Re: [PLUG] Implicit SSL with vsftpd?

Carl Bullard on 22 Jan 2010 10:34:37 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Implicit SSL with vsftpd?

From: Carl Bullard <carlbullard@gmail.com>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Implicit SSL with vsftpd?

Date: Fri, 22 Jan 2010 13:34:31 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

Why not use port 22? We use SFTP pretty heavily over port 22 and have had no issues. Carl On Fri, Jan 22, 2010 at 12:49 PM, Mike Leone <turgon@mike-leone.com> wrote: > I need to set up a secure FTP server for our DMZ. So I set up vsftpd and > activated SSL, and enforced only SSL connections. And that all works > well. I used Filezilla (on Windows), and specified a FTP over explicit > SSL connection. > > What that means is that the client connects on port 21. And my firewall > guy doesn't want to leave port 21 open, he wants 990 (which is implicit > SSL). So I changed the vsftpd config to > > listen_port=990 > > and restarted it. And tried connecting again, this time specifying FTP > over implicit SSL (which defaults to using port 990 to connect to). > > Filezilla shows that I am connecting, and says it is negotiating TLS. > And then times out ... > > Status: Connecting to 65.211.19.230:990... > Status: Connection established, initializing TLS... > > vsftpd log shows nothing, merely a connection from the firewall IP. > > Not sure where to go from here. Any thoughts? > > (personally, I would set it back to explicit SSL and port 21, and move > on. Since no FTP connection can be made without SSL, that seems OK to > me. Even if I moved it to port 990, an SSL connection is still required. > And whether the port is open on 990 or 21 is pretty meaningless, since > even I can figure out how to scan for open ports. :-)) > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > -- Carl "When you find a big kettle of crazy, it's best not to stir it" - Scott Adams ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Implicit SSL with vsftpd?
From: Michael Leone <turgon@mike-leone.com>

References:

[PLUG] Implicit SSL with vsftpd?
From: Mike Leone <turgon@mike-leone.com>

Prev by Date: [PLUG] Implicit SSL with vsftpd?

Next by Date: Re: [PLUG] Implicit SSL with vsftpd?

Previous by thread: [PLUG] Implicit SSL with vsftpd?

Next by thread: Re: [PLUG] Implicit SSL with vsftpd?

Index(es):

Date

Thread