FTPS and Pure FTP - Working?

[myusername]

I am seeing a lot of old threads on this with conflicting results.

Does anyone know the current state of FTPS and Pure FTP?

I notice in the welcome message from the server is says:

--Welcome To Pure-FTPD[TLS]--

But this is coming from a log in a program that does not support TLS as far as I know. (old WS_FTP LE) So I am assuming the welcome messages is just that, a message and not indicating the connection has performed the TLS handshake.

I tried a newer FTP client built into Firefox which has TLS options available but none of them seem to work on port 21, which was my understanding as how cPanel finally decided to integrate TLS into the ftp daemon.

Anyone have any updated info on this?

 

[david510]

ftps needs jailshell access enabled for the account.

 

[myusername]

No, that would be SFTP.

I am talking about FTPs which is FTP over TLS. Completely diffferent from SFTP which is SSH File Transfer Protocol and is pointless to enable on cPanel IMHO since you have to give out a shell or hack it with rssh just to allow access.

Anyways the answer to my own questions is yes thats just a message header and does not mean that one has successfully connected to the FTP server over TLS.

 

[chirpy]

This is what FTP with TLS/SSL should look like if successful (from a standard cPanel install):

[15:29:35] [R] 220---------- Welcome to Pure-FTPd [TLS] ----------
[15:29:35] [R] 220-You are user number 1 of 50 allowed.
[15:29:35] [R] 220-Local time is now 15:30. Server port: 21.
[15:29:35] [R] 220-This is a private system - No anonymous login
[15:29:35] [R] 220 You will be disconnected after 15 minutes of inactivity.
[15:29:35] [R] AUTH TLS
[15:29:35] [R] 234 AUTH TLS OK.
[15:29:35] [R] Connected. Negotiating TLSv1 session..
[15:29:35] [R] TLSv1 negotiation successful...
[15:29:35] [R] TLSv1 encrypted session using cipher AES256-SHA (256 bits)

I use FlashFXP as my FTP client.

 

[internetfab]

Got some problems myself with FTP over TLS. Seems it times out when it tries to retrieve the listing of files. Anyone know why? See the log below.

Status:	Connecting to xxxxxx ...
Status:	Connected with xxxxxx, negotiating SSL connection...
Response:	220---------- Welcome to Pure-FTPd [TLS] ----------
Response:	220-You are user number 6 of 50 allowed.
Response:	220-Local time is now 20:42. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	AUTH TLS
Response:	234 AUTH TLS OK.
Status:	SSL connection established. Waiting for welcome message...
Command:	USER xxxxxx
Response:	331 User xxxxxx OK. Password required
Command:	PASS *********
Response:	230-User xxxxxx has group access to:  xxxxxx
Response:	230 OK. Current restricted directory is /
Command:	FEAT
Response:	211-Extensions supported:
Response:	 EPRT
Response:	 IDLE
Response:	 MDTM
Response:	 SIZE
Response:	 REST STREAM
Response:	 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:	 MLSD
Response:	 ESTP
Response:	 PASV
Response:	 EPSV
Response:	 SPSV
Response:	 ESTA
Response:	 AUTH TLS
Response:	 PBSZ
Response:	 PROT
Response:	211 End.
Command:	SYST
Response:	215 UNIX Type: L8
Command:	PBSZ 0
Response:	200 PBSZ=0
Command:	PROT P
Response:	534 Fallback to [C]
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE A
Response:	200 TYPE is now ASCII
Command:	PORT 213,114,84,62,7,99
Response:	200 PORT command successful
Command:	LIST
Error:	Timeout detected!
Error:	Could not retrieve directory listing

I use filezilla ftp client

 

[myusername]

Had the same problem, you need to enable the passive ports in ftpd.conf and all will fly well.

 

[internetfab]

Enabled passive in the pure-ftpd.conf file (uncommented the port range for passive)

Tried connecting again and got stuck at LIST again but with this message:

Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: Could not retrieve directory listing

 

[myusername]

You running Chirpy's Firewall?

 

[internetfab]

You running Chirpy's Firewall?

Yes I am - any ports that need to be opened for it to work?

 

[chirpy]

Actually, from that FTP session log it looks like you need to enable passive mode in your FTP client since it isn't using it.

 

[internetfab]

Actually, from that FTP session log it looks like you need to enable passive mode in your FTP client since it isn't using it.

Yeah I didnt post the full log the second time, I just posted the error message.
But is there a need to open specific ports in csf for it to work?

 

[chirpy]

No, there shouldn't be if non-TLS FTP works.

 

[internetfab]

Well I be damned
Worked from work this time, was trying with passive from home last night and it didn't wanna work - although I tried connecting to another server that time.

 

[myusername]

You guys still have a working FTPS after cPanel 11?

I am getting these now:

220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
500 This security scheme is not implemented
Unable to make a connection. Please try again.

 

[kran]

I´m Also Having problems

New server, Chirpy´s firewall with the ftp hole, reinstalled pure-ftpd, opened ports, opened passive ports in ftpd conf.

The program connects to the account, but does not list any files.

-> 220---------- Welcome to Pure-FTPd [TLS] ----------

-> 220-You are user number 1 of 50 allowed.

-> 220-Local time is now 14:32. Server port: 21.

-> 220-This is a private system - No anonymous login

-> 220-IPv6 connections are also welcome on this server.

-> 220 You will be disconnected after 15 minutes of inactivity.

<- USER franber

-> 331 User franber OK. Password required

<- PASS ********

-> 230-User franber has group access to: franber

-> 230 OK. Current restricted directory is /

<- PWD

-> 257 "/" is your current location

<- TYPE I

-> 200 TYPE is now 8-bit binary

<- PWD

-> 257 "/" is your current location

<- PASV

-> 227 Entering Passive Mode (72,232,xx,xxx,250,192)

Any help?

 

[spearhead]

I'm having similar issues. regular FTP fails on LIST. But, it only fails often - not ALL the time, just most of the time. SFTP works ALL the time. This is using many different clients from various ISPs. This is a new development from about 1-2 weeks ago.

I'm using pure-ftp and the most current CURRENT dist. I tried Pro-ftp with the same results. Passive/Not-passive seems to make no difference. It appears to be a directory list error with FTP. Not a port issue or firewall as I do run APF but turned it off and cleared iptables with the same results.

Does FTP run under different credentials than SFTP? Could this be a permissions issue server wide?

 

[grindlay]

FTP passive transfers

Do you have a firewall on the server? e.g.APF
Could be blocking the passive ports.
G
http://www.theserverpages.com/artic...ions_to_work_through_a_firewall_properly.html