LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-16-2018, 08:17 AM   #1
coiks54
Member
 
Registered: Oct 2018
Location: Torino, Italy
Distribution: Always Slackware!
Posts: 31
Blog Entries: 3

Rep: Reputation: Disabled
ssl/tls on gFTP on Slackware 14.2


Hy to all.
I have a question with my web server host.
From two weeks they have changed the FTP protocol to SSL/TLS for FTP connection.
I connect with gFTP on Slackware 14.2 (version 2.0.19) in mode FTPS and I got:

Connected to 5.196.30.241:21
220 ProFTPD 1.3.4a Server (FTP) [5.196.30.241]
AUTH TLS
234 AUTH TLS successful
Error with certificate at depth: 0
Issuer = /C=BE/O=GlobalSign nv-sa/CN=AlphaSSL CA - SHA256 - G2
Subject = /OU=Domain Control Validated/CN=*.dominiofaidate.com
Error 20:unable to get local issuer certificate
Disconnecting from site 5.196.30.241

If I connect in mode SSH2 it loop at infinite time.

When I try to connect with lftp I got:

iks ~ $ lftp -c 'open -e "set ftps:initial-prot ""; \
> set ftp:ssl-force true; \
> set ftp:ssl-protect-data true; \
> put myfile.html; " \
> -u "myuser","mypassw" \
> 5.196.30.241:21 '
put: myfile.html: Fatal error: Certificate verification: unable to get local issuer certificate (76:543:BF:8DB:33:B5:09:56:49:95:FF:848:1C:CA:93:6C:3C)

Support want I connect with FileZilla, but it's not possible to install it
on my Slackware or I'm not able to do. They counseling me to upgrade
openssl and I got all the upgrade at today on slackpkg but it don't work or it
got the same result.
They want port 21 and no other.
FileZilla work with: ftpes://address but only FileZilla work with ftpes://
and others ways obtain:

> ftpes://5.196.30.241:21 '
open: ftpes - not supported protocol

Support means that ssh not work whit they server FTP.

If someone could help me find a solution for this problem. Without ftp it is impossible to manage a website.
Hy: excuse me for my English!
 
Old 12-16-2018, 05:11 PM   #2
ilesterg
Member
 
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 587

Rep: Reputation: 72
Hello, what FTP(s) client are you using?
 
Old 12-16-2018, 09:26 PM   #3
coiks54
Member
 
Registered: Oct 2018
Location: Torino, Italy
Distribution: Always Slackware!
Posts: 31

Original Poster
Blog Entries: 3

Rep: Reputation: Disabled
Hello Ilesterg.
I sayed to your question at the beginning of my post:
Quote:
"I connect with gFTP on Slackware 14.2 (version 2.0.19)"
Attached Thumbnails
Click image for larger version

Name:	gftpconFTPSridotto.png
Views:	77
Size:	243.0 KB
ID:	29204  
 
Old 12-16-2018, 09:35 PM   #4
ilesterg
Member
 
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 587

Rep: Reputation: 72
What does the cert chain look like?
Code:
openssl s_client -connect 5.196.30.241:21
 
1 members found this post helpful.
Old 12-16-2018, 11:05 PM   #5
coiks54
Member
 
Registered: Oct 2018
Location: Torino, Italy
Distribution: Always Slackware!
Posts: 31

Original Poster
Blog Entries: 3

Rep: Reputation: Disabled
iks ~ $ openssl s_client -connect 5.196.30.241:2
connect: Connection refused
connect:errno=111
 
Old 12-16-2018, 11:20 PM   #6
coiks54
Member
 
Registered: Oct 2018
Location: Torino, Italy
Distribution: Always Slackware!
Posts: 31

Original Poster
Blog Entries: 3

Rep: Reputation: Disabled
Sorry ilesterg: I had wrong pasted without final "1"
I poste new log:

Quote:
iks ~ $ openssl s_client -connect 5.196.30.241:21
CONNECTED(00000003)
3073517248:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:827:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1545023816
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
 
Old 12-17-2018, 05:52 AM   #7
coiks54
Member
 
Registered: Oct 2018
Location: Torino, Italy
Distribution: Always Slackware!
Posts: 31

Original Poster
Blog Entries: 3

Rep: Reputation: Disabled
Hy to all.
I think I have solved with lftp script:

Quote:
lftp -c 'set ftp:ssl-auth TLS;\
set ftp:ssl-force true; \
set ftp:ssl-protect-list yes; \
set ftp:ssl-protect-data yes; \
set ftp:ssl-protect-fxp yes; \
set ssl:verify-certificate no; open -u myuser,mypsw -e "cd /; ls; " 5.196.30.241:21'
Someone can mark thread solved? I don't find the button...
 
Old 12-17-2018, 07:08 AM   #8
ilesterg
Member
 
Registered: Jul 2012
Location: München
Distribution: Debian, CentOS/RHEL
Posts: 587

Rep: Reputation: 72
Quote:
Originally Posted by coiks54 View Post
Hy to all.
I think I have solved with lftp script:



Someone can mark thread solved? I don't find the button...
From a security standpoint, I wouldn't say "solved" because you set 'verify-certificate' to no. But okay, I'm glad that your issue is gone.
 
Old 12-18-2018, 06:03 PM   #9
coiks54
Member
 
Registered: Oct 2018
Location: Torino, Italy
Distribution: Always Slackware!
Posts: 31

Original Poster
Blog Entries: 3

Rep: Reputation: Disabled
I understand your point of view ilesterg, but I am not a professional programmer who deals with security. Only a user who tries to connect to the FTP server to which I connected two weeks ago with simple FTP protocol. For the user it is a digital problem: it works / does not work. I think the solution I found on the web could be useful to other USERS who have the same problem ...
Hy to all and thank you for attention.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
openvpn error: TLS Error: TLS key negotiation failed to occur within 60 seconds pendrive Linux - Networking 1 11-02-2011 08:39 AM
Why does TLS port accespt both TLS and plain TCP? kenneho Linux - Server 4 02-08-2009 07:30 AM
errno: TLS definition in /lib64/libc.so.6 section .tbss mismatches non-TLS reference johnpaulodonnell Programming 2 07-25-2008 04:37 AM
/usr/bin/ld: errno TLS def.. mismatches non-TLS def.. maverick_pol Fedora 1 07-27-2007 10:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration