hi @till + others i am able to access the server patch with the new client ftp user created. however i am able to access the server through Filezilla only when i select encryption (only use plain FTP - insecure). Please advise how to force new accounts created to use explicit or implicit TLS. I have also successfully created letsencrpt SSL for this client. Is there a way to (optionally) capitalize on that. os: debian stretch ispconfig: 3.1.7p1
That's a pure-ftpd setting and not an ISPConfig setting. By default-pure-ftpd allows sessions that are encrypted and unencrypted. If you want to allow TLS sessions only, then run: echo 2 > /etc/pure-ftpd/conf/TLS and restart pure ftpd
@till, just noticed i am unable to login with tls with the same password i used for plain text. then i saw this notice /var/log/debug Code: server1 pure-ftpd: (?@?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem now how to resolve this.
Check that you are really using FTPS (FTP over TLS) and not SFTP in your FTP client. SFTP is not FTP, it is SSH.
@till, Negative. I am using "TLS encryption if available option" not SFTP protocol. Filezilla Log Code: Status: Resolving address of example.com Status: Connecting to xx.xx.xxx.xxx:21... Status: Connection established, waiting for welcome message... Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- Response: 220-You are user number 4 of 50 allowed. Response: 220-Local time is now 23:59. Server port: 21. Response: 220-This is a private system - No anonymous login Response: 220-IPv6 connections are also welcome on this server. Response: 220 You will be disconnected after 15 minutes of inactivity. Command: AUTH TLS Error: Connection timed out after 20 seconds of inactivity Error: Could not connect to server
I faced this too and I noticed that I don't have the /etc/ssl/private/pure-ftpd-dhparams.pem but I already have the /etc/ssl/private/dhparams.pem which I created by running "openssl dhparam -out /etc/ssl/private/dhparams.pem 4096". So I solved my problem by creating a symlink to it instead. Code: ln -s /etc/ssl/private/dhparams.pem /etc/ssl/private/pure-ftpd-dhparams.pem However, I am facing another problem while using TLS, that is I cannot access my ftp server via hostname (though using its ip works fine). I will try to figure this out first and share the solution later on.
hi ahrasis, ref our separate conversation on this .. did you have the problem resolved. IP address is also fine for me. i did not test it, though. will work on it and let you know. thanks for your help.