Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-27-2006, 05:36 PM
|
#1
|
Member
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413
Rep:
|
Proftpd error 425 after TLS.
I'm running Proftpd on my Fedora 5 server, all was going well, but I was not satisfied with the security. To solve this, I used mod_tls. Now when I try to connect, it logs in to the user fine, but then I get an error. Here is the output:
Code:
220 FTP Server ready.
AUTH TLS
234 AUTH TLS successful
PBSZ 0
200 PBSZ 0 successful
USER admin
331 Password required for admin.
PASS (password not shown)
230 User admin logged in.
PWD
257 "/" is current directory.
TYPE A
200 Type set to A
PROT P
200 Protection set to Private
CWD /
250 CWD command successful
PORT 192,168,0,103,10,105
200 PORT command successful
LIST
150 Opening ASCII mode data connection for file list
QUIT
425 Unable to build data connection: Operation not permitted
221 Goodbye.
Unable to make a connection. Please try again.
Thanks for any help.
|
|
|
04-27-2006, 08:32 PM
|
#2
|
Senior Member
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534
Rep: 
|
Try to log in with lftp. This client is very complete from the security capabilities point of view.
|
|
|
04-28-2006, 08:29 AM
|
#3
|
Member
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413
Original Poster
Rep:
|
Thanks, I'll try this out later when I get home, but just for testing. I need to get the FireFTP extension in Firefox to work. This FTP server needs to be easy to use for every one, and this is one of the easiest to use cross platform FTP clients.
|
|
|
04-28-2006, 06:38 PM
|
#4
|
Member
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413
Original Poster
Rep:
|
Lftp worked perfectly. But if it matters, I was running lftp locally (through SSH) on the server, not over the network.
EDIT: Actually, I don't think I connected with ftps. This probably sounds stupid, but how do you connect with ftps in lftp
EDIT(Again): OK, I figured it out. When using FTPS, I cannot get a directory listing. Lftp does not work either.
I figured this might be a good thing to post:
Code:
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
ServerName "FTP"
ServerIdent on "FTP Server ready."
ServerAdmin
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off
# Use this to excude users from the chroot
DefaultRoot ~ !adm
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Default to show dot files in directory listings
ListOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP
# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 20
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
TLSEngine on
TLSRequired off
TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>
Last edited by pdeman2; 04-28-2006 at 07:39 PM.
|
|
|
04-30-2006, 05:23 PM
|
#5
|
Member
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413
Original Poster
Rep:
|
Bump......
|
|
|
05-01-2006, 09:22 PM
|
#6
|
Member
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413
Original Poster
Rep:
|
Bump......
|
|
|
05-01-2006, 09:33 PM
|
#7
|
Senior Member
Registered: Dec 2003
Location: Paris
Distribution: Slackware forever.
Posts: 2,534
Rep: 
|
Well i don't use ProFTP, but if you want security, take a look at vsftp, it's the Very Secure Ftp, and that's the server that runs kernel.org. I successfully did a fully encrypted connection + data with it.
|
|
|
05-01-2006, 09:49 PM
|
#8
|
Member
Registered: Jul 2005
Location: Maine, USA
Distribution: OpenSUSE, Gentoo, Fedora, Ubuntu, Mandriva, others
Posts: 413
Original Poster
Rep:
|
Thanks. I'll take a look.
|
|
|
All times are GMT -5. The time now is 07:29 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|