Mike Leone on 22 Jan 2010 09:49:19 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Implicit SSL with vsftpd?

I need to set up a secure FTP server for our DMZ. So I set up vsftpd and 
activated SSL, and enforced only SSL connections. And that all works 
well. I used Filezilla (on Windows), and specified a FTP over explicit 
SSL connection.

What that means is that the client connects on port 21. And my firewall 
guy doesn't want to leave port 21 open, he wants 990 (which is implicit 
SSL). So I changed the vsftpd config to


and restarted it. And tried connecting again, this time specifying FTP 
over implicit SSL (which defaults to using port 990 to connect to).

Filezilla shows that I am connecting, and says it is negotiating TLS. 
And then times out ...

Status:	Connecting to
Status:	Connection established, initializing TLS...

vsftpd log shows nothing, merely a connection from the firewall IP.

Not sure where to go from here. Any thoughts?

(personally, I would set it back to explicit SSL and port 21, and move 
on. Since no FTP connection can be made without SSL, that seems OK to 
me. Even if I moved it to port 990, an SSL connection is still required. 
And whether the port is open on 990 or 21 is pretty meaningless, since 
even I can figure out how to scan for open ports. :-))

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug