Can't Connect to Anything :| Fails after command: Command: AUTH TLS

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
rkbroski
504 Command not implemented
Posts: 7
Joined: 2019-08-21 16:18
First name: rob
Last name: Kermit

Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#1 Post by rkbroski » 2019-08-21 16:23

Hey guys,

So I thought it might have been my host stopping me from connecting because I'm in a different country, but I just installed Core and had no issues.

Here's the log I get when trying to connect to my server:

Status: Resolving address of ftp.xxx.com
Status: Connecting to xx.xxx.xx.xxx:21...
Status: Connection established, waiting for welcome message...
Response: 220-#########################################################
Response: 220-Please upload your web files to the public_html directory.
Response: 220-Note that letters are case sensitive.
Response: 220-#########################################################
Response: 220 This is a private system - No anonymous login
Command: AUTH TLS
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server

1) I've tried alternative client and it works
2) I've tried running the network wizard and I can't even connect to your servers

Connecting to probe.filezilla-project.org
Connection established, waiting for welcome message.
Response: 220 FZ router and firewall tester ready
USER FileZilla
Connection timed out.
Connection closed

3) I've uninstalled and reinstalled

Any help you could provide would be awesome, thanks for the kick ass software :)

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#2 Post by botg » 2019-08-22 18:18

Failure to receive a reply to the AUTH command is almost always the result of a malicious firewall actively sabotaging the connection.

rkbroski
504 Command not implemented
Posts: 7
Joined: 2019-08-21 16:18
First name: rob
Last name: Kermit

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#3 Post by rkbroski » 2019-08-23 08:13

Crikey, other than running malware bytes, do you have any other suggestions for this?

rkbroski
504 Command not implemented
Posts: 7
Joined: 2019-08-21 16:18
First name: rob
Last name: Kermit

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#4 Post by rkbroski » 2019-08-24 09:27

I just ran a complete Windows Reset, and am still getting the same error...

User avatar
boco
Contributor
Posts: 24654
Joined: 2006-05-01 03:28
Location: Germany

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#5 Post by boco » 2019-08-24 22:36

Please test the server with the https://ftptest.net site (FTPS Explicit profile). My guess is that the server does only have weak ciphers enabled that FileZilla does not support, anymore.

The other client either does not use FTPS Explicit by default (thus no AUTH TLS), or it agrees on weak ciphers "for compatibility reasons"). Both cases are equally terrifying.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#6 Post by botg » 2019-08-25 07:14

If it's just a weak cipher issue there would be an error message about this. Getting no response at all typically means firewall.

rkbroski
504 Command not implemented
Posts: 7
Joined: 2019-08-21 16:18
First name: rob
Last name: Kermit

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#7 Post by rkbroski » 2019-08-26 14:54

from https://ftptest.net:

Your server is working and assorted routers/firewalls have been correctly configured for explicit FTP over TLS as performed by this test. However there have been warnings about compatibility issues, not all users will be able to use your server.

tested the same account with Filezilla and it hung for ages on

"Status: Connection established, waiting for welcome message..."

then got to AUTH TLS and failed.

Then I tested it with Core and went straight into the directory, real quick.

I like FileZilla and would prefer to keep using it, PLUS am now worried about what botg said about it maybe being some malicious firewall actively sabotaging the connection.

Would I test this by going through all the entries in my firewall?

Cheers guys appreciate the help.

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#8 Post by botg » 2019-08-26 15:55

What country are you in now? Some third-world countries really take issue with security and do everything in their power to force people to use insecure protocols. Regarding the competing product you tried, as far as I know it does not prefer secure protocols, it is insecure by default.

rkbroski
504 Command not implemented
Posts: 7
Joined: 2019-08-21 16:18
First name: rob
Last name: Kermit

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#9 Post by rkbroski » 2019-08-27 04:24

I'm in the Philippines connecting to a Siteground server in the US

Ahh, thanks for the info with the competing software. How bad is it to use these insecure protocols?

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#10 Post by botg » 2019-08-27 07:55

Using an insecure protocol your password is sent in clear over the Internet. Everyone listening on the route between the client and the server can read this password and then later use it to log into your account on the server and tamper with your files.

Same with your files you transfer using an insecure protocol: Everyone listening on the route can not just read the exchanged files, but also change it in transit.

As for the routes the data takes, there is a shocking lack of security in the protocols used to manage routing information. It is only because end-users don't get access to these protocols that tings like BGP hijacking aren't more prevalent. With the rise of the semi-cold cyber war on, it at least starts to get seen as a serious problem, better late than never.

How does this affect you, even if you have nothing to hide? Consider this hypothetical scenario: Let's assume China wants part of the Philippine territory. As this probably leads to war, it is good to weaken the enemy beforehand. Good ways to do this is to destabilize the enemy domestically, or economically. Let's say you manage a blog on your website. You upload some files with an insecure protocol, and now without your knowledge your website suddenly reports on your life as drug dealer. With the war on drugs in the Philippines this can be quite problematic, try explaining to the authorities that it wasn't you who has written that. This easily destroys the life of honest citizens and if it hits a tourist, would severely impact foreign relations and thus future tourism and trade. Mission accomplished.

Just one of countless scenarios, the possibilities are infinite. Even if it doesn't seem likely, it could happen at any time. Why take an unnecessary risk if using a secure protocol trivially prevents it without any extra costs?

rkbroski
504 Command not implemented
Posts: 7
Joined: 2019-08-21 16:18
First name: rob
Last name: Kermit

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#11 Post by rkbroski » 2019-09-06 17:22

wow, thanks for the awesome breakdown botg

hopefully accessing the file manager on my cPanel is more secure (it's https), than using core.

Shame I can't use FileZilla anymore :/

User avatar
boco
Contributor
Posts: 24654
Joined: 2006-05-01 03:28
Location: Germany

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#12 Post by boco » 2019-09-06 21:39

@botg: Could that be another example of a server not properly handling TLS 1.3?
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
All FileZilla products fully support IPv6. http://worldipv6launch.org
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#13 Post by botg » 2019-09-09 06:56

boco wrote:
2019-09-06 21:39
@botg: Could that be another example of a server not properly handling TLS 1.3?
Unlikely. The response to the AUTH command is sent by the server and received by the client before the client start s the TLS handshake starts.

rkbroski
504 Command not implemented
Posts: 7
Joined: 2019-08-21 16:18
First name: rob
Last name: Kermit

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#14 Post by rkbroski » 2019-09-09 16:00

So we think the issue is in my firewall, caused by something with ill intent! would that be right?

Any way I can troubleshoot from here?

User avatar
botg
Site Admin
Posts: 32336
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Can't Connect to Anything :| Fails after command: Command: AUTH TLS

#15 Post by botg » 2019-09-10 09:00

rkbroski wrote:
2019-09-09 16:00
So we think the issue is in my firewall, caused by something with ill intent! would that be right?
Possibly. It may also be a firewall sitting anywhere else on the link between you and the server.

Some shady ISPs for example inject advertisement into websites, I wouldn't put it behind them to block TLS for that purpose. Other ISPs have been caught blocking STARTTLS, preventing secure sending of email, see https://www.eff.org/deeplinks/2014/11/s ... de-attacks for details.

To trouble-shoot, remove all third-party firewalls, AV products, security solutions, VPN software and the likes from your own computer. If it works, problem solved. If it still fails, try a different ISP.

Post Reply