LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ssl/tls on gFTP on Slackware 14.2 (https://www.linuxquestions.org/questions/linux-security-4/ssl-tls-on-gftp-on-slackware-14-2-a-4175644386/)

coiks54 12-16-2018 08:17 AM
ssl/tls on gFTP on Slackware 14.2
 
Hy to all.
I have a question with my web server host.
From two weeks they have changed the FTP protocol to SSL/TLS for FTP connection.
I connect with gFTP on Slackware 14.2 (version 2.0.19) in mode FTPS and I got:

Connected to 5.196.30.241:21
220 ProFTPD 1.3.4a Server (FTP) [5.196.30.241]
AUTH TLS
234 AUTH TLS successful
Error with certificate at depth: 0
Issuer = /C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
Subject = /OU=Domain Control Validated/CN=*.dominiofaidate.com
Error 20:unable to get local issuer certificate
Disconnecting from site 5.196.30.241

If I connect in mode SSH2 it loop at infinite time.

When I try to connect with lftp I got:

iks ~ $ lftp -c 'open -e "set ftps:initial-prot ""; \
> set ftp:ssl-force true; \
> set ftp:ssl-protect-data true; \
> put myfile.html; " \
> -u "myuser","mypassw" \
> 5.196.30.241:21 '
put: myfile.html: Fatal error: Certificate verification: unable to get local issuer certificate (76:54:D3:BF:8D:DB:33:B5:09:56:49:95:FF:84:D8:1C:CA:93:6C:3C)

Support want I connect with FileZilla, but it's not possible to install it
on my Slackware or I'm not able to do. They counseling me to upgrade
openssl and I got all the upgrade at today on slackpkg but it don't work or it
got the same result.
They want port 21 and no other.
FileZilla work with: ftpes://address but only FileZilla work with ftpes://
and others ways obtain:

> ftpes://5.196.30.241:21 '
open: ftpes - not supported protocol

Support means that ssh not work whit they server FTP.

If someone could help me find a solution for this problem. Without ftp it is impossible to manage a website.
Hy: excuse me for my English!

ilesterg 12-16-2018 05:11 PM
Hello, what FTP(s) client are you using?

coiks54 12-16-2018 09:26 PM
1 Attachment(s)
Hello Ilesterg.
I sayed to your question at the beginning of my post:
Quote:
"I connect with gFTP on Slackware 14.2 (version 2.0.19)"

ilesterg 12-16-2018 09:35 PM
What does the cert chain look like?
Code:
openssl s_client -connect 5.196.30.241:21

coiks54 12-16-2018 11:05 PM
iks ~ $ openssl s_client -connect 5.196.30.241:2
connect: Connection refused
connect:errno=111

coiks54 12-16-2018 11:20 PM
Sorry ilesterg: I had wrong pasted without final "1"
I poste new log:

Quote:
iks ~ $ openssl s_client -connect 5.196.30.241:21
CONNECTED(00000003)
3073517248:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:827:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1545023816
Timeout : 300 (sec)
Verify return code: 0 (ok)
---

coiks54 12-17-2018 05:52 AM
Hy to all.
I think I have solved with lftp script:

Quote:
lftp -c 'set ftp:ssl-auth TLS;\
set ftp:ssl-force true; \
set ftp:ssl-protect-list yes; \
set ftp:ssl-protect-data yes; \
set ftp:ssl-protect-fxp yes; \
set ssl:verify-certificate no; open -u myuser,mypsw -e "cd /; ls; " 5.196.30.241:21'
Someone can mark thread solved? I don't find the button...

ilesterg 12-17-2018 07:08 AM
Quote:
Originally Posted by coiks54 (Post 5938140)
Hy to all.
I think I have solved with lftp script:



Someone can mark thread solved? I don't find the button...
From a security standpoint, I wouldn't say "solved" because you set 'verify-certificate' to no. But okay, I'm glad that your issue is gone.

coiks54 12-18-2018 06:03 PM
I understand your point of view ilesterg, but I am not a professional programmer who deals with security. Only a user who tries to connect to the FTP server to which I connected two weeks ago with simple FTP protocol. For the user it is a digital problem: it works / does not work. I think the solution I found on the web could be useful to other USERS who have the same problem ...
Hy to all and thank you for attention.


All times are GMT -5. The time now is 01:52 AM.