Carl Bullard on 22 Jan 2010 10:34:37 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Implicit SSL with vsftpd? 

Why not use port 22?

We use SFTP pretty heavily over port 22 and have had no issues.

Carl

On Fri, Jan 22, 2010 at 12:49 PM, Mike Leone <turgon@mike-leone.com> wrote:
> I need to set up a secure FTP server for our DMZ. So I set up vsftpd and
> activated SSL, and enforced only SSL connections. And that all works
> well. I used Filezilla (on Windows), and specified a FTP over explicit
> SSL connection.
>
> What that means is that the client connects on port 21. And my firewall
> guy doesn't want to leave port 21 open, he wants 990 (which is implicit
> SSL). So I changed the vsftpd config to
>
> listen_port=990
>
> and restarted it. And tried connecting again, this time specifying FTP
> over implicit SSL (which defaults to using port 990 to connect to).
>
> Filezilla shows that I am connecting, and says it is negotiating TLS.
> And then times out ...
>
> Status: Connecting to 65.211.19.230:990...
> Status: Connection established, initializing TLS...
>
> vsftpd log shows nothing, merely a connection from the firewall IP.
>
> Not sure where to go from here. Any thoughts?
>
> (personally, I would set it back to explicit SSL and port 21, and move
> on. Since no FTP connection can be made without SSL, that seems OK to
> me. Even if I moved it to port 990, an SSL connection is still required.
> And whether the port is open on 990 or 21 is pretty meaningless, since
> even I can figure out how to scan for open ports. :-))
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>



-- 
Carl

"When you find a big kettle of crazy, it's best not to stir it" - Scott Adams
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug