George A. Theall on 22 Jan 2010 16:43:31 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Implicit SSL with vsftpd?

On Fri, Jan 22, 2010 at 12:49:00PM -0500, Mike Leone wrote:

> I need to set up a secure FTP server for our DMZ. So I set up vsftpd and 
> activated SSL, and enforced only SSL connections. And that all works 
> well. I used Filezilla (on Windows), and specified a FTP over explicit 
> SSL connection.
> What that means is that the client connects on port 21. And my firewall 
> guy doesn't want to leave port 21 open, he wants 990 (which is implicit 
> SSL). So I changed the vsftpd config to

You seem to be mixing explicit and implicit FTP.  The former requires
that you explicitly request the connect continue over TLS (eg, with an
'AUTH TLS' command) after connecting over an unencrypted channel; the
latter that you handle SSL / TLS negotiation from the get-go. 

> listen_port=990
> and restarted it. And tried connecting again, this time specifying FTP 
> over implicit SSL (which defaults to using port 990 to connect to).

Doesn't that just tell vsftpd to listen on a specific port? Have you
actually enabled SSL support and defined certs?

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --