LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-19-2006, 05:53 AM   #1
dsids
Member
 
Registered: Mar 2006
Distribution: FC4
Posts: 184

Rep: Reputation: 31
ftp over ssl or ftps://..


Hi,
Im trying to use ftp over ssl, that is, ftps. For that I installed an
rpm package of vsftpd and then made the following changes to
vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem

..
1) Now when I use a ftp client like smartFTP from windows using the
option FTP over SSL explicit, It connects to the vsftpd server on my
linux box,
2) but when I type the url ftp://192.168.10.240 (IE or Firefox) of my
linux box, it asks me for the username and pass which I give..
3) after which it gives me an error that non anonymous sessions must
use encryption.

Im lost....Please advise where is the error..

I want that by typing
ftps://192.168.10.240
I should be able to trafer data securely..

Thank you
Danish
 
Old 07-19-2006, 07:16 AM   #2
dsids
Member
 
Registered: Mar 2006
Distribution: FC4
Posts: 184

Original Poster
Rep: Reputation: 31
I would like to add that I created the certificate (pem file) and then stripped the certificate from all its text to keep only the -CERTIFICATE- section by doing...
#openssl x509 -in vsftpd.pem -out cacert.crt

I then scp'd the cacert.crt to a windows machine. Right clicked the cacert.crt on windows desktop and installed it using the wizard, but still I get the same error message..

login denied: non anonymous sessions must be encrypted...

Please advise

Thanks
Danish
 
Old 07-20-2006, 06:15 PM   #3
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440

Rep: Reputation: 52
I have never really setup ftps before so I can't really help you. However, why not use scp? For your clients, tell them to install winscp and then they're good to go.

-twantrd
 
Old 07-20-2006, 06:17 PM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
I don't believe that IE and Firefox support ftps.
 
Old 07-20-2006, 11:49 PM   #5
dsids
Member
 
Registered: Mar 2006
Distribution: FC4
Posts: 184

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by twantrd
I have never really setup ftps before so I can't really help you. However, why not use scp? For your clients, tell them to install winscp and then they're good to go.

-twantrd
Installing ftp clients on each n every machine in the LAN can be a pain..especialy if the clients are just interested in accessing ftp through the url...

Matir...Ill have to check on the support n get back...


Thanks
Danish
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ftp client with ssl support? Emanon Linux - Software 3 10-26-2006 02:28 PM
console ftps/ssl client with clear data channel? evank Linux - Software 0 03-07-2006 06:04 PM
Ftp client+ssl+implicit? CyberTron Linux - Software 3 04-21-2005 05:11 PM
FTP via SSL (TLS) embsupafly Linux - Security 2 03-02-2005 08:47 PM
implicit ssl ftp client jwijesundra Linux - General 0 01-19-2005 08:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration