Hello,
I have just installed a new server with Centos 7.2 and vsftpd server on it.
The ftp plugin of Salamander works OK with this ftp server, until I have enabled SSL in vsftpd and especially option force_local_data_ssl=YES
The problem I see is that it can't list directory tree when data channel encryption is on.
In the same time it works OK when only control connection is encrypted. So when only control connection is encrypted - from the vsftp side with option force_local_logins_ssl=YES Salamander works OK, but when data connection is encrypted it does not list directory.
I have tested my ftp server with filezilla and no problem observed.
I do not have doubts that the problem is in the server part (vsftpd) as I have another one identical ftp servers and my configuration is from https://access.redhat.com/solutions/3436.
Could someone test with similar configuration SSL enabled Vsftpd ftp server and latest Salamander 3.0.7. Can you reproduce the problem?
regards
Nikolay Kabaivanov
FTP plugin do not work with SSL Encrypted Data connection
FTP plugin do not work with SSL Encrypted Data connection
- Attachments
-
- screenshot from ftp connection with SSL enabled (control and data channel encrypted) ftp server
- 1.jpg (320.47 KiB) Viewed 10719 times
-
- ALTAP Staff
- Posts: 1112
- Joined: 08 Dec 2005, 09:13
- Location: Novy Bor, Czech Republic
- Contact:
Re: FTP plugin do not work with SSL Encrypted Data connection
Please try to use passive transfer mode: click Advanced button in Connect to FTP server dialog, select: Use passive transfer mode, click OK, click Connect.
If still not working, send us log from this session. Send it to forum or to my email if it contains sensitive data. Use ESC to stop waiting for listing, right click panel, choose Show Log from context menu. In FTP Logs window use menu File / Save As. You can also send us log from other FTP client which is working well on this server, we will see difference in communication with server. Thanks!
If still not working, send us log from this session. Send it to forum or to my email if it contains sensitive data. Use ESC to stop waiting for listing, right click panel, choose Show Log from context menu. In FTP Logs window use menu File / Save As. You can also send us log from other FTP client which is working well on this server, we will see difference in communication with server. Thanks!
Re: FTP plugin do not work with SSL Encrypted Data connection
Has this been solved.
I'm facing the exact same issue when trying to connect to ftp on IIS.
....
SSL INFO: TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384 256 Bits
(14:04:19): Die Verifizierung des Serverzertifikates ist fehlgeschlagen.
(14:04:20): Das Serverzertifikat wurde vom Benutzer akzeptiert (allerdings ist die Serveridentität nicht bestätigt).
PBSZ 0
200 PBSZ command successful.
PROT P
200 PROT command successful.
USER ftpuser
331 Password required
PASS (Versteckt)
230-Welcome
230 User logged in.
(14:04:20): Erfolgreich eingeloggt, hole Systeminformationen...
SYST
215 Windows_NT
PWD
257 "/" is current directory.
(14:04:20): Wechsle den Pfad nach "/"...
CWD /
250 CWD command successful.
PWD
257 "/" is current directory.
(14:04:20): Liste Pfad "/"...
PASV
227 Entering Passive Mode (62,2,84,154,234,161).
TYPE A
200 Type set to A.
LIST
150 Opening ASCII mode data connection.
(14:04:20): SSL FEHLER: Kann keine verschlüsselte Verbindung aufbauen, SSL_connect gibt 5: error:00000005:lib(0):func(0):DH lib zurück
(14:04:50): Vorgang durch Benutzer abgebrochen.
(14:04:50): Textliste wurde von "IBM z/VM (CMS) 1"-Servertyp analysiert...
I'm facing the exact same issue when trying to connect to ftp on IIS.
....
SSL INFO: TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384 256 Bits
(14:04:19): Die Verifizierung des Serverzertifikates ist fehlgeschlagen.
(14:04:20): Das Serverzertifikat wurde vom Benutzer akzeptiert (allerdings ist die Serveridentität nicht bestätigt).
PBSZ 0
200 PBSZ command successful.
PROT P
200 PROT command successful.
USER ftpuser
331 Password required
PASS (Versteckt)
230-Welcome
230 User logged in.
(14:04:20): Erfolgreich eingeloggt, hole Systeminformationen...
SYST
215 Windows_NT
PWD
257 "/" is current directory.
(14:04:20): Wechsle den Pfad nach "/"...
CWD /
250 CWD command successful.
PWD
257 "/" is current directory.
(14:04:20): Liste Pfad "/"...
PASV
227 Entering Passive Mode (62,2,84,154,234,161).
TYPE A
200 Type set to A.
LIST
150 Opening ASCII mode data connection.
(14:04:20): SSL FEHLER: Kann keine verschlüsselte Verbindung aufbauen, SSL_connect gibt 5: error:00000005:lib(0):func(0):DH lib zurück
(14:04:50): Vorgang durch Benutzer abgebrochen.
(14:04:50): Textliste wurde von "IBM z/VM (CMS) 1"-Servertyp analysiert...
-
- ALTAP Staff
- Posts: 1112
- Joined: 08 Dec 2005, 09:13
- Location: Novy Bor, Czech Republic
- Contact:
Re: FTP plugin do not work with SSL Encrypted Data connection
Please try if it works from other FTP client, e.g. Filezilla. If yes, send also log from this FTP client. Thanks!
Re: FTP plugin do not work with SSL Encrypted Data connection
Hi
Yes it was solved, but the problem was not the Salamander. My problem was in the vsftpd and the csf firewall that I use.
Vsftpd should contain these lines in order to know which exactly port will use this passive connection. In this way you can enable this port range in the firewall.
pasv_enable=YES
pasv_min_port=31200
pasv_max_port=31220
If you did not explicitly define these ports, they will be random during connection and you can not allow them trough the firewall.
Regards
Nikolay Kabaivanov
Yes it was solved, but the problem was not the Salamander. My problem was in the vsftpd and the csf firewall that I use.
Vsftpd should contain these lines in order to know which exactly port will use this passive connection. In this way you can enable this port range in the firewall.
pasv_enable=YES
pasv_min_port=31200
pasv_max_port=31220
If you did not explicitly define these ports, they will be random during connection and you can not allow them trough the firewall.
Regards
Nikolay Kabaivanov
Re: FTP plugin do not work with SSL Encrypted Data connection
Hi Nikolay
Thanks ... that reminded me on a setting in IIS.
It now works when I remove the port range and external IP in IIS.
It seems as if Salamander does not respond to the defined ports on the server and is still trying to use its default ports for the data connection.
However, for external SSL access I may need these settings.
Need to do more test ... and I'm open for any hints
Regards,
Franz
Thanks ... that reminded me on a setting in IIS.
It now works when I remove the port range and external IP in IIS.
It seems as if Salamander does not respond to the defined ports on the server and is still trying to use its default ports for the data connection.
However, for external SSL access I may need these settings.
Need to do more test ... and I'm open for any hints
Regards,
Franz