Re: [PLUG] If not SFTP, how's about FTPS?

Michael Leone on 11 Aug 2015 06:58:03 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] If not SFTP, how's about FTPS?

From: Michael Leone <turgon@mike-leone.com>
To: PLUG <plug@lists.phillylinux.org>
Subject: Re: [PLUG] If not SFTP, how's about FTPS?
Date: Tue, 11 Aug 2015 09:57:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mike-leone.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=vYeCQg36TbxbmWnkHeFUpi4NtSynvTK8pQJG8Wgz9rA=; b=PSe3OOPvJN5Nfi+GC1pyJAYr8B8skgCEmCB1HtSzC3xwalrCpsqBjIkHh75NEp5OBD 0JIbJnVtk1BfiLZocSntVEL0UPbFgeEwC0KUQ10auUsec7UR5Ut27wSy/E7P8yQg3Y/q OsQ4ymeNP8jvtfcNuaa/FexAWbxbFzqcSfPv8=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

Anyone? My firewall guy tells me that there are no rules blocking me
from doing this (not from my trusted zone into my DMZ, anyway). So
it's not a firewall block. Any ideas what might be causing this?

On Fri, Aug 7, 2015 at 3:18 PM, Michael Leone <turgon@mike-leone.com> wrote:
> So since I can't quickly and easily get sftp chroot (since I have too
> old of a RHEL, and while I could upgrade, another way might be
> quicker).
>
> I have vsftpd, and I thought to use FTPS (FTP over SSL). So I issued a
> cert for it (we can issue our own certs from a separate linux VM), and
> thought to configure it.
>
> I can get chroot working just fine, but only with regular
> (non-encrypted) FTP. I can do "ssl_enable=YES", and I can make FTPS
> connections, but I never get a directory listing.
>
>
> 220 Welcome to the PHA Secure Vendor FTP service.
> AUTH TLS
> 234 Proceed with negotiation.
> TLSv1, cipher TLSv1/SSLv3 (DES-CBC3-SHA) - 168 bit
> USER upgradeprojectadmin
> 331 Please specify the password.
> PASS **********
> 230 Login successful.
> SYST
> 215 UNIX Type: L8
> Keep alive off...
> PWD
> 257 "/"
> PBSZ 0
> 200 PBSZ set to 0.
> PROT P
> 200 PROT now Private.
> PASV
> 227 Entering Passive Mode (192,168,1,30,165,140)
> LIST
> Connect socket #1028 to 192.168.1.30, port 42380...
> timeout
> QUIT
>
>
> So what's wrong here? Chroot works with non-encrypted SSL; I get a
> directory listing. Yet, turning on FTPS makes the directory listing
> not work.
>
> Any ideas? I'd include a vsftpd.log, but all it is saying is
>
> Fri Aug  7 14:54:10 2015 [pid 24318] CONNECT: Client "192.168.1.2"
> Fri Aug  7 14:54:11 2015 [pid 24317] [TestUser1] OK LOGIN: Client "192.168.1.2"
>
> That IP is the firewall between my DMZ and me.
>
> Anyone?
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] If not SFTP, how's about FTPS?
  - From: Matt Mossholder <matt@mossholder.com>

References:
- [PLUG] If not SFTP, how's about FTPS?
  - From: Michael Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] Need Help with a script for netcat
Next by Date: Re: [PLUG] If not SFTP, how's about FTPS?
Previous by thread: [PLUG] If not SFTP, how's about FTPS?
Next by thread: Re: [PLUG] If not SFTP, how's about FTPS?
Index(es):
- Date
- Thread