[PLUG] Problems with FTP over SSL

Mike Leone on 15 Mar 2011 08:57:09 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Problems with FTP over SSL

From: Mike Leone <turgon@mike-leone.com>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Problems with FTP over SSL
Date: Tue, 15 Mar 2011 11:57:13 -0400
Organization: Organization doesn't really apply to Mike ...
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9

I'm trying to get vsftpd to work on a RHEL server. I *want* to do FTP
over SSL, if I could, for the encryption. Right now, I'm allowing SFTP.
I want to use vftpd chrooted, so that incoming users can see only their
own directory, and to allow only encrypted connections.

I issued myself a cert, and told vsftpd to enforce SSL. When I connect
from a Windows client (running Filezilla, which supports both FTP over
implicit and explicit SSL).

But what I am getting is this (snipped from Filezilla status window):

11:42:41	Response:	220 Welcome to the PHA Secure Vendor FTP service.
11:42:41	Command:	AUTH TLS
11:42:41	Response:	234 Proceed with negotiation.
11:42:41	Status:	Initializing TLS...
11:42:41	Status:	Verifying certificate...
<snip>
11:42:50	Response:	230 Login successful.
11:42:50	Command:	SYST
11:42:50	Response:	215 UNIX Type: L8
11:42:50	Command:	FEAT
11:42:50	Response:	211-Features:
11:42:50	Response:	 AUTH SSL
11:42:50	Response:	 AUTH TLS
11:42:50	Response:	 EPRT
11:42:50	Response:	 EPSV
11:42:50	Response:	 MDTM
11:42:50	Response:	 PASV
11:42:50	Response:	 PBSZ
11:42:50	Response:	 PROT
11:42:50	Response:	 REST STREAM
11:42:50	Response:	 SIZE
11:42:50	Response:	 TVFS
11:42:50	Response:	211 End
11:42:50	Command:	PBSZ 0
11:42:50	Response:	200 PBSZ set to 0.
11:42:50	Command:	PROT P
11:42:50	Response:	200 PROT now Private.
11:42:50	Status:	Connected
11:42:50	Status:	Retrieving directory listing...
11:42:50	Command:	PWD
11:42:50	Response:	257 "/"
11:42:50	Command:	TYPE I
11:42:50	Response:	200 Switching to Binary mode.
11:42:50	Command:	PASV
11:42:50	Response:	227 Entering Passive Mode (<internal IP>,171,89)
11:42:50	Status:	Server sent passive reply with unroutable address.
Using server address instead.
11:42:50	Command:	LIST
11:43:09	Error:	GnuTLS error -53: Error in the push function.

So what setting do I have wrong? It looks like the server gave it's
internal IP address, which of course wouldn't work, and then fell back
on it's public IP. So why did it drop at that point?


vsftpd.conf (abridged):

# PHA Customizations

chmod_enable=YES
chroot_local_user=YES
use_localtime=YES
download_enable=NO


# Added 2011-03-15 Turn off unsecure FTP

ssl_enable=YES

force_local_logins_ssl=YES
allow_anon_ssl=NO
force_local_data_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem




-- 
Michael J. Leone, <mailto:turgon@mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>

Network apparatchik and all-around drudge.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Problems with FTP over SSL
  - From: David Coulson <david@davidcoulson.net>

Prev by Date: Re: [PLUG] Recommendations for Motherboard
Next by Date: Re: [PLUG] Problems with FTP over SSL
Previous by thread: Re: [PLUG] Recommendations for Motherboard
Next by thread: Re: [PLUG] Problems with FTP over SSL
Index(es):
- Date
- Thread