Reconfiguring FTP to FTPS

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Locked
Message
Author
PriFernanda
500 Command not understood
Posts: 3
Joined: 2020-05-21 18:08
First name: Pri
Last name: Fernanda

Reconfiguring FTP to FTPS

#1 Post by PriFernanda » 2020-05-21 18:26

I enabled FTP over TLS on FileZilla server, using "self generating" the certificate and it worked fine when I tested from FileZilla CLient, even outside my "LAN".
But, one of my partners, that has an automation to send me files via FTP failled to submit with error 530 - server only accept FTP over TLS.
I am sorry about my maybe "ignorant" question: how can "clientes", over internet, connect to FileZilla Server now FTP over TLS? I am testing via Windows FTP command prompt and it´s also getting same error. Is there something missing in regards to certificate or just tell my partner to setup his cliente to use FTP over TLS? Sorry if it´s too basic, I am new to this "FTP world".

User avatar
boco
Contributor
Posts: 25094
Joined: 2006-05-01 03:28
Location: Germany

Re: Reconfiguring FTP to FTPS

#2 Post by boco » 2020-05-21 23:38

In order to use FTP over TLS, both endpoints (client and server) must support it. The Windows ftp.exe and your partner's FTP implementation do not support it. These two clients can communicate with your server using plain FTP only (no encryption possible).

You seem to have made FTP over TLS mandatory in your server. Thus, all clients without TLS support are effectively locked out. There are two options:

1. Preferred option is to upgrade your partner's FTP client implementation to support FTP over TLS. But this might not always be possible.
2. In the FileZilla Server settings, don't use the "Disallow plain FTP connections" checkbox. That way, clients can still connect without having to use FTP over TLS. If you don't want that, make a special account with the "Force TLS for user login" option completely unchecked. Hand out the login data for that special account only to your partner, so he's the only one able to connect unencrypted.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

PriFernanda
500 Command not understood
Posts: 3
Joined: 2020-05-21 18:08
First name: Pri
Last name: Fernanda

Re: Reconfiguring FTP to FTPS

#3 Post by PriFernanda » 2020-05-22 13:43

THANKS so much for such a clear and detailled reply. Last questions, after reading more documentation:

1 - If I check the Enable FTP over TLS support (FTPS) and uncheck the Disallow plain unencrypted FTP, BUT let the "Force PROT P to encrypt file transfers when using FTP over TLS", does that mean the partners will be able to connect without FTPS BUT data transfer will be all encrypted?

2 - Is there a way to create scripts on parters client to connect to FileZilla Server, using FTPS without installing the FileZilla Client ? If so, does that info is present in the Guidance/Manual you offer?

Thanks again

User avatar
boco
Contributor
Posts: 25094
Joined: 2006-05-01 03:28
Location: Germany

Re: Reconfiguring FTP to FTPS

#4 Post by boco » 2020-05-23 02:58

1. No. If the client does not support FTP over TLS, then, that's true for all connections. These clients simply do not know how to handle encrypted data, at all.
The option just means that IF the client sends AUTH TLS/SSL for enabling FTP over TLS, all transfers will also need to be encrypted (this level of complete encryption is called PROT P).
There is also a level called PROT C where only the command channel (login data and commands) is encrypted while the transfers aren't. With the option checked, that lower level of protection is not allowed.

Again, "Force PROT P to encrypt file transfers when using FTP over TLS" does nothing for non-TLS connections. Transferring over VPN or other secure tunnel would be the only way to secure plain FTP connections.


2. Scripting and all that stuff is 100% a client thing. FTP over TLS is only possible if the used FTP client supports it. FileZilla Client cannot be used as it is not scriptable (and thus we don't have any manual for it). Windows ftp.exe cannot be used as it lacks the most basic support, namely Passive mode, any way of configuration, and FTP over TLS.

So you'd need an FTP client, preferably command-line driven, that supports at least:
1. Passive mode (PASV and/or EPSV).
2. FTP over TLS v1.1 or higher.

There are some in the wild, like lftp or cURL.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

PriFernanda
500 Command not understood
Posts: 3
Joined: 2020-05-21 18:08
First name: Pri
Last name: Fernanda

Re: Reconfiguring FTP to FTPS

#5 Post by PriFernanda » 2020-05-25 14:03

Thanks Boco! We can close this Topic! It´s 100% resolved!
Thanks again. Be safe!

User avatar
boco
Contributor
Posts: 25094
Joined: 2006-05-01 03:28
Location: Germany

Re: Reconfiguring FTP to FTPS

#6 Post by boco » 2020-05-25 20:57

[Closed] on request of topic owner.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Locked