Securing FTP accounts created under ISPConfig

Discussion in 'Installation/Configuration' started by pannet1, Nov 1, 2017.

  1. pannet1

    pannet1 Member

    hi @till + others

    i am able to access the server patch with the new client ftp user created. however i am able to access the server through Filezilla only when i select encryption (only use plain FTP - insecure). Please advise how to force new accounts created to use explicit or implicit TLS.

    I have also successfully created letsencrpt SSL for this client. Is there a way to (optionally) capitalize on that.

    os: debian stretch
    ispconfig: 3.1.7p1
     
  2. pannet1

    pannet1 Member

    bumping it again.

     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    That's a pure-ftpd setting and not an ISPConfig setting. By default-pure-ftpd allows sessions that are encrypted and unencrypted. If you want to allow TLS sessions only, then run:

    echo 2 > /etc/pure-ftpd/conf/TLS

    and restart pure ftpd
     
    ahrasis and pannet1 like this.
  4. pannet1

    pannet1 Member

    Thanks @till
    Got it. now.
     
  5. pannet1

    pannet1 Member

    @till,
    just noticed i am unable to login with tls with the same password i used for plain text. then i saw this notice

    /var/log/debug

    Code:
    server1 pure-ftpd: ([email protected]?) [DEBUG] Couldn't load the DH parameters file /etc/ssl/private/pure-ftpd-dhparams.pem
    
    now how to resolve this.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Check that you are really using FTPS (FTP over TLS) and not SFTP in your FTP client. SFTP is not FTP, it is SSH.
     
  7. pannet1

    pannet1 Member

    @till,
    Negative. I am using "TLS encryption if available option" not SFTP protocol.

    Filezilla Log
    Code:
    Status:   Resolving address of example.com
    Status:   Connecting to xx.xx.xxx.xxx:21...
    Status:   Connection established, waiting for welcome message...
    Response:   220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
    Response:   220-You are user number 4 of 50 allowed.
    Response:   220-Local time is now 23:59. Server port: 21.
    Response:   220-This is a private system - No anonymous login
    Response:   220-IPv6 connections are also welcome on this server.
    Response:   220 You will be disconnected after 15 minutes of inactivity.
    Command:   AUTH TLS
    Error:   Connection timed out after 20 seconds of inactivity
    Error:   Could not connect to server
    
    
     

Share This Page