[CentOS] FTPS setup problem

Sat Dec 20 13:28:15 UTC 2008
Kai Schaetzl <maillists at conactive.com>

I threw that configuration you posted on a working vsftpd (working without 
SSL) on CentOS 5 and can only confirm that it doesn't work. One obvious 
problem is port 990 as ftps wants to connect via port 990. In Filezilla 
you can choose to use FTPES which seems to connect to port 21 and force an 
SSL auth. This actually works as you get the certificate displayed to 
accept it and you can login. However, the directory listing fails. I tried 
changing to active, disallowing certain protocols etc. It all fails at the 
same stage.
The link posted (http://bugs.proftpd.org/show_bug.cgi?id=3094) seems to 
apply exactly to this situation. So, you simply will not be able to work 
with a newer Filezilla client against a vsftpd server without this patch.

Status: Connecting to 192.168.1.232:21...
Status: Connection established, waiting for welcome message...
Response:   220 FTP
Command:    AUTH TLS
Response:   234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command:    USER kai
Status: TLS/SSL connection established.
Response:   331 Please specify the password.
Command:    PASS ********
Response:   230 Login successful.
Command:    SYST
Response:   215 UNIX Type: L8
Command:    FEAT
Response:   211-Features:
Response:    AUTH SSL
Response:    AUTH TLS
Response:    EPRT
Response:    EPSV
Response:    MDTM
Response:    PASV
Response:    PBSZ
Response:    PROT
Response:    REST STREAM
Response:    SIZE
Response:    TVFS
Response:   211 End
Command:    PBSZ 0
Response:   200 PBSZ set to 0.
Command:    PROT P
Response:   200 PROT now Private.
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/"
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,232,75,253)
Command:    LIST
Response:   150 Here comes the directory listing.
Status: Server did not properly shut down TLS connection
Error:  Transfer connection interrupted: ECONNABORTED - Connection aborted
Response:   226 Directory send OK.
Error:  Failed to retrieve directory listing

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com