How to disable FTP TLS sessions

Discussion in 'Installation/Configuration' started by spikes, Aug 24, 2011.

  1. spikes

    spikes Member

    I have made a fresh install http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3-p4

    I have enabled to allow FTP and TLS sessions but I cannot ftp into my server. How can I reverse this

    echo 1 > /etc/pure-ftpd/conf/TLS

    so that I use normal ftp sessions - Thank you

    Do I have the required port? Currently I have these ports open 20,21,22,25,80,3306,8080,8081

    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response: 220-You are user number 1 of 50 allowed.
    Response: 220-Local time is now 17:39. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220-IPv6 connections are also welcome on this server.
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Trace: CFtpControlSocket::SendNextCommand()
    Command: USER defaultdon
    Trace: CFtpControlSocket::OnReceive()
    Response: 331 User defaultdon OK. Password required
    Trace: CFtpControlSocket::SendNextCommand()
    Command: PASS ******
    Trace: CFtpControlSocket::OnReceive()
    Response: 530 Login authentication failed
    Trace: CControlSocket::DoClose(1094)
    Trace: CFtpControlSocket::ResetOperation(1094)
    Trace: CControlSocket::ResetOperation(1094)
    Error: Critical error
    Error: Could not connect to server
    Trace: CFileZillaEnginePrivate::ResetOperation(1094)
     
    Last edited: Aug 24, 2011
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Run:

    rm /etc/pure-ftpd/conf/TLS

    and then restart pure-ftpd.
     
  3. spikes

    spikes Member

    I have tried the above but it seems there is still TLS running as filezilla says

    Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------

    when I make a new connection. I have restarted everything I can.
     
  4. Mark_NL

    Mark_NL New Member

    That's just a header. If my name here was "Steve Jobs", would you believe I'm him? :p
    Just check and see when logging in with TLS, you should get an error.
     
  5. spikes

    spikes Member

    It seems the problem is with pure-ftp server as I get 530 Login authentication failed. I have build the new VPS to move my live site to this one. It seems the services are running but I do not know why I cannot authenticate

    [email protected]:~# netstat -tap

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:smtp *:* LISTEN 1525/master
    tcp 0 0 localhost.localdoma:953 *:* LISTEN 628/named
    tcp 0 0 *:imaps *:* LISTEN 1914/dovecot
    tcp 0 0 *:pop3s *:* LISTEN 1914/dovecot
    tcp 0 0 localhost.localdo:10024 *:* LISTEN 729/amavisd (master
    tcp 0 0 localhost.localdo:10025 *:* LISTEN 1525/master
    tcp 0 0 *:mysql *:* LISTEN 1209/mysqld
    tcp 0 0 *:pop3 *:* LISTEN 1914/dovecot
    tcp 0 0 *:imap2 *:* LISTEN 1914/dovecot
    tcp 0 0 *:ftp *:* LISTEN 2547/pure-ftpd (SER
    tcp 0 0 localhost.locald:domain *:* LISTEN 628/named
    tcp 0 0 *:ssh *:* LISTEN 1263/sshd
    tcp 0 0 localhost.localdo:mysql localhost.localdo:56692 ESTABLISHED 1209/mysqld
    tcp 59 0 localhost.localdo:37783 localhost.localdo:10025 CLOSE_WAIT 992/amavisd (ch1-av
    tcp 0 0 localhost.localdo:56692 localhost.localdo:mysql ESTABLISHED 992/amavisd (ch1-av
    tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 628/named
    tcp6 0 0 [::]:https [::]:* LISTEN 740/apache2
    tcp6 0 0 [::]:http-alt [::]:* LISTEN 740/apache2
    tcp6 0 0 [::]:www [::]:* LISTEN 740/apache2
    tcp6 0 0 [::]:tproxy [::]:* LISTEN 740/apache2
    tcp6 0 0 [::]:ftp [::]:* LISTEN 2547/pure-ftpd (SER
    tcp6 0 0 [::]:domain [::]:* LISTEN 628/named
    tcp6 0 0 [::]:ssh [::]:* LISTEN 1263/sshd
    [email protected]:~#

    [email protected]:~# iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination
    fail2ban-pureftpd tcp -- anywhere anywhere multiport dports ftp
    fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
    fail2ban-dovecot-pop3imap tcp -- anywhere anywhere multiport dports pop3,pop3s,imap2,imaps
    DROP tcp -- anywhere loopback/8
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere
    DROP all -- base-address.mcast.net/4 anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    DROP all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere

    Chain INT_IN (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain INT_OUT (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain PAROLE (8 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain PUB_IN (4 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere icmp echo-reply
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data
    PAROLE tcp -- anywhere anywhere tcp dpt:ftp
    PAROLE tcp -- anywhere anywhere tcp dpt:ssh
    PAROLE tcp -- anywhere anywhere tcp dpt:smtp
    PAROLE tcp -- anywhere anywhere tcp dpt:www
    PAROLE tcp -- anywhere anywhere tcp dpt:mysql
    PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
    PAROLE tcp -- anywhere anywhere tcp dpt:tproxy
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    ACCEPT udp -- anywhere anywhere udp dpt:mysql
    DROP icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain PUB_OUT (4 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain fail2ban-dovecot-pop3imap (1 references)
    target prot opt source destination
    RETURN all -- anywhere anywhere

    Chain fail2ban-pureftpd (1 references)
    target prot opt source destination
    RETURN all -- anywhere anywhere

    Chain fail2ban-ssh (1 references)
    target prot opt source destination
    RETURN all -- anywhere anywhere
    [email protected]:~#
     
  6. spikes

    spikes Member

    No folders created

    I look in /var/www and it seems no folders are created for the website I created through the ispconfig cp. I created the website with ispconfig admin account. What can be wrong here and how do I fix it? Thank you
     
  7. spikes

    spikes Member

    I have started over and everything is work fine now.
     

Share This Page