View Single Post
  #7  
Old 25th July 2012, 16:23
Nap Nap is offline
Senior Member
 
Join Date: Oct 2006
Posts: 148
Thanks: 10
Thanked 2 Times in 2 Posts
Default

I created a saved session (hostname, username, but no password stored) using all default values except:
File Protocol: FTP
TLS Explicit encryptions (selected from the dropdown list)

WinSCP, after contacting the server, prompted me for the password but was not able to connect. WinSCP popped up a window: Connection Failed...

Here is the WinSCP log file:[/code]. 2012-07-26 01:17:34.590 --------------------------------------------------------------------------
. 2012-07-26 01:17:34.590 WinSCP Version 4.3.5 (Build 1463) (OS 6.0.6002 Service Pack 2)
. 2012-07-26 01:17:34.590 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2012-07-26 01:17:34.590 Local account: MyPC\ME
. 2012-07-26 01:17:34.590 Login time: Thursday, 26 July 2012 1:17:34 AM
. 2012-07-26 01:17:34.590 --------------------------------------------------------------------------
. 2012-07-26 01:17:34.591 Session name: ftp_user@mydomain.com (Modified stored session)
. 2012-07-26 01:17:34.591 Host name: mydomain.com (Port: 21)
. 2012-07-26 01:17:34.591 User name: ftp_user (Password: No, Key file: No)
. 2012-07-26 01:17:34.591 Tunnel: No
. 2012-07-26 01:17:34.591 Transfer Protocol: FTP
. 2012-07-26 01:17:34.591 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2012-07-26 01:17:34.591 Proxy: none
. 2012-07-26 01:17:34.591 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: No]
. 2012-07-26 01:17:34.591 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-07-26 01:17:34.591 Cache directory changes: Yes, Permanent: Yes
. 2012-07-26 01:17:34.591 DST mode: 1
. 2012-07-26 01:17:34.591 --------------------------------------------------------------------------
. 2012-07-26 01:17:34.591 Password prompt (no password provided or last login attempt failed)
. 2012-07-26 01:17:45.194 Connecting to mydomain.com ...
. 2012-07-26 01:17:45.245 Connected with mydomain.com, negotiating SSL connection...
< 2012-07-26 01:17:47.270 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
< 2012-07-26 01:17:47.464 220-You are user number 2 of 50 allowed.
< 2012-07-26 01:17:47.464 220-Local time is now 01:17. Server port: 21.
< 2012-07-26 01:17:47.464 220-This is a private system - No anonymous login
< 2012-07-26 01:17:47.464 220-IPv6 connections are also welcome on this server.
< 2012-07-26 01:17:47.464 220 You will be disconnected after 15 minutes of inactivity.
> 2012-07-26 01:17:47.464 AUTH TLS
< 2012-07-26 01:17:47.941 234 AUTH TLS OK.
. 2012-07-26 01:18:03.991 Timeout detected.
. 2012-07-26 01:18:03.991 Connection failed.
* 2012-07-26 01:18:03.999 (ESshFatal) Connection failed.
* 2012-07-26 01:18:03.999 Timeout detected.
* 2012-07-26 01:18:03.999 Connection failed.
* 2012-07-26 01:18:03.999 AUTH TLS OK.[/code]

Fail2ban took over after a few retries. I was surprised though that I was able to login using puTTY on SSH. The IPTABLES indicate that all packets from my IP should be dropped, if I'm reading the firewall rules correctly.

Also, why is the welcome message from the server transmitted to the client before authentication?

Unfortunately, pure-ftpd's log file /var/log/messages (even after adding echo 'yes' > /etc/pure-ftpd/conf/VerboseLog and restarting) doesn't give any good info, except to confirm there was a new connection from my IP.

Am I setting up WinSCP the right way?

Cheers,
Nap
__________________
My VPS system:
(Ubuntu 10.04 LTS, Kernel 3.4.2-linode44, Apache 2.2.14, MySQL 5.1.63, PHP 5.3.2, ISPConfig 3.0.4.6, Webmin, PureFTP & Quota, phpMyAdmin, postfix, dovecot, clamav, spamassassin, awstats, fail2ban, Jailkit, bind9, vlogger, webalizer)

Last edited by Nap; 25th July 2012 at 17:40.
Reply With Quote