pureftp not allowing logins from new ip?

Discussion in 'General' started by carpman, Jun 8, 2017.

  1. carpman

    carpman Member

    Hi, i have pureftp setup and running to use ssl, i can connect from my main workstation to ftp users, but i can't from computers on other ips, ie laptop when away from home, wordpress setup for sftp connection.

    The logs shows a connection,

    Jun 8 19:45:57 server pure-ftpd: ([email protected]) [INFO] New connection from 64.119.200.111
    Jun 8 19:46:22 server pure-ftpd: ([email protected]) [INFO] New connection from 64.119.200.111

    tried different ftp clients, logs in them show

    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 2 of 20 allowed.
    Response: 220-Local time is now 19:48. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.


    any ideas?

    thanks
     
  2. Stephan Ververda

    Stephan Ververda Member HowtoForge Supporter

    By the looks of it you actually are logged in, so i'm guessing you don't get to see any folders/files list?
    Have you tried turning on passive ftp in the ftp client? (and if so are passive ports not blocked on the firewall?)
     
  3. Tuumke

    Tuumke Active Member

    Are you running a firewall? And can you copy/paste entire ftp client log? (anonymise it if you will)
     
  4. carpman

    carpman Member

    Hi and thanks for replies.

    Client is yummyftp full log output is as first post, here it is.
    << Connection : 1 >>
    << Date Time : 12/6/17 09:15:22 >>
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 1 of 20 allowed.
    220-Local time is now 14:15. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    AUTH TLS

    yummy uses the cloud to sync ftp login details so i am using exactly the same settings that works on my desktop, which works fine.

    i tried filezilla and log out put is
    Status: Resolving address of mydomain.org
    Status: Connecting to 109.235.147.**:21...
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 2 of 20 allowed.
    Response: 220-Local time is now 14:23. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command:AUTH TLS

    There is no active firewall on my laptop.

    The server firewall has ports open for passive ftp, which is what ftp clients are set to.

    The server is working fine as can connect from desktop ok?

    thanks
     
  5. Tuumke

    Tuumke Active Member

    This is my filezilla console output:
    Code:
    Status:    Resolving address of domain.tld
    Status:    Connecting to x.x.x.x:21...
    Status:    Connection established, waiting for welcome message...
    Status:    Initializing TLS...
    Status:    Verifying certificate...
    Status:    TLS connection established.
    Status:    Logged in
    Status:    Retrieving directory listing...
    Status:    Directory listing of "/" successful
    In filezilla you can try to do FTP without TLS, see if that works.
     
  6. carpman

    carpman Member

    Tried all the options in filezilla, this is with no encryption

    Status: Resolving address of mydomain.com
    Status: Connecting to 109.235.147.**:21...
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 1 of 20 allowed.
    Response: 220-Local time is now 00:08. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command:USER userftp
    Response: 421 Sorry, cleartext sessions are not accepted on this server.
    Error: Could not connect to server
     
  7. carpman

    carpman Member

    Remember I can connect fine from my desktop using same setting in yummyftp on both desktop and laptop so connecting is not an issue, it is just not allowing ftp connections from laptop or wordpress sites?
     
  8. Tuumke

    Tuumke Active Member

  9. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I'd say check your ftp ssl certs whether it is correct for mydomain.com?
     
  10. carpman

    carpman Member

    i believe that pureftp uses a site wide ssl which self signed!

    If is is an issue with cert why is it working with desktop ok?
     
  11. NO^DICKHILL

    NO^DICKHILL New Member

    If you can't connect outside the LAN, the problem must be blocked ports...?
    Try to define the passive ports for pure-ftpd and remember to open them in any firewall you use!
    I don't know if this can fix your problems, but it worked for me...

    I had similar problems a couple of days ago, after only allowing TLS connections...
    I my case, I have pure-ftpd-mysql installed, where I created "/etc/pure-ftpd/conf/PassivePortRange" and added ie. "40000 40500".
    (I also defined the server/ISP's WAN IP by adding it to "/etc/pure-ftpd/ForcePassiveIP".)

    But I must admit that I don't quite remember the problem or the errors I got, since it turned out that it was the program I used, that didn't supported TLS1.2.
    So I can't even tell if defining and opening the passive ports helped me.
     
  12. NO^DICKHILL

    NO^DICKHILL New Member

    Please note that the "Response: 421 Sorry, cleartext sessions are not accepted on this server." is only mentioned in the latest posted log!
    So I do think that there is a problem, but when trying to connect, you (carpman), must be sure that you are connection correctly! (o:
     
  13. carpman

    carpman Member

    thanks for replies,

    as said i can connect fine from my desktop, this is not on the same lan as server, server is located at hosting company.

    I use yummyftp which syncs settings via dropbox so i am using exactly the same setting on laptop that work on my desktop, the current connection i am using has no firewall so closed ports should not be an issue.

    One of the previous logs mentions cleartext, this is because i was trying different option in filezilla.

    regarding ssl cert, if this is an issue why is working fine on desktop?

    From what i see from logs it looks like i am logged in, but ftpclient is not recognising this?
    Client is yummyftp full log output is as first post, here it is.
    << Connection : 1 >>
    << Date Time : 12/6/17 09:15:22 >>
    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    220-You are user number 1 of 20 allowed.
    220-Local time is now 14:15. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    AUTH TLS
     
  14. Tuumke

    Tuumke Active Member

    Does it also store/sync the certificate it uses for YummyFTP?
     

Share This Page