Insecure server, it does not support FTP over TLS? It was working!

Discussion in 'Installation/Configuration' started by JohnnyBeGood, Apr 19, 2015.

  1. JohnnyBeGood

    JohnnyBeGood Member

    Hi all,

    I'm in process of moving wibsites onto new server and on the new server I folloowed this guide https://www.howtoforge.com/perfect-...hp-mysql-pureftpd-bind-dovecot-ispconfig-3-p5
    moved 2 sites and it worked because they're Wordpress. Third one is not Wordpress and did not work because it does not work with php v5.5.9 on the server. Old server had php v5.3.10 so I found this guide https://www.howtoforge.com/perfect-server-ubuntu-12.10-apache2-bind-dovecot-ispconfig-3-p4 and followed section
    14.3 Additional PHP Versions that's the last change I made before noticing my FTP password change in ISPconfig are no longer working and I'm getting below message saying I'm not using TLS? It worked already.
    I've searched the forums but could not find anything.
    Re-did section 16. Install PureFTPd And Quota but no luck. I spent so much time setting up everything and now I have to start from begging :(
    Code:
    Status:    Connecting to 198.27.xx.xxx:21...
Status:    Connection established, waiting for welcome message...
Status:    Insecure server, it does not support FTP over TLS.
Command:    USER username_example_com
Response:    331 User username_example_com OK. Password required
Command:    PASS **********
Response:    530 Login authentication failed
Error:    Critical error: Could not connect to server
     
    JohnnyBeGood, Apr 19, 2015
    #1
  2. JohnnyBeGood

    JohnnyBeGood Member

    Anyone? please.
     
    JohnnyBeGood, Apr 20, 2015
    #2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The first tutorial activates tls in pure-ftpd, so lets see if all settings are set. Post the output of:

    cat /etc/pure-ftpd/conf/TLS

    and

    ls -la /etc/ssl/private/
     
    till, Apr 20, 2015
    #3
  4. JohnnyBeGood

    JohnnyBeGood Member

    Thanks for the reply til!
    Here we go:
    Code:
    root@linux:~# cat /etc/pure-ftpd/conf/TLS
1
root@linux:~#
    Code:
    root@linux:~# ls -la /etc/ssl/private/
total 16
drwx--x--- 2 root ssl-cert 4096 Apr 11 20:50 .
drwxr-xr-x 4 root root     4096 Apr 11 19:09 ..
-rw------- 1 root root     3107 Apr 19 02:33 pure-ftpd.pem
-rw-r----- 1 root ssl-cert 1708 Apr 11 19:11 ssl-cert-snakeoil.key
root@linux:~#
     
    JohnnyBeGood, Apr 20, 2015
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats ok so far. Restart pure-ftpd and post the line that you get after the restart command on the shell.
     
    till, Apr 20, 2015
    #5
  6. JohnnyBeGood

    JohnnyBeGood Member

    Great!
    Here we go:
    Code:
    root@linux:~# service pure-ftpd-mysql restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql                                                                                        :/etc/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -E -                                                                                        A -D -u 1000 -b -Y 1 -8 UTF-8 -H -B
root@linux:~#
     
    JohnnyBeGood, Apr 20, 2015
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The start line is fin so far,, it contains the option -Y which enables tls in pure-ftpd.

    Are you really sure that you connect to the right server? I just did a test connection to my server and the status messages are very different, e.g. pure-ftpd shows its name in the first status message which is missing in your messages, so it might be that you connect to a different server that does not run pure-ftpd.
     
    till, Apr 20, 2015
    #7
  8. JohnnyBeGood

    JohnnyBeGood Member

    Ok, just to make sure I'm logging in into correct server for ispconfig I used IP instead of domain name. ie. https://serverIP:8080/index.php#
    and created new password. using putty connected to same server IP and in terminal I did this:

    Code:
    root@linux:~# ftp localhost
Connected to localhost.localdomain.
220-Welcome to cc-ftpd.
220-You are user number 1 of 50 allowed.
220-Local time is now 12:54. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:root): username_example_com
331 User username_example_com OK. Password required
Password:
530 Login authentication failed
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> exit
221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
221 Logout.
root@linux:~#
    Still can't login. Unless there's a restriction somewhere that prevent login from localhost terminal?
     
    JohnnyBeGood, Apr 20, 2015
    #8
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    please post the output of:

    netstat -tap | grep ftp
     
    till, Apr 20, 2015
    #9
  10. JohnnyBeGood

    JohnnyBeGood Member

    Here we go:

    Code:
    root@linux:~# netstat -tap | grep ftp
tcp        0      0 *:ftp                   *:*                     LISTEN      2754/cc-ftpd (SERVE
root@linux:~#
     
    JohnnyBeGood, Apr 20, 2015
    #10
  11. JohnnyBeGood

    JohnnyBeGood Member

    Update:
    Looking at that output I think that's Cenova Cast FTP server (cc-ftpd) that I installed few weeks back and is now overtaking port 21, am I correct?
     
    JohnnyBeGood, Apr 21, 2015
    #11
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. Stop that ftp server and disable it, then start pure-ftpd.
     
    till, Apr 22, 2015
    #12
  13. JohnnyBeGood

    JohnnyBeGood Member

    Yep, that's what it was. No wonder all of password changes did not work :) Thanks for your help, I could not do it my self!
     
    JohnnyBeGood, Apr 22, 2015
    #13
  14. mlmateos

    mlmateos New Member

    Hi, I installed ispconfig 3 and added a class2 startssl certificate. Everything looks fine except I get this message in ftp:
    Connecting to xx.xx.xx.x:21...
    Status: Connection established, waiting for welcome message...
    Status: Insecure server, it does not support FTP over TLS.
    I read the previous talk but didn't work for me. Could you help, please.
     
    mlmateos, May 18, 2015
    #14
  15. mlmateos

    mlmateos New Member

    @till I had to rerun:
    echo 1 > /etc/pure-ftpd/conf/TLS
    after updating ispconfig.
    Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Status: Connected
    Cheers.
     
    mlmateos, May 18, 2015
    #15
  16. ojee66

    ojee66 New Member

    have virtual box with isp. from local machine i can use ftp. from internet i got error as above. ports 20,21 and 22 are open. as so port 30000 (in vbox i can't open a range for ftp passive)

    vbox 2 nic's -> host only, and NAT (in NAT i've opened the ports as so in windows firewall)

    windows firewall rules to forward to host only nic is not working.
     
    Last edited: Apr 26, 2017
    ojee66, Apr 26, 2017
    #16
  17. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    @ojee66, if you use a firewall or nat (and you use both), you can't use secure ftp (FTPS) in passive mode without opening/forwarding a port range for the passive connections. You could use active mode *if* there is no firewall or nat on the client side, but that's quite unlikely. If you really can't setup some ports to forward, you'll probably have to abandon ftp and use SFTP instead (not a terrible idea in it's own right).
     
    Jesse Norell, Apr 26, 2017
    #17

Share This Page