I've looked all over and I am confused. I have a working production server that the client now wants to add sftp to his machine. I've look all over for documentation and came across a couple of things and tried them but doesn't work. Is there documentation around somewhere that will give me step by step on how to make a standard ftp now an sftp? Or can someone please help me? Running pure-ftpd on Ubuntu 12.04-3 32bit with ispconfig 3 latest version. Updated it this morning.
You seem to mix up SFTP (which is SSH) with FTPS (encrypted FTP). SFTP is a ssh protocol and provided by the ssh daemon. FTPS is FTP with TLS and this is provided by pure-ftp. So you can use FTPS with an FTP aaccount. If you want to use SFTP, then you need a ssh account. If you want to do secure file uploads, then use FTPS with your FTP client and a normal ftp account.
Thats not it well yes and no The problem is getting a ftp client such as filezilla to do ftps which it doesn't do that I can find. I tried the following with no success. 1) sftp to server.example.com no go. 2) ftp to server.example.com works great 3) out of options. tried implicit and explicit over tls no go. I don't know what I'm doing with this thing. client wants secure, I haven't done that in so long that I don't remember how to do this. HELP!
Use Port 443 for FTPS transfers. Implicit FTP TLS is (was) using generally Port 990 You could checkout in: https://wiki.filezilla-project.org
ftps with filezilla on a ispconfig server works fine, I just used it an hour ago on a client system. If it does not work on your server, the either tls is not enabled in your pure-ftpd install or a firewall on your server or in front of your server blocks the passive ftp ports. The port for ftp over tls is 990 or 21.
This is what I get when it doesn't work. There is no firewall on at the moment so I could diagnose it. With the 443 connection do I have to install a certificate on the server and have ssl on? atus: Selected port usually in use by a different protocol. Status: Resolving address of deliciousgarlic.com Status: Connecting to 71.39.236.156:443... Status: Connection established, initializing TLS... Error: GnuTLS error -15: An unexpected TLS packet was received. Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of deliciousgarlic.com Status: Connecting to 71.39.236.156:443... Status: Connection established, initializing TLS... Error: GnuTLS error -15: An unexpected TLS packet was received. Error: Could not connect to server Status: Resolving address of deliciousgarlic.com Status: Connecting to 71.39.236.156:990... Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server". Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of deliciousgarlic.com Status: Connecting to 71.39.236.156:990... Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server". Error: Could not connect to server Status: Selected port usually in use by a different protocol. Status: Resolving address of deliciousgarlic.com Status: Connecting to 71.39.236.156:443... Status: Connection established, waiting for welcome message... Error: Connection closed by server Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of deliciousgarlic.com Status: Connecting to 71.39.236.156:443... Status: Connection established, waiting for welcome message... Error: Connection attempt interrupted by user Status: Resolving address of deliciousgarlic.com Status: Connecting to 71.39.236.156:990... Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server". Error: Could not connect to server Status: Waiting to retry... Status: Resolving address of deliciousgarlic.com Status: Connecting to 71.39.236.156:990... Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server". Error: Could not connect to server
To connect using Filezilla and SFTP without a problem do the following in Filezilla: 1. Go Edit > settings > Connection > FTP: Set it to Active (read later why) and uncheck the 'Allow fall back to other transfer modes on failure'. Make sure that both 'Active mode' and 'Passive mode' use 'external IP'. Click OK. 2. Go Edit > Settings > Connection > SFTP: Remove all stored keys. Most of the times stored keys confuse Filezilla. Better be asked for each session. Click OK. 3. Go Edit > settings > transfers > File types: Set it to 'Binary' and both '..files without extension ..' and '..dot files..' must be checked. Click OK. 4. Go File > Site Manager: create or open the 'Site' you created and switch the 'Protocol' dropdown to 'SFTP - SSH ...'. Do not set any port, leave it blank. Set 'Logon Type' to 'Ask for Password' (recommended) or 'Normal'. In the Advanced tab Set 'server type' to Unix. Now important is this: In the Transfer settings tab, if the server is not on your lan, set it to Active. If it is on the same Lan, set it to Passive. Click OK. 5. Close Filezilla and reopen it. This software needs this as a 'slap' very often especially with it's 'caching' __excellence__ Retry, you will be asked 'Trust this Host ...' etc. Do not check the box 'Always trust ...' just click ok. You should see something like this in the log, this is from mine right now: Code: Status: Connecting to testing.this... Response: fzSftp started Command: open "[email protected]" 22 Command: Trust new Hostkey: Once Command: Pass: ******** Status: Connected to testing.this Status: Retrieving directory listing... Command: pwd Response: Current directory is: "/var/www/clients/client1/web1" Status: Directory listing successful If after doing all these you still got problem, it would be something else, most commonly a firewall port issue. You can try using 'Protocol FTP' and Encryption 'explicit FTP over TLS'. You will be asked to accept the cetificate similar to using the SFTP. If you don't have official SSL you can laways create and sign your own from ISPConfig 3. Code: Status: Resolving address of testing.this Status: Connecting to 192.168.1.160:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 1 of 50 allowed. Response: 220-Local time is now 04:07. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Response: 234 AUTH TLS OK. Status: Initializing TLS... Status: Verifying certificate... Command: USER test Status: TLS/SSL connection established. Response: 331 User test OK. Password required Command: PASS ******** Response: 230 OK. Current restricted directory is / Command: SYST Response: 215 UNIX Type: L8 Command: FEAT Response: 211-Extensions supported: Response: EPRT Response: IDLE Response: MDTM Response: SIZE Response: MFMT Response: REST STREAM Response: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; Response: MLSD Response: AUTH TLS Response: PBSZ Response: PROT Response: UTF8 Response: ESTA Response: PASV Response: EPSV Response: SPSV Response: ESTP Response: 211 End. Command: OPTS UTF8 ON Response: 200 OK, UTF-8 enabled Command: PBSZ 0 Response: 200 PBSZ=0 Command: PROT P Response: 200 Data protection level set to "private" Status: Connected Status: Retrieving directory listing... Command: PWD Response: 257 "/" is your current location Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (192,168,1,160,255,229) Command: MLSD Response: 150 Accepted data connection Response: 226-Options: -a -l Response: 226 11 matches total Status: Directory listing successful
