Insecure server, it does not support FTP over TLS? It was working!

Discussion in 'Installation/Configuration' started by JohnnyBeGood, Apr 19, 2015.

  1. JohnnyBeGood

    JohnnyBeGood Member

    Hi all,

    I'm in process of moving wibsites onto new server and on the new server I folloowed this guide https://www.howtoforge.com/perfect-...hp-mysql-pureftpd-bind-dovecot-ispconfig-3-p5
    moved 2 sites and it worked because they're Wordpress. Third one is not Wordpress and did not work because it does not work with php v5.5.9 on the server. Old server had php v5.3.10 so I found this guide https://www.howtoforge.com/perfect-server-ubuntu-12.10-apache2-bind-dovecot-ispconfig-3-p4 and followed section
    14.3 Additional PHP Versions that's the last change I made before noticing my FTP password change in ISPconfig are no longer working and I'm getting below message saying I'm not using TLS? It worked already.
    I've searched the forums but could not find anything.
    Re-did section 16. Install PureFTPd And Quota but no luck. I spent so much time setting up everything and now I have to start from begging :(

    Code:
    Status:    Connecting to 198.27.xx.xxx:21...
    Status:    Connection established, waiting for welcome message...
    Status:    Insecure server, it does not support FTP over TLS.
    Command:    USER username_example_com
    Response:    331 User username_example_com OK. Password required
    Command:    PASS **********
    Response:    530 Login authentication failed
    Error:    Critical error: Could not connect to server
     
  2. JohnnyBeGood

    JohnnyBeGood Member

    Anyone? please.
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The first tutorial activates tls in pure-ftpd, so lets see if all settings are set. Post the output of:

    cat /etc/pure-ftpd/conf/TLS

    and

    ls -la /etc/ssl/private/
     
  4. JohnnyBeGood

    JohnnyBeGood Member

    Thanks for the reply til!
    Here we go:
    Code:
    [email protected]:~# cat /etc/pure-ftpd/conf/TLS
    1
    [email protected]:~#
    
    Code:
    [email protected]:~# ls -la /etc/ssl/private/
    total 16
    drwx--x--- 2 root ssl-cert 4096 Apr 11 20:50 .
    drwxr-xr-x 4 root root     4096 Apr 11 19:09 ..
    -rw------- 1 root root     3107 Apr 19 02:33 pure-ftpd.pem
    -rw-r----- 1 root ssl-cert 1708 Apr 11 19:11 ssl-cert-snakeoil.key
    [email protected]:~#
    
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats ok so far. Restart pure-ftpd and post the line that you get after the restart command on the shell.
     
  6. JohnnyBeGood

    JohnnyBeGood Member

    Great!
    Here we go:
    Code:
    [email protected]:~# service pure-ftpd-mysql restart
    Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql                                                                                        :/etc/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -E -                                                                                        A -D -u 1000 -b -Y 1 -8 UTF-8 -H -B
    [email protected]:~#
    
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    The start line is fin so far,, it contains the option -Y which enables tls in pure-ftpd.

    Are you really sure that you connect to the right server? I just did a test connection to my server and the status messages are very different, e.g. pure-ftpd shows its name in the first status message which is missing in your messages, so it might be that you connect to a different server that does not run pure-ftpd.
     
  8. JohnnyBeGood

    JohnnyBeGood Member

    Ok, just to make sure I'm logging in into correct server for ispconfig I used IP instead of domain name. ie. https://serverIP:8080/index.php#
    and created new password. using putty connected to same server IP and in terminal I did this:

    Code:
    [email protected]:~# ftp localhost
    Connected to localhost.localdomain.
    220-Welcome to cc-ftpd.
    220-You are user number 1 of 50 allowed.
    220-Local time is now 12:54. Server port: 21.
    220-This is a private system - No anonymous login
    220-IPv6 connections are also welcome on this server.
    220 You will be disconnected after 15 minutes of inactivity.
    Name (localhost:root): username_example_com
    331 User username_example_com OK. Password required
    Password:
    530 Login authentication failed
    Login failed.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> exit
    221-Goodbye. You uploaded 0 and downloaded 0 kbytes.
    221 Logout.
    [email protected]:~#
    
    Still can't login. Unless there's a restriction somewhere that prevent login from localhost terminal?
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    please post the output of:

    netstat -tap | grep ftp
     
  10. JohnnyBeGood

    JohnnyBeGood Member

    Here we go:

    Code:
    [email protected]:~# netstat -tap | grep ftp
    tcp        0      0 *:ftp                   *:*                     LISTEN      2754/cc-ftpd (SERVE
    [email protected]:~#
    
     
  11. JohnnyBeGood

    JohnnyBeGood Member

    Update:
    Looking at that output I think that's Cenova Cast FTP server (cc-ftpd) that I installed few weeks back and is now overtaking port 21, am I correct?
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes. Stop that ftp server and disable it, then start pure-ftpd.
     
  13. JohnnyBeGood

    JohnnyBeGood Member

    Yep, that's what it was. No wonder all of password changes did not work :) Thanks for your help, I could not do it my self!
     
  14. mlmateos

    mlmateos New Member

    Hi, I installed ispconfig 3 and added a class2 startssl certificate. Everything looks fine except I get this message in ftp:
    Connecting to xx.xx.xx.x:21...
    Status: Connection established, waiting for welcome message...
    Status: Insecure server, it does not support FTP over TLS.
    I read the previous talk but didn't work for me. Could you help, please.
     
  15. mlmateos

    mlmateos New Member

    @till I had to rerun:
    echo 1 > /etc/pure-ftpd/conf/TLS
    after updating ispconfig.
    Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.
    Status: Connected
    Cheers.
     

Share This Page