LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Should I open Port 990 for CuteFTP? (https://www.linuxquestions.org/questions/linux-newbie-8/should-i-open-port-990-for-cuteftp-4175489707/)

tezarin 12-31-2013 10:23 AM
Should I open Port 990 for CuteFTP?
 
Hi all,

One of my users has been using CuteFTP with no problem for years. All of the sudden, she started getting an error:

Code:
STATUS:>          [12/31/2013 11:03:35 AM] Getting listing ""...
STATUS:>          [12/31/2013 11:03:35 AM] Resolving host name servername.net...
STATUS:>          [12/31/2013 11:03:35 AM] Host name servername.net resolved: ip = *.*.*.*.
STATUS:>          [12/31/2013 11:03:35 AM] Connecting to FTP server... servername.net:990 (ip = *.*.*.*)...
STATUS:>          [12/31/2013 11:03:35 AM] Socket connected. Waiting for welcome message...
STATUS:>          [12/31/2013 11:03:35 AM] Connected. Exchanging encryption keys...
ERROR:>          [12/31/2013 11:03:36 AM] SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.
I checked the firewall and didn't see the port 990 listed anywhere:
Code:
[root@server ~]# nmap -sV -O 127.0.0.1

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-12-31 10:25 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1668 closed ports
PORT    STATE SERVICE            VERSION
22/tcp  open  ssh                OpenSSH 4.3 (protocol 2.0)
53/tcp  open  domain            ISC Bind dnsmasq-2.49
80/tcp  open  http              Apache httpd 2.2.3 ((ClearOS))
81/tcp  open  ssl/http          Apache httpd
82/tcp  open  http              Apache httpd
389/tcp  open  ldap                (Anonymous bind OK)
443/tcp  open  ssl/http          Apache httpd 2.2.3 ((ClearOS))
898/tcp  open  sun-manageconsole?
3128/tcp open  http-proxy        Squid webproxy 2.6.STABLE21
6000/tcp open  X11                (access denied)
8080/tcp open  http-proxy        DansGuardian HTTP proxy
9999/tcp open  abyss?
I haven't made any changes to the firewall and the user has never used or imported any type of certificates in her global settings section of the CuteFTP.

Should I open the port 990 or the problem is caused by something on the server end?

Please advise,

Thanks in advance

MensaWater 12-31-2013 12:09 PM
Is your user suddenly using ftps instead of ftp? You don't list the command line the user used.

ftps would use different ports because it tries to use SSL whereas vanilla ftp does not nor does it use certificates.

Is it possible to have the user use sftp instead of ftp (On Windows you can install WinSCP to allow use of sftp, scp and ftp.) I don't use CuteFTP so I don't know if it has an sftp mode. I'd seriously suggest having them do sftp vs ftps if they're coming to your Linux system as sftp uses the same ports etc... as ssh.

tezarin 12-31-2013 01:40 PM
Quote:
Originally Posted by MensaWater (Post 5089725)
Is your user suddenly using ftps instead of ftp? You don't list the command line the user used.

ftps would use different ports because it tries to use SSL whereas vanilla ftp does not nor does it use certificates.

Is it possible to have the user use sftp instead of ftp (On Windows you can install WinSCP to allow use of sftp, scp and ftp.) I don't use CuteFTP so I don't know if it has an sftp mode. I'd seriously suggest having them do sftp vs ftps if they're coming to your Linux system as sftp uses the same ports etc... as ssh.
Thanks much for your reply. The user doesn't use any command, she uses CuteFTP software, FTP with TLS/SSL (port 990 - Implicit), that's what she always has been using. No change there.

Will have her try WinSCP,

Thanks


All times are GMT -5. The time now is 01:19 PM.