Insecure server, it does not support FTP over TLS? It was working!

Discussion in 'Installation/Configuration' started by JohnnyBeGood, Apr 19, 2015.

  1. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Hi all,

    I'm in process of moving wibsites onto new server and on the new server I folloowed this guide https://www.howtoforge.com/perfect-...hp-mysql-pureftpd-bind-dovecot-ispconfig-3-p5
    moved 2 sites and it worked because they're Wordpress. Third one is not Wordpress and did not work because it does not work with php v5.5.9 on the server. Old server had php v5.3.10 so I found this guide https://www.howtoforge.com/perfect-server-ubuntu-12.10-apache2-bind-dovecot-ispconfig-3-p4 and followed section
    14.3 Additional PHP Versions that's the last change I made before noticing my FTP password change in ISPconfig are no longer working and I'm getting below message saying I'm not using TLS? It worked already.
    I've searched the forums but could not find anything.
    Re-did section 16. Install PureFTPd And Quota but no luck. I spent so much time setting up everything and now I have to start from begging :(

    Code:
    Status:    Connecting to 198.27.xx.xxx:21...
    Status:    Connection established, waiting for welcome message...
    Status:    Insecure server, it does not support FTP over TLS.
    Command:    USER username_example_com
    Response:    331 User username_example_com OK. Password required
    Command:    PASS **********
    Response:    530 Login authentication failed
    Error:    Critical error: Could not connect to server
     
  2. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Anyone? please.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The first tutorial activates tls in pure-ftpd, so lets see if all settings are set. Post the output of:

    cat /etc/pure-ftpd/conf/TLS

    and

    ls -la /etc/ssl/private/
     
  4. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Thanks for the reply til!
    Here we go:
    Code:
    root@linux:~# cat /etc/pure-ftpd/conf/TLS
    1
    root@linux:~#
    
    Code:
    root@linux:~# ls -la /etc/ssl/private/
    total 16
    drwx--x--- 2 root ssl-cert 4096 Apr 11 20:50 .
    drwxr-xr-x 4 root root     4096 Apr 11 19:09 ..
    -rw------- 1 root root     3107 Apr 19 02:33 pure-ftpd.pem
    -rw-r----- 1 root ssl-cert 1708 Apr 11 19:11 ssl-cert-snakeoil.key
    root@linux:~#
    
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats ok so far. Restart pure-ftpd and post the line that you get after the restart command on the shell.
     
  6. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Great!
    Here we go:
    Code:
    root@linux:~# service pure-ftpd-mysql restart
    Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql                                                                                        :/etc/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -E -                                                                                        A -D -u 1000 -b -Y 1 -8 UTF-8 -H -B
    root@linux:~#
    
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The start line is fin so far,, it contains the option -Y which enables tls in pure-ftpd.

    Are you really sure that you connect to the right server? I just did a test connection to my server and the status messages are very different, e.g. pure-ftpd shows its name in the first status message which is missing in your messages, so it might be that you connect to a different server that does not run pure-ftpd.
     
  8. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Ok, just to make sure I'm logging in into correct server for ispconfig I used IP instead of domain name. ie. https://serverIP:8080/index.php#
    and created new password. using putty connected to same server IP and in terminal I did this:

    Code:
    root@linux:~# ftp localhost
    Connected to localhost.localdomain.
    220-Welcome to cc-ftpd.
    220-You are user number 1 of 50 allowed.
    220-Local time is now 12:54. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    Name (localhost:root): username_example_com
    331 User username_example_com OK. Password required
    Password:
    530 Login authentication failed
    Login failed.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> exit
    221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
    221 Logout.
    root@linux:~#
    
    Still can't login. Unless there's a restriction somewhere that prevent login from localhost terminal?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    please post the output of:

    netstat -tap | grep ftp
     
  10. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Here we go:

    Code:
    root@linux:~# netstat -tap | grep ftp
    tcp        0      0 *:ftp                   *:*                     LISTEN      2754/cc-ftpd (SERVE
    root@linux:~#
    
     
  11. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Update:
    Looking at that output I think that's Cenova Cast FTP server (cc-ftpd) that I installed few weeks back and is now overtaking port 21, am I correct?
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. Stop that ftp server and disable it, then start pure-ftpd.
     
  13. JohnnyBeGood

    JohnnyBeGood Member HowtoForge Supporter

    Yep, that's what it was. No wonder all of password changes did not work :) Thanks for your help, I could not do it my self!
     
  14. mlmateos

    mlmateos New Member

    Hi, I installed ispconfig 3 and added a class2 startssl certificate. Everything looks fine except I get this message in ftp:
    Connecting to xx.xx.xx.x:21...
    Status: Connection established, waiting for welcome message...
    Status: Insecure server, it does not support FTP over TLS.
    I read the previous talk but didn't work for me. Could you help, please.
     
  15. mlmateos

    mlmateos New Member

    @till I had to rerun:
    echo 1 > /etc/pure-ftpd/conf/TLS
    after updating ispconfig.
    Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Status: Connected
    Cheers.
     
  16. ojee66

    ojee66 New Member

    have virtual box with isp. from local machine i can use ftp. from internet i got error as above. ports 20,21 and 22 are open. as so port 30000 (in vbox i can't open a range for ftp passive)

    vbox 2 nic's -> host only, and NAT (in NAT i've opened the ports as so in windows firewall)

    windows firewall rules to forward to host only nic is not working.
     
    Last edited: Apr 26, 2017
  17. Jesse Norell

    Jesse Norell Well-Known Member

    @ojee66, if you use a firewall or nat (and you use both), you can't use secure ftp (FTPS) in passive mode without opening/forwarding a port range for the passive connections. You could use active mode *if* there is no firewall or nat on the client side, but that's quite unlikely. If you really can't setup some ports to forward, you'll probably have to abandon ftp and use SFTP instead (not a terrible idea in it's own right).
     

Share This Page