ----------
[15:29:35] [R] 220-You are user number 1 of 50 allowed.
[15:29:35] [R] 220-Local time is now 15:30. Server port: 21.
[15:29:35] [R] 220-This is a private system - No anonymous login
[15:29:35] [R] 220 You will be disconnected after 15 minutes of inactivity.
[15:29:35] [R] AUTH TLS
[15:29:35] [R] 234 AUTH TLS OK.
[15:29:35] [R] Connected. Negotiating TLSv1 session..
[15:29:35] [R] TLSv1 negotiation successful...
[15:29:35] [R] TLSv1 encrypted session using cipher AES256-SHA (256 bits)
I use FlashFXP as my FTP client.
 

internetfab

Well-Known Member
PartnerNOC
Feb 20, 2003
336
0
166
Gothenburg, Sweden
cPanel Access Level
DataCenter Provider
Got some problems myself with FTP over TLS. Seems it times out when it tries to retrieve the listing of files. Anyone know why? See the log below.

Code:
Status:	Connecting to xxxxxx ...
Status:	Connected with xxxxxx, negotiating SSL connection...
Response:	220---------- Welcome to Pure-FTPd [TLS] ----------
Response:	220-You are user number 6 of 50 allowed.
Response:	220-Local time is now 20:42. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	SSL connection established. Waiting for welcome message...
Command:	USER xxxxxx
Response:	331 User xxxxxx OK. Password required
Command:	PASS *********
Response:	230-User xxxxxx has group access to:  xxxxxx
Response:	230 OK. Current restricted directory is /
Command:	FEAT
Response:	211-Extensions supported:
Response:	 EPRT
Response:	 IDLE
Response:	 MDTM
Response:	 SIZE
Response:	 REST STREAM
Response:	 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:	 MLSD
Response:	 ESTP
Response:	 PASV
Response:	 EPSV
Response:	 SPSV
Response:	 ESTA
Response:	 AUTH TLS
Response:	 PBSZ
Response:	 PROT
Response:	211 End.
Command:	SYST
Response:	215 UNIX Type: L8
Command:	PBSZ 0
Response:	200 PBSZ=0
Command:	PROT P
Response:	534 Fallback to [C]
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE A
Response:	200 TYPE is now ASCII
Command:	PORT 213,114,84,62,7,99
Response:	200 PORT command successful
Command:	LIST
Error:	Timeout detected!
Error:	Could not retrieve directory listing
I use filezilla ftp client
 

internetfab

Well-Known Member
PartnerNOC
Feb 20, 2003
336
0
166
Gothenburg, Sweden
cPanel Access Level
DataCenter Provider
Enabled passive in the pure-ftpd.conf file (uncommented the port range for passive)

Tried connecting again and got stuck at LIST again but with this message:

Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: Could not retrieve directory listing
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
Actually, from that FTP session log it looks like you need to enable passive mode in your FTP client since it isn't using it.
 

myusername

Well-Known Member
PartnerNOC
Mar 6, 2003
693
1
168
chown -R us.*yourbase*
cPanel Access Level
DataCenter Provider
Twitter
You guys still have a working FTPS after cPanel 11?

I am getting these now:

220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
500 This security scheme is not implemented
Unable to make a connection. Please try again.
 

kran

Well-Known Member
Jul 5, 2003
75
0
156
Colombia
cPanel Access Level
Root Administrator
I´m Also Having problems

New server, Chirpy´s firewall with the ftp hole, reinstalled pure-ftpd, opened ports, opened passive ports in ftpd conf.

The program connects to the account, but does not list any files.

-> 220---------- Welcome to Pure-FTPd [TLS] ----------

-> 220-You are user number 1 of 50 allowed.

-> 220-Local time is now 14:32. Server port: 21.

-> 220-This is a private system - No anonymous login

-> 220-IPv6 connections are also welcome on this server.

-> 220 You will be disconnected after 15 minutes of inactivity.

<- USER franber

-> 331 User franber OK. Password required

<- PASS ********

-> 230-User franber has group access to: franber

-> 230 OK. Current restricted directory is /

<- PWD

-> 257 "/" is your current location

<- TYPE I

-> 200 TYPE is now 8-bit binary

<- PWD

-> 257 "/" is your current location

<- PASV

-> 227 Entering Passive Mode (72,232,xx,xxx,250,192)

Any help?
 

spearhead

Member
Mar 20, 2004
13
0
151
I'm having similar issues. regular FTP fails on LIST. But, it only fails often - not ALL the time, just most of the time. SFTP works ALL the time. This is using many different clients from various ISPs. This is a new development from about 1-2 weeks ago.

I'm using pure-ftp and the most current CURRENT dist. I tried Pro-ftp with the same results. Passive/Not-passive seems to make no difference. It appears to be a directory list error with FTP. Not a port issue or firewall as I do run APF but turned it off and cleared iptables with the same results.

Does FTP run under different credentials than SFTP? Could this be a permissions issue server wide?