I recently setup an Arch Linux server running an FTPS vsftpd server, I am more or less new to this field, especially with this program so I'm sorry if I may come off as ignorant
My issue is that I cannot log into my vsftpd server, no matter what user I am in. This problem persists even if I set the server into anonymous login mode, it establishes a TLS connection but does FireZilla blames '530 Login Incorrect' and WinSCP tells me 'Access Denied'
I have hit a roadblock on what to do, here is what i've tried to do - set pam_service_module from vsftpd to ftp - disabled chroot_local_user - disabled check_shell - made a new user and added it as both a sudoer and the ftp group - checked over god knows many times my login details and even tried anon login - remade /home directories for my users - added a chroot list with my users in the file here are the contents of my vsftpd.conf file :

ssl_enable

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

force_local_logins_ssl=YES
force_local_data_ssl=YES

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000
listen_port=990

local_enable=YES
write_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/vsftpd.log

anonymous_enable=NO
pam_service_name=ftp
check_shell=NO

ANY help is appreciated, thank you

I'm currently working on Debian 11 and exploring options to enable and use the XCRC command for CRC32 checksums on an FTP server. Unfortunately, the instructions I've found for ProFTPD appear to be outdated, and the mod_digest package (or similar) is not available for Debian 11. Given these challenges, I'm open to using an alternative open-source FTP server that supports XCRC. Could someone provide up-to-date guidance on installing and enabling XCRC on an open-source FTP server compatible with Debian 11? If ProFTPD is not the ideal choice, I'm willing to explore other options, so long as they are open source. Any insights, recommendations, or pointers to current resources would be highly appreciated. Thank you for your assistance!

I'm running this:

sudo openssl s_client -connect user:passwd@192.168.1.1:21 -CAfile demoCA/cacert.pem

and I get the following error: > s_client: -connect argument or target parameter malformed or ambiguous`

I'm able to connect to my FTPS server with TLS1.2 by curl, using --cert, --key and --cacert files. The command looks like: curl -3 -k -v --ftp-ssl --tlsv1.2 --ftp-ssl-reqd --ftp-pasv --verbose \ --ssl \ --cert ./cert.pem \ --cert-type PEM \ --key ./cert.key \ --key-type PEM \ --cacert ./cacert \ ftp://user:pass@10.10.100.1/file.txt I see the contents of file.txt appear in the output of the command but I don't actually see the file being saved anywhere. Am I missing another argument in my curl command? I have not been able to find it yet.

I am setting up two vsftp service running on port 21 and port 990. Can someone show me how I can change it to IPv4 instead of current IPv6? I can't find a way to change the setting to IPv4. Below is screenshot.

I am running into an odd situation where through various FTP clients, VSFTPD does not seem to return all directories in the directory listing. You'll see here in the FTP client that the error, Historical, outgoing, reactivation, sample, and test folders are displayed. However it is missing the directory process. As you can see below the folder has all the same permissions as the rest of the folders. When I try and create the folder through the FTP client I get an error, which tells me that the server recognizes that the folder is there and won't allow it to be overridden, but I can't figure out why my FTP clients won't show the folder. We've tried with Filezilla, WinSCP, and Cyberduck. We are connecting via FTPS Explicit Auth TLS on port 21.

How can I check currently installed and in use versions of SSL and TLS? Strangely I couldn't find an answer online. Using Ubuntu 18.04. Edit: Thanks all! I am asking this as I have trouble connecting from one ubuntu 18.04 server running curl to another with ftps server (vsftp). I get version error every time no meter which TLS version I ran curl with. > * TLSv1.3 (OUT), TLS handshake, Client hello (1): * error:1408F10B:SSL routines:ssl3_get_record:wrong version number * Closing connection 0

Using any FTP client (I'm on Ubuntu 12.04 and tried using lftp), I want to be able to make an implicit TLS connection to a FTP server, but I can't quite manage to successfully connect. All I am getting is:

'ls' at 0 [Delaying before reconnect 29]

On my main server, I use ZFS as a file system. So far I send incremental zfs snapshots to a backup machine which also has zfs available as a file system. Unfortunately, the backup server has a headcrash, so I would like to move the backup system to a cloud drive which I can access via webdav/ftps. How can I send incremental snapshots to/from such a backup drive? Can I somehow create a zpool which stores its data via webdav or ftps? Thanks a lot for your ideas!

I have trouble in connecting lftp with **ftps** (ftp over ssl, not sftp!) server ([FTP Server Ultimate](https://play.google.com/store/apps/details?id=com.icecoldapps.ftpserverultimate) ([PRO](https://play.google.com/store/apps/details?id=com.icecoldapps.ftpserverultimatepro) version).) running on Android phone. Technical details: Linux part. Following : https://superuser.com/questions/623236/simple-command-to-connect-to-ftps-server-on-linux-command-line I’ve created following lftp_config file and source it in following way: $ cat lftps_config user photos PASSWORD set ftps:initial-prot ""; set ftp:ssl-force true; set ftp:ssl-protect-data true; set ssl:verify-certificate no; open ftps://192.168.1.103:43210 $ lftp lftp :~> source lftps_config lftp 192.168.1.103:~> dir ls at 0 [530 Login incorrect.] while on “FTP Server Ultimate Pro” logs I see: 2015-10-18 10:10:13 [photosXYZ] - 192.168.1.123 (JBTTAX) - "" and *** are not allowed combination... 2015-10-18 10:10:13 [photosXYZ] - 192.168.1.123 (JBTTAX) New connection... Could you help me how to setup FTP over SSL (ftps) connection on Linux using lftp (or other command-line tool with good mirror capability) ? FTR, I use: $ lftp -v | tail -n 1 Libraries used: Readline 6.3, Expat 2.1.0, GnuTLS 3.4.5, zlib 1.2.8 which according to documentation has FTPS capability (GnuTLS implies it). For curious, more context: My final goal: Have some directories automatically backed up (both, locally and remotely) from my Android phone to Linux workstation, laptop etc. * Android: FTPS server (ftp over ssl, not sftp!), starting automatically when I enter my home wifi, when away using DDNS (Dynamic DNS) * Linux: lftp (or other command line tool) that backs up stuff from phone - might be triggered by some cron-like automation that in presence of my phone ftps server would trigger automatic backup Android part I (as least I thought, that I) solved with [FTP Server Ultimate](https://play.google.com/store/apps/details?id=com.icecoldapps.ftpserverultimate) (to be specific [PRO](https://play.google.com/store/apps/details?id=com.icecoldapps.ftpserverultimatepro) version). Server has capability of running FTPS server, and starting it automatically on given SSID or BSSID. When I am travelling it can update DDNS automatically, what makes reachability from my home servers easy.

I have a shared hosted server with FTPS access, and I can connect it trough Filezilla with the following configuration: ftp.idrissi.co 21 4 0 user@idrissi.co 2 0 MODE_DEFAULT 0 Auto 0 ftp.idrissi.co 0ftp.idrissi.co With ncftp is more simple, I just use the following command ncftp -u user@idrissi.co -P 21 ftp://ftp.idrissi.co. But, when I try to access with the [lftp](https://lftp.tech/) tool it fail. With lftp, I use the following configuration: 1d [fauve:~/lftptest] % openssl s_client -starttls ftp -crlf -connect ftp.idrissi.co:21 > ftp-idrissi-temp.cert 1d [fauve:~/lftptest] 130 % cat ftp-idrissi-temp.cert | pcregrep -M '\-----BEGIN CERTIFICATE-----(.*\n)*.*-----END CERTIFICATE-----' > ftp-idrissi.cert 1d [fauve:~/lftptest] % vim ftp-idrissi.cert 1d [fauve:~/lftptest] % cat lftp-script set ftps:initial-prot P set ftp:ssl-force true set ftp:ssl-protect-data true set ssl:cert-file ./ftp-idrissi.cert ls 1d [fauve:~/lftptest] % lftp -e "cat lftp-script| sed 's/\n/; /'" -p 21 -u user@idrissi.co ftps://ftp.idrissi.co ls: Erreur fatale: gnutls_handshake: An unexpected TLS packet was received. 1d [fauve:~/lftptest] 1 % lftp -e "cat lftp-script| sed 's/\n/; /'" -p 21 -u user@idrissi.co ftp://ftp.idrissi.co ls: Erreur fatale: Certificate verification: certificate common name doesn't match requested host name « ftp.idrissi.co » I try many variations on the lftp-script but it doesn’t work. And I don’t understand how Fillezilla could do it with a minimalist config. So, how can I connect to my FTP account?

We have some trouble in my company with ftps access with a provider. Here is our configuration: - Ubuntu 14.04 - LFTP | Version 4.6.3a --- - Our_cert.crt - our_key.key - provider.crt - AuthorityRoot.crt - AuthorityRootCa.crt Certificate authority = GlobalSign

#/home/USER/.lftp/conf
set cmd:time-style "%Y%m%d%H%M"
set ftp:ssl-protect-list false
set net:timeout 30
set net:max-retries 1
set ftp:ssl-allow true
set ftp:ssl-protect-data false
set ssl:ca-file   AuthorityRoot.crt / AuthorityRootCa.crt (both file in one )  # i dont even know if this is correct
set ssl:cert-file our_cert.crt
set ssl:key-file  ourkey.key
set xfer:clobber on
set ssl:verify-certificate false

Our command:

lftp   -e "debug 9; source /home/USER/.lftp/conf ;ls ;quit"   -u username,pwd ftp://provider.com  -p PORT

But when we try to reach our provider, we have an error:

**** SSL_connect: sslv3 alert handshake failure

Our provider can see when we try to reach them, they can validate our cert but we cant validate their cert. Everything is ok on their side. --- Btw: Everything worked fine before yesterday when their certs was expired and they also switch CA. We just replace authorityRootCa.crt (the file with everything inside in the field ssl:ca-file) with the new one --- Can someone tell me where should we put our certs or what's wrong here? Should we add provider.crt in our file ourcert.crt?

The status of configure are as below. curl version: 7.50.0 Host setup: arm-arago-linux-gnueabi Install prefix: /home/calvin/Downloads/ConnectedDVR/car_dvr_rdk/target/filesys/opt/dvr Compiler: /home/byron/Downloads/ConnectedDVR/car_dvr_rdk/../ti_tools/linux_devkit/bin/arm-arago-linux-gnueabi-gcc SSL support: enabled (OpenSSL) SSH support: no (--with-libssh2) zlib support: enabled GSS-API support: no (--with-gssapi) TLS-SRP support: no (--enable-tls-srp) resolver: default (--enable-ares / --enable-threaded-resolver) IPv6 support: enabled Unix sockets support: enabled IDN support: no (--with-{libidn,winidn}) Build libcurl: Shared=yes, Static=yes Built-in manual: enabled --libcurl option: enabled (--disable-libcurl-option) Verbose errors: enabled (--disable-verbose) SSPI support: no (--enable-sspi) ca cert bundle: no ca cert path: no ca fallback: no LDAP support: no (--enable-ldap / --with-ldap-lib / --with-lber-lib) LDAPS support: no (--enable-ldaps) RTSP support: enabled RTMP support: no (--with-librtmp) metalink support: no (--with-libmetalink) PSL support: no (libpsl not found) HTTP2 support: disabled (--with-nghttp2) Protocols: DICT FILE FTP FTPS GOPHER HTTP HTTPS IMAP IMAPS POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP It seemed to support ftps. But when I executed curl -V, it shows: curl 7.21.2 (arm-arago-linux-gnueabi) libcurl/7.21.2 zlib/1.2.3 Protocols: dict file ftp gopher http imap pop3 rtsp smtp telnet tftp Features: Largefile libz Anything I lost it? How could we check it?

After reading through this tutorial I still have a persistent question. In the beggining of the article the writer says: > Warning: FTP is inherently insecure! Consider using SFTP instead of FTP. I am assuming that he might mean FTPS (as I think that is what his article explains but I am not sure). However, at the bottom of the article, which is all about how to use vsftpd over SSL/TLS he shows an image that looks like this: Where you can quite clearly see that the Enctryption is to "Require expliticity FTP over TLS". So, is this any different than using FTPS and if it is, what is the difference?

I've been trying to configure my FTPS server which is behind NAT. so I've opened ports 20, 21 as well as 2120-2180 in my NAT (TCP+UDP) and configured proftpd to use this ports for passive communications. However, trying to connect using FileZilla leads to the following log: (in french, but quite clear actually) Statut : Résolution de l'adresse de heardrones.com Statut : Connexion à 93.30.208.56:21... Statut : Connexion établie, attente du message d'accueil... Réponse : 220 ProFTPD 1.3.5 Server (HEAR Server) [93.30.208.56] Commande : USER hear_downloader Réponse : 331 Mot de passe requis pour hear_downloader Commande : PASS ******** Réponse : 230 Utilisateur hear_downloader authentifié Commande : OPTS UTF8 ON Réponse : 200 UTF-8 activé Statut : Connecté Statut : Récupération du contenu du dossier... Commande : PWD Réponse : 257 "/" est le répertoire courant Commande : TYPE I Réponse : 200 Type paramétré à I Commande : PASV Erreur : Délai d'attente expiré Erreur : Impossible de récupérer le contenu du dossier It times out before even being capable of sending the "PASV" answer ! What could cause this ? The answer to PASV command uses the same port as all other commands (PWD, TYPE ...), so where could it come from ? ------------------------------- Here is the network design : Server Proftpd, no iptables, fix IP 192.168.0.13 -> (Wifi) ISP Box - French ISP (SFR) port transfer 20,21,22,2120-2180 to 192.168.0.13 -> (optic fiber !) Internet I can give Box settings screenshots and proftpd config files if needed. Connecting from LAN/Localhost works perfectly.

I installed vsftpd and configured SFTP. I have a standard user who is named, let's say, user1 with all perms. I don't want to give the password to my friend. I only want him to access a specific directory to upload files so server can run them. The file place is : /home/user1/upload I created a user, with no shell login, named user1ftp. I changed the user home location to /home/user1/upload so when he logs in, he directly logs into the upload directory. He can upload and delete files in it. The problem is that when he uploads a file, the server cannot run it. His files' permission are: **rw-r--r--** I need to make sure that when he uploads a file, the permissions are **rwxrwxr-x** These users are members of the same group. How can I do that?

Folks over at SO couldn't answer this, so I am posting over here. I need to do an FTP over SSL to a FileZilla Server running on a Windows server from an AIX Unix clien. I have the Host name of the destination server, the user id and password, and an SSL certificate. I am not sure how to install that certificate in AIX. When I do an ftp command (using the below code) from Unix it does connect successfully to the Filezilla server and I am able to do get and or mget. But, I am not sure if that is happening over SSL since I haven't installed the SSL Certificate yet. Do I need to install the Certificate in the Unix box (AIX)? if yes, then how? (specific steps and commands) and how to utilize the installed SSL certificate to do FTP after the installation? $ ftp XXX.XXX.XXX.243 Connected to XXX.XXX.XXX.243. 220-FileZilla Server version 0.9.24 beta 220-written by Tim Kosse 220 Please visit http://sourceforge.net/projects/filezilla/ Name (XXX.XXX.XXX.243:littercat): joyride 331 SSL required Password: 230 Logged on ftp> Note: SSH (SFTP/SCP) is not an option and it has to be FTP over SSL/TLS only (From AIX UNIX to Windows FileZilla). AIX version 5.3. Third party tools cannot be used (eg. cURL etc.)

Without SSL, FTP works fine over a stateful Firewall, like netfilter (iptables) + the nf_conntrack_ftp kernel module like this: # modprobe nf_conntrack_ftp # iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # iptables -A INPUT -p tcp --dport 21 -j ACCEPT The problem is that, when SSL is used, the FTP connection tracking module cannot work because it is unable to spy on the session to discover the session-port chosen for data exchange. It is thus unable to open that port dynamically. **Is there a proper way to make a SSL-enabled FTP server work, without disabling the firewall?** For information, I use vsftpd with the ssl_enable=YES configuration option.

I've managed to run vsftpd with unencrypted FTP, Implicit SSL, and Explicit SSL. What I'm looking for is a way to run it with Explicit SSL, but have a separate port for SSL. For example: port 15000 for unencrypted, and port 15001 for SSL. This is because I want to enable LAN users to connect unencrypted but WAN users to connect *only* encrypted. I would use SSL on LAN too, but I'll be going Gigabit soon (laggard) and having a couple of users transfer files at speeds 70-100MB/sec is going to bring my server's CPU to its knees. What has worked so far is to run two instances of vsftpd with different configs. I was hoping for a more tidy solution.