LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-06-2014, 04:20 PM   #1
will_grace
LQ Newbie
 
Registered: Mar 2014
Posts: 1

Rep: Reputation: Disabled
vsftpd on CentOS 6 SSL/TLS


Hello,

I am using FileZilla, the latest version 3.7.4.1 on Windows 7, connecting to a CentOS 6.5 Server with vstp installed. I am getting the following, it allowed me to confirm my selfsigned cert.

Response: 220 Welcome to XXX XXX. sFTP service.
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER ftp
Status: TLS/SSL connection established.
Response: 530 Anonymous sessions may not use encryption.
Error: Could not connect to server
Status: Waiting to retry...

It just does not seem to want to allow me to connect using TLS

My vsftpd config follows

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES


# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)

local_umask=022


# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES


# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES

# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES

# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES

# You may change the default value for timing out an idle session.
idle_session_timeout=600

# You may change the default value for timing out a data connection.
data_connection_timeout=120

# You may fully customise the login banner string:
ftpd_banner=Welcome to XXX XXX. sFTP service.

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list

# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_ciphers=HIGH

#listen_port=990
#debug_ssl=YES

pam_service_name=vsftpd
userlist_enable=YES
#userlist_deny=YES
userlist_deny=NO
tcp_wrappers=YES
max_per_ip=2
force_dot_files=NO

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
pasv_enable=YES
port_enable=YES
pasv_min_port=10001
pasv_max_port=10009
#pasv_address=X.X.X.X

The ports are mapped through the Router.

This is driving me up the wall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable SMTP SSL/TLS (Centos 5.9 - Postfix - Dovecot) marciano Linux - Server 2 05-03-2013 04:19 PM
CentOS 6.2 and vsftpd issue w/ explicit FTP over TLS Kaiser Soze Linux - Server 1 07-27-2012 01:14 AM
vsftpd (TLS/SSL/SFTP) problem masimiqbal Linux - Server 1 02-18-2010 09:52 AM
problems when running vsFTPd with TLS/SSL knudsen83 Linux - Server 2 01-08-2008 04:10 PM
vsftpd ssl/tls jefffq Linux - Software 2 07-05-2005 07:38 PM


All times are GMT -5. The time now is 09:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration