FTPS is not working

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
franc
504 Command not implemented
Posts: 8
Joined: 2009-09-11 22:40

FTPS is not working

#1 Post by franc » 2009-09-11 22:52

Hello,

i have a FTP-Server (proFTPd) which supports FTPS (FTP over TLS).
I have no problems to login with totalcommander over ftps, but with FileZilla it doesn't work.

I put into Server: ftps://myservername.tld

but after a while there is a timeout. In Total Commander the same connection works.

What is needed to connect with ftps in filezilla? Is it possible?

Thank you, regards, franc

User avatar
boco
Contributor
Posts: 25094
Joined: 2006-05-01 03:28
Location: Germany

Re: FTPS is not working

#2 Post by boco » 2009-09-12 06:48

Explicit FTPS? Try ftpes://myservername.tld - ftps:// is for Implicit on port 990.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

franc
504 Command not implemented
Posts: 8
Joined: 2009-09-11 22:40

Re: FTPS is not working

#3 Post by franc » 2009-09-12 08:48

Thank you, it't better now, but still not working:

My protocol in FileZilla:

Status: Resolving address of mydomain.tld
Status: Connecting to 11.22.33.44:21...
Status: Connection established, waiting for welcome message...

Response: 220 mydomain.tld FTP
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...

Command: USER ftp_user
Status: TLS/SSL connection established.
Response: 331 Password required for ftp_user
Command: PASS ************
Response: 230 User ftp_user logged in
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Connected
Status: Retrieving directory listing...

Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (92,51,165,202,200,176).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted
Response: 226 Transfer complete
Error: Failed to retrieve directory listing

What could it be?
It is the same in active mode.

Totalcommander gives me:

Code: Select all

----------
Connect to: (12.09.2009 10:41:13)
hostname=mydomain.tld
username=ftp_mydomain
startdir=/
mydomain.tld=11.22.33.44
220 mydomain.tld FTP
AUTH TLS
234 AUTH TLS successful
Cert subject: /C=DE/ST=State/O=MyName./CN=mydomain.tld/emailAddress=info@mydomain.tld
Cert issuer: /C=DE/ST=State/L=City/O=MyName./CN=MyName/emailAddress=info@mydomain.tld
USER ftp_mydomain
331 Password required for ftp_mydomain
PASS ***********
230 User ftp_mydomain logged in
SYST
215 UNIX Type: L8
FEAT
211-Features:
 MDTM
 AUTH TLS
 PBSZ
 PROT
 REST STREAM
 SIZE
211 End
PBSZ 0
200 PBSZ 0 successful
PROT P
200 Protection set to Private
OPTS UTF8 ON
500 OPTS UTF8 not understood
CWD /
250 CWD command successful
Connect ok!
PWD
257 "/" is the current directory
Get directory
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (92,51,165,202,242,103).
LIST -la
150 Opening ASCII mode data connection for file list
Download
Waiting for server...
226 Transfer complete
I found now:

http://trac.filezilla-project.org/ticket/3661

Where it seems to be a bug in my server. But it is my server and i don't fear any attacks from it, so is there a switch in FileZilla 3.x to switch the check of this "server bug" off?

If there is not, i just switch back to FileZilla 2 where it seems to work.
Last edited by franc on 2009-09-12 09:02, edited 1 time in total.

User avatar
boco
Contributor
Posts: 25094
Joined: 2006-05-01 03:28
Location: Germany

Re: FTPS is not working

#4 Post by boco » 2009-09-12 08:57

Status: Server did not properly shut down TLS connection
This means your server has a security vulnerability.

See http://forum.filezilla-project.org/view ... f=2&t=7688 .
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

franc
504 Command not implemented
Posts: 8
Joined: 2009-09-11 22:40

Re: FTPS is not working

#5 Post by franc » 2009-09-12 09:22

boco wrote:
Status: Server did not properly shut down TLS connection
This means your server has a security vulnerability.

See http://forum.filezilla-project.org/view ... f=2&t=7688 .
Yes, i see it now. I have proFTPd 1.3.1 only. Need to update it, or to use another FTPS client, e.g. i stay with Total Commander, which works fine.

User avatar
botg
Site Admin
Posts: 32907
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FTPS is not working

#6 Post by botg » 2009-09-12 12:02

It doesn't work fine, it's subject to a well known security vulnerability.

franc
504 Command not implemented
Posts: 8
Joined: 2009-09-11 22:40

Re: FTPS is not working

#7 Post by franc » 2009-09-12 14:57

But what is the security risk, if i use this "vulnerable program" just with my server?
I know my server and trust him. So where is the risk?

Anyway, mostly i don't use FTP(S) but SFTP with WinSCP, this is even more secure.
But when i upload some webpages to the server, with SSH i have to change owner to www-data, with proFTPd the ftp-users are uploading as www-root, this is handier.

User avatar
botg
Site Admin
Posts: 32907
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: FTPS is not working

#8 Post by botg » 2009-09-12 15:24

Subject to man-in-the-middle file truncation attacks.

franc
504 Command not implemented
Posts: 8
Joined: 2009-09-11 22:40

Re: FTPS is not working

#9 Post by franc » 2009-09-14 06:39

A nice dude gave me this link:

https://launchpad.net/~cschieli/+archive/ppa

I am on Ubuntu 8.04, so i put:

deb http://ppa.launchpad.net/cschieli/ppa/ubuntu hardy main
deb-src http://ppa.launchpad.net/cschieli/ppa/ubuntu hardy main


into:

/etc/apt/sources.list

and updated proftpd with aptitude and it works!

No more:

Status: Server did not properly shut down TLS connection
Error: Could not read from transfer socket: ECONNABORTED - Connection aborted


in the log.

Thank you, Hibbelharry!

Regards, franc

Post Reply