Should I open Port 990 for CuteFTP?

tezarin · 12-31-2013, 10:23 AM

Hi all,

One of my users has been using CuteFTP with no problem for years. All of the sudden, she started getting an error:

Code:

STATUS:>  	[12/31/2013 11:03:35 AM] Getting listing ""...
STATUS:>  	[12/31/2013 11:03:35 AM] Resolving host name servername.net...
STATUS:>  	[12/31/2013 11:03:35 AM] Host name servername.net resolved: ip = *.*.*.*.
STATUS:>  	[12/31/2013 11:03:35 AM] Connecting to FTP server... servername.net:990 (ip = *.*.*.*)...
STATUS:>  	[12/31/2013 11:03:35 AM] Socket connected. Waiting for welcome message...
STATUS:>  	[12/31/2013 11:03:35 AM] Connected. Exchanging encryption keys...
ERROR:>   	[12/31/2013 11:03:36 AM] SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.

I checked the firewall and didn't see the port 990 listed anywhere:

Code:

[root@server ~]# nmap -sV -O 127.0.0.1

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2013-12-31 10:25 EST
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1668 closed ports
PORT     STATE SERVICE            VERSION
22/tcp   open  ssh                OpenSSH 4.3 (protocol 2.0)
53/tcp   open  domain             ISC Bind dnsmasq-2.49
80/tcp   open  http               Apache httpd 2.2.3 ((ClearOS))
81/tcp   open  ssl/http           Apache httpd
82/tcp   open  http               Apache httpd
389/tcp  open  ldap                (Anonymous bind OK)
443/tcp  open  ssl/http           Apache httpd 2.2.3 ((ClearOS))
898/tcp  open  sun-manageconsole?
3128/tcp open  http-proxy         Squid webproxy 2.6.STABLE21
6000/tcp open  X11                 (access denied)
8080/tcp open  http-proxy         DansGuardian HTTP proxy
9999/tcp open  abyss?

I haven't made any changes to the firewall and the user has never used or imported any type of certificates in her global settings section of the CuteFTP.

Should I open the port 990 or the problem is caused by something on the server end?

Please advise,

Thanks in advance

MensaWater · 12-31-2013, 12:09 PM

Is your user suddenly using ftps instead of ftp? You don't list the command line the user used.

ftps would use different ports because it tries to use SSL whereas vanilla ftp does not nor does it use certificates.

Is it possible to have the user use sftp instead of ftp (On Windows you can install WinSCP to allow use of sftp, scp and ftp.) I don't use CuteFTP so I don't know if it has an sftp mode. I'd seriously suggest having them do sftp vs ftps if they're coming to your Linux system as sftp uses the same ports etc... as ssh.

tezarin · 12-31-2013, 01:40 PM

Quote:

Originally Posted by MensaWater

Is your user suddenly using ftps instead of ftp? You don't list the command line the user used.

ftps would use different ports because it tries to use SSL whereas vanilla ftp does not nor does it use certificates.

Is it possible to have the user use sftp instead of ftp (On Windows you can install WinSCP to allow use of sftp, scp and ftp.) I don't use CuteFTP so I don't know if it has an sftp mode. I'd seriously suggest having them do sftp vs ftps if they're coming to your Linux system as sftp uses the same ports etc... as ssh.

Thanks much for your reply. The user doesn't use any command, she uses CuteFTP software, FTP with TLS/SSL (port 990 - Implicit), that's what she always has been using. No change there.

Will have her try WinSCP,

Thanks