Hi!
I'm trying to figure out what's going wrong with a "simple" FTPS setup and VSFTPD.
I saw references on Google and tried, and tried, and tried... without success.
I'll start by explaining my situation: I have a WEB development server behind a firewall. It's currently only for the intranet. We now have an external company that will have to do a new website for us and we want them to access securely our development server.
Internally, we access it with regular FTP (we use DreamWeaver 8). In the references i saw, i'd just add the following lines and it is supposed to work:
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem
Here are the previous lines in my vsftpd config:
anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd/vsftpd.chroot_list pam_service_name=vsftpd userlist_enable=YES listen=YES tcp_wrappers=YES
I generated the PEM cert with the following command:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
I tried to connect with FileZilla without luck. I heard that FileZilla may have a problem with vsftpd in FTPS mode so i downloaded SmartFTP which i read should be able to connect.
When i try, i get this error message:
SSL/TLS client handshake failed (Error = 0x80090308)
Does anybody could give me a pointer on this?
Thanks in advance and happy holidays to everybody!
Guy Boisvert, ing IngTegration inc.
_______________________________________________________________ Pre-Boxing Day Domain Sales: Hosting + Domain = US$4.95/year Offer Ends: Dec 31, 2008. http://www.doteasypromo.com
On Fri, Dec 19, 2008, Guy Boisvert wrote:
Hi!
I'm trying to figure out what's going wrong with a "simple" FTPS setup and VSFTPD.
I saw references on Google and tried, and tried, and tried... without success.
I'll start by explaining my situation: I have a WEB development server behind a firewall. It's currently only for the intranet. We now have an external company that will have to do a new website for us and we want them to access securely our development server.
Internally, we access it with regular FTP (we use DreamWeaver 8). In the references i saw, i'd just add the following lines and it is supposed to work:
As a rule, we require external developers to access our servers using OpenVPN which provides a simple means of getting secure access without having to deal with multiple server components.
The OpenVPN clients for Windows and OS X are simple to set up, well within the capabilities of the average web developer (which often aren't extensive :-).
Bill
Bill Campbell wrote:
As a rule, we require external developers to access our servers using OpenVPN which provides a simple means of getting secure access without having to deal with multiple server components.
and, at work, our GNOC guys use SSL-VPN's from Juniper, which for business partners are highly restricted such that they can ONLY access the specific server and services they have rights to. while I'm not in the group that manages this, the guys who do are on my floor, and tell me that the global management console makes managing all this a breeze... we have dozens of firewalls as we're a 50000 employee global manufacturing company, this is all under central control.
you mentioned FTP and FTPS... I prefer whenever possible to use scp/sftp, as its much easier to forward through a NAT/Masquerade firewall. I have no idea if Dreamweaver supports this, however.
John R Pierce wrote:
Bill Campbell wrote:
As a rule, we require external developers to access our servers using OpenVPN which provides a simple means of getting secure access without having to deal with multiple server components.
and, at work, our GNOC guys use SSL-VPN's from Juniper, which for business partners are highly restricted such that they can ONLY access the specific server and services they have rights to. while I'm not in the group that manages this, the guys who do are on my floor, and tell me that the global management console makes managing all this a breeze... we have dozens of firewalls as we're a 50000 employee global manufacturing company, this is all under central control.
you mentioned FTP and FTPS... I prefer whenever possible to use scp/sftp, as its much easier to forward through a NAT/Masquerade firewall. I have no idea if Dreamweaver supports this, however.
Hi John,
Good pointers but i'm not sure i'm up to setup a chrooted ssh environment. I tried that a couple of times (not on this network) and it wasn't very practical. I'm not saying i'm an expert at that and it may very well be my fault if i found it cumbersome.
vsftpd is supposed to support FTPS so it would be perfect in my situation.
Thanks!
Guy Boisvert, ing. IngTegration inc.
Bill Campbell wrote:
On Fri, Dec 19, 2008, Guy Boisvert wrote:
Hi!
I'm trying to figure out what's going wrong with a "simple" FTPS setup and VSFTPD.
I saw references on Google and tried, and tried, and tried... without success.
I'll start by explaining my situation: I have a WEB development server behind a firewall. It's currently only for the intranet. We now have an external company that will have to do a new website for us and we want them to access securely our development server.
Internally, we access it with regular FTP (we use DreamWeaver 8). In the references i saw, i'd just add the following lines and it is supposed to work:
As a rule, we require external developers to access our servers using OpenVPN which provides a simple means of getting secure access without having to deal with multiple server components.
The OpenVPN clients for Windows and OS X are simple to set up, well within the capabilities of the average web developer (which often aren't extensive :-).
Bill
Hi Bill,
It is a very good idea but i can't force them to use it. The WEB Developpers are inside an University and i heard that it's complicated to make the IT staff add some stuff like that.
FTPS is supposed to be directly supported by DreamWeaver, so that why am asking about it.
Thanks!
Guy Boisvert, ing. IngTegration inc.
Guy Boisvert wrote:
FTPS is supposed to be directly supported by DreamWeaver, so that why am asking about it.
does Dreamweaver support WebDAV over HTTPS as an update method? this would be a LOT EASIER to get working behind a firewall!!!!
if they can access your website with https/ssl, and you can get mod_dav working, you're in business.
John R Pierce wrote:
Guy Boisvert wrote:
FTPS is supposed to be directly supported by DreamWeaver, so that why am asking about it.
does Dreamweaver support WebDAV over HTTPS as an update method? this would be a LOT EASIER to get working behind a firewall!!!!
if they can access your website with https/ssl, and you can get mod_dav working, you're in business.
Ok, i'll check that. I still focus on FTPS for now but i'll have a look a WebDAV/HTTPS.
Thanks!
Guy Boisvert, ing. IngTegration inc.
When i try, i get this error message:
SSL/TLS client handshake failed (Error = 0x80090308)
Does anybody could give me a pointer on this?
I really hope you post the end fulfillment of this problem as I want to do ssl with my vsftp and have not gotten around to it.
Have you tried just restarting vsftp? I also find that I had to play with the user list allow/deny to get mine to work right.
Can you, if you take out the ssl stuff, access it via ftp normally?
-Bob
On Fri, Dec 19, 2008 at 01:37:55PM -0500, Bob Hoffman wrote:
When i try, i get this error message:
SSL/TLS client handshake failed (Error = 0x80090308)
Does anybody could give me a pointer on this?
I really hope you post the end fulfillment of this problem as I want to do ssl with my vsftp and have not gotten around to it.
Have you tried just restarting vsftp? I also find that I had to play with the user list allow/deny to get mine to work right.
Can you, if you take out the ssl stuff, access it via ftp normally?
To the OP (sorry, jumping into a lot of threads late); what version of vsftpd are you using?
A few months back FileZilla released a new version that "broke" TLS/SSL support with a number of FTP servers. I ran into the problem with ProFTPD specifically:
http://bugs.proftpd.org/show_bug.cgi?id=3094
But vsftpd had this issue as well and was patched in v 2.0.7. I don't know if this fix was backported by RH or not....
I also don't know if SmartFTP client would exhibit the same problem. You could try an older version of FileZilla (< 3.1.0) to see if it works correctly...
Ray
Ray Van Dolson wrote:
To the OP (sorry, jumping into a lot of threads late); what version of vsftpd are you using?
A few months back FileZilla released a new version that "broke" TLS/SSL support with a number of FTP servers. I ran into the problem with ProFTPD specifically:
http://bugs.proftpd.org/show_bug.cgi?id=3094
But vsftpd had this issue as well and was patched in v 2.0.7. I don't know if this fix was backported by RH or not....
I also don't know if SmartFTP client would exhibit the same problem. You could try an older version of FileZilla (< 3.1.0) to see if it works correctly...
Ray
Hi Ray,
Here are the infos:
vsftpd-2.0.1-6.el4
Linux [server name] 2.6.9-78.0.8.EL #1 Wed Nov 19 19:43:32 EST 2008 i686 i686 i386 GNU/Linux
CentOS release 4.7 (Final)
I'll try older FileZilla and report back as soon as i find a solution.
Thanks for your help!
Guy Boisvert, ing. IngTegration inc.
Bob Hoffman wrote:
When i try, i get this error message:
SSL/TLS client handshake failed (Error = 0x80090308)
Does anybody could give me a pointer on this?
I really hope you post the end fulfillment of this problem as I want to do ssl with my vsftp and have not gotten around to it.
Have you tried just restarting vsftp? I also find that I had to play with the user list allow/deny to get mine to work right.
Can you, if you take out the ssl stuff, access it via ftp normally?
Hi Bob,
Just to put all this in perspective, i'm not a "green" on CentOS and i restarted vsftpd each time i modified my test server (it's very ok that you asked!). I don't consider myself an expert but i'm pretty confortable with CentOS.
I can reach easily the server by regular FTP, check my previously posted config file and you'll see that i don't force local users to use SSL. For the remote users, i'll redirect port 990 on our firewall to port 21 on the server. I read that vsftpd can't use different ports for regular FTP and FTPS so i let it be on port 21, which we use internally.
Thanks!
Guy Boisvert, ing. IngTegration inc.
Guy Boisvert wrote:
Bob Hoffman wrote:
When i try, i get this error message:
SSL/TLS client handshake failed (Error = 0x80090308)
Does anybody could give me a pointer on this?
I really hope you post the end fulfillment of this problem as I want to do ssl with my vsftp and have not gotten around to it.
Have you tried just restarting vsftp? I also find that I had to play with the user list allow/deny to get mine to work right.
Can you, if you take out the ssl stuff, access it via ftp normally?
Hi Bob,
Just to put all this in perspective, i'm not a "green" on CentOS and i restarted vsftpd each time i modified my test server (it's very ok that you asked!). I don't consider myself an expert but i'm pretty confortable with CentOS.
I can reach easily the server by regular FTP, check my previously posted config file and you'll see that i don't force local users to use SSL. For the remote users, i'll redirect port 990 on our firewall to port 21 on the server. I read that vsftpd can't use different ports for regular FTP and FTPS so i let it be on port 21, which we use internally.
I don't know if you can do that with FTPS... FTP uses a seperate dynamic port for the data socket, and the mode this port is assigned is at the whim of the *client* software, it can either be PORT or PASSIVE mode, this makes NAT address translation of FTP a real mess. AFAIK, FTPS (ftp over ssl) does much the same.
I quote from Wikipedia...
The firewall problem
Because FTP http://en.wikipedia.org/wiki/File_Transfer_Protocol is a port-hopping protocol (i.e. data channels use a random port chosen during the communication), many firewalls http://en.wikipedia.org/wiki/Firewall_%28networking%29 are designed to understand FTP protocol messages to determine what secondary data connections they need to allow. However, if the control connection is encrypted using TLS/SSL (or any other method for that matter), the firewall is not able to get the port numbers of the data connections from the control connection (since it is encrypted and the firewall cannot decrypt it). Therefore, in many firewalled networks, clear FTP connections will work while FTPS connections will either completely fail or require the use of passive mode (assuming all ports >= 1024 to the server are unfiltered).
John R Pierce wrote:
I don't know if you can do that with FTPS... FTP uses a seperate dynamic port for the data socket, and the mode this port is assigned is at the whim of the *client* software, it can either be PORT or PASSIVE mode, this makes NAT address translation of FTP a real mess. AFAIK, FTPS (ftp over ssl) does much the same.
I quote from Wikipedia...
The firewall problemBecause FTP http://en.wikipedia.org/wiki/File_Transfer_Protocol is a
[...]
cannot decrypt it). Therefore, in many firewalled networks, clear FTP connections will work while FTPS connections will either completely fail or require the use of passive mode (assuming all ports >= 1024 to the server are unfiltered).
Well John, i can't even get it working locally on the same subnet (and no, the server doesn't use firewalling)! I'm not even at the firewall access level!
Thanks for the pointer anyway.
Regards,
Guy Boisvert, ing. IngTegration inc.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Guy Boisvert wrote:
Hi!
I'm trying to figure out what's going wrong with a "simple" FTPS setup and VSFTPD.
...
When i try, i get this error message:
SSL/TLS client handshake failed (Error = 0x80090308)
How are you trying to connect ? What is the address you are referring to access ? Can you use lftp with debug 9 and post the output ?
Does anybody could give me a pointer on this?
please, take a lookt at: http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users
I would like to hear if this is useful to you.
Best Regards, - -- Alain Reguera Delgado al@ciget.cienfuegos.cu GnuPG : http://ciget.cienfuegos.cu/~al/publickey.asc
Alain Reguera Delgado wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Guy Boisvert wrote:
Hi!
I'm trying to figure out what's going wrong with a "simple" FTPS setup and VSFTPD.
...
When i try, i get this error message:
SSL/TLS client handshake failed (Error = 0x80090308)
How are you trying to connect ? What is the address you are referring to access ? Can you use lftp with debug 9 and post the output ?
As i said, i'm trying to connect in FTPS mode with FileZilla and SmartFTP to port 21 at the address of my server!
Does anybody could give me a pointer on this?
please, take a lookt at: http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users
I would like to hear if this is useful to you.
Best Regards,
This link is interesting but the problem is not that i don't want to use "local" users. I have no problem with that. That's the SSL/TLS handshake error that i don't figure out.
Thanks!
Guy Boisvert, ing. IngTegration inc.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Guy Boisvert wrote: ...
Does anybody could give me a pointer on this?
please, take a lookt at: http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users
...
This link is interesting but the problem is not that i don't want to use "local" users. I have no problem with that. That's the SSL/TLS handshake error that i don't figure out.
Did you tried to connect to your server with the lftp client in debug 9 ? What it says.
Cheers, - -- Alain Reguera Delgado al@ciget.cienfuegos.cu GnuPG : http://ciget.cienfuegos.cu/~al/publickey.asc
I threw that configuration you posted on a working vsftpd (working without SSL) on CentOS 5 and can only confirm that it doesn't work. One obvious problem is port 990 as ftps wants to connect via port 990. In Filezilla you can choose to use FTPES which seems to connect to port 21 and force an SSL auth. This actually works as you get the certificate displayed to accept it and you can login. However, the directory listing fails. I tried changing to active, disallowing certain protocols etc. It all fails at the same stage. The link posted (http://bugs.proftpd.org/show_bug.cgi?id=3094) seems to apply exactly to this situation. So, you simply will not be able to work with a newer Filezilla client against a vsftpd server without this patch.
Status: Connecting to 192.168.1.232:21... Status: Connection established, waiting for welcome message... Response: 220 FTP Command: AUTH TLS Response: 234 Proceed with negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER kai Status: TLS/SSL connection established. Response: 331 Please specify the password. Command: PASS ******** Response: 230 Login successful. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: AUTH SSL Response: AUTH TLS Response: EPRT Response: EPSV Response: MDTM Response: PASV Response: PBSZ Response: PROT Response: REST STREAM Response: SIZE Response: TVFS Response: 211 End Command: PBSZ 0 Response: 200 PBSZ set to 0. Command: PROT P Response: 200 PROT now Private. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" Command: TYPE I Response: 200 Switching to Binary mode. Command: PASV Response: 227 Entering Passive Mode (192,168,1,232,75,253) Command: LIST Response: 150 Here comes the directory listing. Status: Server did not properly shut down TLS connection Error: Transfer connection interrupted: ECONNABORTED - Connection aborted Response: 226 Directory send OK. Error: Failed to retrieve directory listing
Kai
Kai Schaetzl wrote:
I threw that configuration you posted on a working vsftpd (working without SSL) on CentOS 5 and can only confirm that it doesn't work. One obvious problem is port 990 as ftps wants to connect via port 990. In Filezilla you can choose to use FTPES which seems to connect to port 21 and force an SSL auth. This actually works as you get the certificate displayed to accept it and you can login. However, the directory listing fails. I tried changing to active, disallowing certain protocols etc. It all fails at the same stage. The link posted (http://bugs.proftpd.org/show_bug.cgi?id=3094) seems to apply exactly to this situation. So, you simply will not be able to work with a newer Filezilla client against a vsftpd server without this patch.
Status: Connecting to 192.168.1.232:21... Status: Connection established, waiting for welcome message... Response: 220 FTP Command: AUTH TLS Response: 234 Proceed with negotiation. Status: Initializing TLS... Status: Verifying certificate... Command: USER kai Status: TLS/SSL connection established. Response: 331 Please specify the password. Command: PASS ******** Response: 230 Login successful. Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Features: Response: AUTH SSL Response: AUTH TLS Response: EPRT Response: EPSV Response: MDTM Response: PASV Response: PBSZ Response: PROT Response: REST STREAM Response: SIZE Response: TVFS Response: 211 End Command: PBSZ 0 Response: 200 PBSZ set to 0. Command: PROT P Response: 200 PROT now Private. Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" Command: TYPE I Response: 200 Switching to Binary mode. Command: PASV Response: 227 Entering Passive Mode (192,168,1,232,75,253) Command: LIST Response: 150 Here comes the directory listing. Status: Server did not properly shut down TLS connection Error: Transfer connection interrupted: ECONNABORTED - Connection aborted Response: 226 Directory send OK. Error: Failed to retrieve directory listing
Kai
Hi Kai,
Thanks for your input. I had problem with SmartFTP too which was supposed to work with this setup. Then, i don't know if i should report a bug...
It's just too bad i can't make this work...
Ragards,
Guy Boisvert, ing. IngTegration inc.
Guy Boisvert wrote on Sat, 20 Dec 2008 15:41:05 -0500:
Thanks for your input. I had problem with SmartFTP too which was supposed to work with this setup. Then, i don't know if i should report a bug...
Well, for one, this is a bug, security-related, that was fixed in vsftpd 2.0.7. So, it should get back-ported. I just filed a bug on bugs.centos.org and hope that someone can carry it over to the RedHat bug tracker.
Kai
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Guy Boisvert Sent: Friday, December 19, 2008 12:43 PM To: CentOS mailing list Subject: [CentOS] FTPS setup problem
Hi!
I'm trying to figure out what's going wrong with a "simple" FTPS setup and VSFTPD.
I saw references on Google and tried, and tried, and tried... without success.
I'll start by explaining my situation: I have a WEB development server behind a firewall. It's currently only for the intranet. We now have an external company that will have to do a new website for us and we want them to access securely our development server.
Internally, we access it with regular FTP (we use DreamWeaver 8). In the references i saw, i'd just add the following lines and it is supposed to work:
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem
Here are the previous lines in my vsftpd config:
anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd/vsftpd.chroot_list pam_service_name=vsftpd userlist_enable=YES listen=YES tcp_wrappers=YES
I generated the PEM cert with the following command:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
I tried to connect with FileZilla without luck. I heard that FileZilla may have a problem with vsftpd in FTPS mode so i downloaded SmartFTP which i read should be able to connect.
When i try, i get this error message:
SSL/TLS client handshake failed (Error = 0x80090308)
Does anybody could give me a pointer on this?
---------------
Why are they not using using Dreamweaver to access the ftp site??? This can be done! Look at the top menus, Sites | Manage Sites | New | FTP or RDP | Then Choose SFTP in the Dropdown Box |.
JohnStanley
John wrote on Sat, 20 Dec 2008 11:16:01 -0500:
Why are they not using using Dreamweaver to access the ftp site??? This can be done! Look at the top menus, Sites | Manage Sites | New | FTP or RDP | Then Choose SFTP in the Dropdown Box |.
He's testing it. Access with Dreamweaver may indeed work.
Kai
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Kai Schaetzl Sent: Saturday, December 20, 2008 11:32 AM To: centos@centos.org Subject: Re: [CentOS] FTPS setup problem
John wrote on Sat, 20 Dec 2008 11:16:01 -0500:
Why are they not using using Dreamweaver to access the ftp
site??? This can
be done! Look at the top menus, Sites | Manage Sites | New
| FTP or RDP |
Then Choose SFTP in the Dropdown Box |.
He's testing it. Access with Dreamweaver may indeed work.
---- Ahh, DW will connect to my my ftp machine but I don't know about sftp. To me it is just easier to use DW or Visual Studio internal ftp tools to manage a site easier. I will try his config later on just to check it outwith DW.
JohnStanley
John wrote:
He's testing it. Access with Dreamweaver may indeed work.
Ahh, DW will connect to my my ftp machine but I don't know about sftp. To me it is just easier to use DW or Visual Studio internal ftp tools to manage a site easier. I will try his config later on just to check it outwith DW.
JohnStanley
... and SFTP is not the same as FTPS.
Actually, i tried with FileZilla (it seems to have an official bug with vsftpd and FTPS) and SmartFTP and both had problems.
So that's why i asked the question to the list. I dunno if i have something wrong with the config, or any other subtility.
Guy Boisvert, ing. IngTegration inc.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Guy Boisvert Sent: Saturday, December 20, 2008 3:38 PM To: CentOS mailing list Subject: Re: [CentOS] FTPS setup problem
John wrote:
He's testing it. Access with Dreamweaver may indeed work.
Ahh, DW will connect to my my ftp machine but I don't know
about sftp. To me
it is just easier to use DW or Visual Studio internal ftp
tools to manage a
site easier. I will try his config later on just to check
it outwith DW.
JohnStanley
... and SFTP is not the same as FTPS.
Actually, i tried with FileZilla (it seems to have an official bug with vsftpd and FTPS) and SmartFTP and both had problems.
So that's why i asked the question to the list. I dunno if i have something wrong with the config, or any other subtility.
--------------
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem
In the below could you just try only one type to see if that will work? As in "ssl_sslv2=YES" ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=NO
John wrote:
Why are they not using using Dreamweaver to access the ftp site??? This can be done! Look at the top menus, Sites | Manage Sites | New | FTP or RDP | Then Choose SFTP in the Dropdown Box |.
JohnStanley
Hi John,
I'd certainly like to but i am at the config/testing stage! If i can't validate vsftpd working ok with SSL/TLS, i won't tell my client to try to connect with DreamWeaver.
Guy Boisvert, ing. IngTegration inc.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Guy Boisvert Sent: Saturday, December 20, 2008 2:30 PM To: CentOS mailing list Subject: Re: [CentOS] FTPS setup problem
John wrote:
Why are they not using using Dreamweaver to access the ftp
site??? This can
be done! Look at the top menus, Sites | Manage Sites | New
| FTP or RDP |
Then Choose SFTP in the Dropdown Box |.
JohnStanley
Hi John,
I'd certainly like to but i am at the config/testing stage! If i can't validate vsftpd working ok with SSL/TLS, i won't tell my client to try to connect with DreamWeaver.
------- Tell him to load up Dreamweaver... Here is the answer:
ethans27 sshd[10741]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ethan27 Dec 21 02:08:08 ethans27 sshd[10743]: Accepted password for ethan from 192.168.0.1 port 1938 ssh2 Dec 21 02:08:08 ethans27 sshd[10743]: pam_unix(sshd:session): session opened for user ethan by (uid=0) Dec 21 02:08:08 ethans27 sshd[10745]: subsystem request for sftp Dec 21 02:08:09 ethans27 sshd[10743]: pam_unix(sshd:session): session closed for user ethan Dec 21 02:08:12 ethans27 sshd[10763]: Accepted password for ethan from 192.168.0.1 port 1941 ssh2 Dec 21 02:08:12 ethans27 sshd[10763]: pam_unix(sshd:session): session opened for user ethan by (uid=0) Dec 21 02:08:12 ethans27 sshd[10765]: subsystem request for sftp Dec 21 02:11:04 ethans27 sshd[10763]: pam_unix(sshd:session): session closed for user ethan ----------------- The config file as follows choose one or the other authentication method.
anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd/vsftpd.chroot_list pam_service_name=vsftpd userlist_enable=YES listen=YES tcp_wrappers=YES ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO ssl_tlsv1=NO ssl_sslv2=YES ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem
Cert generation: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout \ /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
This configuration as is will work with Dreamweaver 8 and Visual Studio as tested. Now for Filezilla and the other FTP Utilities I can not account for. It does chroot the user to his/her home directory.
-
Alain Reguera Delgado -
Bill Campbell -
Bob Hoffman -
Guy Boisvert -
John -
John R Pierce -
Kai Schaetzl -
Ray Van Dolson