Cannot Get FTP to work ?

Discussion in 'Installation/Configuration' started by cmsits, May 12, 2013.

Page 1 of 2
  1. cmsits

    cmsits New Member

    I've spent numberous days trying to ber able to connect to my ISPConfig 3 server using FTP and cannot get It to work. Has anyone else had simular problems & If YES how did they sort out the problem ?

    Any response would be better than NONE

    regards CMSITS :)
     
    cmsits, May 12, 2013
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There are no known problems eith ftp. You should check your server log files and ftp client log for a detailed error message.
     
    till, May 12, 2013
    #2
  3. cmsits

    cmsits New Member

    Last edited: May 12, 2013
    cmsits, May 12, 2013
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Check the logs in /var/log/, espacially syslog, mesages and pur-ftpd log.
     
    till, May 12, 2013
    #4
  5. cmsits

    cmsits New Member

    DID > require explicit FTP over TLS

    I've added an attachment:
    require explicit FTP over TLS

    As shown NO details I added step by step at the bottom of page 4 ?

    Connecting to 192.168.1.121:21...
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 1 of 50 allowed.
    Response: 220-Local time is now 16:14. Server port: 21.
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command: AUTH TLS
    Response: 234 AUTH TLS OK.
    Status: Initializing TLS...
    Status: Verifying certificate...
    Command: USER root
    Status: TLS/SSL connection established.
    Response: 331 User root OK. Password required
    Command: PASS **********
    Response: 530 Login authentication failed
    Error: Critical error
    Error: Could not connect to server

    CHECK LOGS:
    pureftpd.log = Empty

    ssl_error_log =
    [Sun May 12 16:00:20 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

    error.log =
    [Sun May 12 15:40:19 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Sun May 12 15:40:19 2013] [notice] Digest: generating secret for digest authentication ...
    [Sun May 12 15:40:19 2013] [notice] Digest: done
    [Sun May 12 15:40:19 2013] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
    [Sun May 12 15:56:00 2013] [notice] caught SIGTERM, shutting down
    [Sun May 12 15:56:01 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Sun May 12 15:56:01 2013] [notice] Digest: generating secret for digest authentication ...
    [Sun May 12 15:56:01 2013] [notice] Digest: done
    [Sun May 12 15:56:02 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.7 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured --
    resuming normal operations

    No log handling enabled - turning on stderr logging
    Created directory: /var/lib/net-snmp/mib_indexes
    [Sun May 12 15:57:58 2013] [notice] caught SIGTERM, shutting down
    No log handling enabled - turning on stderr logging
    Created directory: /var/lib/net-snmp/mib_indexes
    [Sun May 12 15:57:59 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Sun May 12 15:57:59 2013] [notice] Digest: generating secret for digest authentication ...
    [Sun May 12 15:57:59 2013] [notice] Digest: done
    [Sun May 12 15:57:59 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.7 PHP/5.3.3 mod_ruby/1.3.0 Ruby/1.8.7(2011-06-30) mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

    [Sun May 12 16:00:18 2013] [notice] caught SIGTERM, shutting down
    [Sun May 12 16:00:19 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Sun May 12 16:00:19 2013] [notice] Digest: generating secret for digest authentication ...
    [Sun May 12 16:00:19 2013] [notice] Digest: done
    [Sun May 12 16:00:20 2013] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
    [Sun May 12 16:00:20 2013] [notice] mod_python: using mutex_directory /tmp
    [Sun May 12 16:00:20 2013] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.7 PHP/5.3.3 mod_python/3.3.1 Python/2.6.6 mod_ruby/1.3.0 Ruby/1.8.7(2011-06-30) mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

    What does that mean?
    What have I missed?
    I've gone over what I done step by step by the guide
     

    Attached Files:

    cmsits, May 12, 2013
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you accept he ssl cert in the screen you posted? As your ssl cert is a self signed cert, you will have to accept the certificte to be able to connect with tls.

    And oes he ftp connection eithout ls work?
     
    till, May 12, 2013
    #6
  7. cmsits

    cmsits New Member

    Yes accepted the certificate
    (should'nt that have the details I added on It?)
    and still didn't connect
     
    cmsits, May 12, 2013
    #7
  8. cmsits

    cmsits New Member

    Here are the settings I'm using In filezilla
    Am I missing something simple ??
     

    Attached Files:

    cmsits, May 12, 2013
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    And what about connections without tls?
     
    till, May 12, 2013
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    You use a wrong user. Root is not allowed for ftp. You will have to use. Ftp user that sou created in ispconfig.

    If you want to transfer files as root, use scp. There is a free application called winscp for that. Scp is a secure file protocol which works over ssh and which allows connections as root user.
     
    till, May 12, 2013
    #10
  11. cmsits

    cmsits New Member

    I'm quite new to this & the tutorial Bottom of page 4 says :
    That's it. You can now try to connect using your FTP client; however, you should configure your FTP client to use TLS.
    http://www.howtoforge.com/perfect-server-centos-6.4-x86_64-apache2-dovecot-ispconfig-3-p4

    this is well before ISPConfig Is Installed ???

    I can connect using SFTP

    But why is It not showing the details I added when doing this >

    In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/, therefore I create that directory first:

    mkdir -p /etc/ssl/private/

    Afterwards, we can generate the SSL certificate as follows:

    openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

    Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
    State or Province Name (full name) []: <-- Enter your State or Province Name.
    Locality Name (eg, city) [Default City]: <-- Enter your City.
    Organization Name (eg, company) [Default Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
    Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
    Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
    Email Address []: <-- Enter your Email Address.

    Change the permissions of the SSL certificate:

    chmod 600 /etc/ssl/private/pure-ftpd.pem
     
    cmsits, May 12, 2013
    #11
  12. Hairy

    Hairy Member

    That certificate will never be used.
    AND
    It cannot be done before ISPConfig is installed as you stated.

    Please look here

    http://www.howtoforge.com/forums/showthread.php?t=61799
     
    Hairy, May 12, 2013
    #12
  13. Hairy

    Hairy Member

    You could move the certificate you created using:
    Code:
    mv /etc/ssl/private/pure-ftpd.pem /etc/pki/pure-ftpd/pure-ftpd.pem
chmod 600 pure-ftpd.pem
    OR

    You could create a symbolic link to the certificate you created using:
    Code:
    ln -s /etc/ssl/private/pure-ftpd.pem /etc/pki/pure-ftpd/pure-ftpd.pem
     
    Hairy, May 12, 2013
    #13
  14. cmsits

    cmsits New Member

    I removed the #
    from TLS
    and saved restarted proftpd & still can't connect with filezilla ftp

    I've created website & created ftp user for that website and added the firewall record for the server all in ISPconfig 3 cp

    What have I missed ?
     
    cmsits, May 12, 2013
    #14
  15. cmsits

    cmsits New Member

    Connecting to 192.168.1.121:21...
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 1 of 50 allowed.
    Response: 220-Local time is now 18:43. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command: USER cmsits
    Response: 331 User cmsits OK. Password required
    Command: PASS **********
    Response: 530 Login authentication failed
    Error: Critical error
    Error: Could not connect to server
     
    cmsits, May 12, 2013
    #15
  16. cmsits

    cmsits New Member

    Connecting to 192.168.1.121:21...
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 1 of 50 allowed.
    Response: 220-Local time is now 18:45. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command: AUTH TLS
    Response: 234 AUTH TLS OK.
    Status: Initializing TLS...
    Status: Verifying certificate...
    Command: USER cmsits
    Status: TLS/SSL connection established.
    Response: 331 User cmsits OK. Password required
    Command: PASS **********
    Response: 530 Login authentication failed
    Error: Critical error
    Error: Could not connect to server
     
    cmsits, May 12, 2013
    #16
  17. cmsits

    cmsits New Member

    Seems everything goes through ok but refuses password ?
     
    cmsits, May 12, 2013
    #17
  18. Hairy

    Hairy Member

    I don't know about proftpd. I am using and referring to pure-ftpd. I also use FileZilla to connect.

    You shouldn't need to add a firewall record, unless perhaps you've setup an alternate port somewhere, or you've created your own firewall rule that blocks the default port.

    I don't know. Sorry :( Maybe, check that the username and passwords you are using are actually correct? .. Just a suggestion.
     
    Hairy, May 12, 2013
    #18
  19. cmsits

    cmsits New Member

    Sorry I meant PureFTPd

    I added the default firewall record for server. (thought I had to, but removed now)

    Its puzzelling me. can't seem to get ftp to work atall.
    even on virtual machines I've set up on laptop :(
    checked and re-checked usernames and passwords
     
    cmsits, May 13, 2013
    #19
  20. cmsits

    cmsits New Member

    May 13 08:55:43 centos1 pure-ftpd: ([email protected]) [INFO] New connection from 192.168.1.100
    May 13 08:55:43 centos1 pure-ftpd: ([email protected]) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
    May 13 08:55:48 centos1 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [cmsits]
    May 13 08:55:48 centos1 pure-ftpd: ([email protected]) [INFO] Logout.
    May 13 09:00:01 centos1 pure-ftpd: (?@::1) [INFO] New connection from ::1
    May 13 09:00:01 centos1 pure-ftpd: (?@::1) [INFO] Logout.
     
    cmsits, May 13, 2013
    #20
Page 1 of 2

Share This Page