Carl Bullard on 22 Jan 2010 10:34:37 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Implicit SSL with vsftpd?

Why not use port 22?

We use SFTP pretty heavily over port 22 and have had no issues.


On Fri, Jan 22, 2010 at 12:49 PM, Mike Leone <> wrote:
> I need to set up a secure FTP server for our DMZ. So I set up vsftpd and
> activated SSL, and enforced only SSL connections. And that all works
> well. I used Filezilla (on Windows), and specified a FTP over explicit
> SSL connection.
> What that means is that the client connects on port 21. And my firewall
> guy doesn't want to leave port 21 open, he wants 990 (which is implicit
> SSL). So I changed the vsftpd config to
> listen_port=990
> and restarted it. And tried connecting again, this time specifying FTP
> over implicit SSL (which defaults to using port 990 to connect to).
> Filezilla shows that I am connecting, and says it is negotiating TLS.
> And then times out ...
> Status: Connecting to
> Status: Connection established, initializing TLS...
> vsftpd log shows nothing, merely a connection from the firewall IP.
> Not sure where to go from here. Any thoughts?
> (personally, I would set it back to explicit SSL and port 21, and move
> on. Since no FTP connection can be made without SSL, that seems OK to
> me. Even if I moved it to port 990, an SSL connection is still required.
> And whether the port is open on 990 or 21 is pretty meaningless, since
> even I can figure out how to scan for open ports. :-))
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --
> Announcements -
> General Discussion  --


"When you find a big kettle of crazy, it's best not to stir it" - Scott Adams
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --