Mike Leone on 15 Mar 2011 08:57:09 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Problems with FTP over SSL

I'm trying to get vsftpd to work on a RHEL server. I *want* to do FTP
over SSL, if I could, for the encryption. Right now, I'm allowing SFTP.
I want to use vftpd chrooted, so that incoming users can see only their
own directory, and to allow only encrypted connections.

I issued myself a cert, and told vsftpd to enforce SSL. When I connect
from a Windows client (running Filezilla, which supports both FTP over
implicit and explicit SSL).

But what I am getting is this (snipped from Filezilla status window):

11:42:41	Response:	220 Welcome to the PHA Secure Vendor FTP service.
11:42:41	Command:	AUTH TLS
11:42:41	Response:	234 Proceed with negotiation.
11:42:41	Status:	Initializing TLS...
11:42:41	Status:	Verifying certificate...
11:42:50	Response:	230 Login successful.
11:42:50	Command:	SYST
11:42:50	Response:	215 UNIX Type: L8
11:42:50	Command:	FEAT
11:42:50	Response:	211-Features:
11:42:50	Response:	 AUTH SSL
11:42:50	Response:	 AUTH TLS
11:42:50	Response:	 EPRT
11:42:50	Response:	 EPSV
11:42:50	Response:	 MDTM
11:42:50	Response:	 PASV
11:42:50	Response:	 PBSZ
11:42:50	Response:	 PROT
11:42:50	Response:	 REST STREAM
11:42:50	Response:	 SIZE
11:42:50	Response:	 TVFS
11:42:50	Response:	211 End
11:42:50	Command:	PBSZ 0
11:42:50	Response:	200 PBSZ set to 0.
11:42:50	Command:	PROT P
11:42:50	Response:	200 PROT now Private.
11:42:50	Status:	Connected
11:42:50	Status:	Retrieving directory listing...
11:42:50	Command:	PWD
11:42:50	Response:	257 "/"
11:42:50	Command:	TYPE I
11:42:50	Response:	200 Switching to Binary mode.
11:42:50	Command:	PASV
11:42:50	Response:	227 Entering Passive Mode (<internal IP>,171,89)
11:42:50	Status:	Server sent passive reply with unroutable address.
Using server address instead.
11:42:50	Command:	LIST
11:43:09	Error:	GnuTLS error -53: Error in the push function.

So what setting do I have wrong? It looks like the server gave it's
internal IP address, which of course wouldn't work, and then fell back
on it's public IP. So why did it drop at that point?

vsftpd.conf (abridged):

# PHA Customizations


# Added 2011-03-15 Turn off unsecure FTP




Michael J. Leone, <mailto:turgon@mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>

Network apparatchik and all-around drudge.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug