Auth SSL FTP
is there any free package that can handle auth ssl ftp connection and ftp to ftp transfers? thanks in advance
Hi everyone,
You can use the URLConnection class but if is password protected then you need to use the Authenticator class.
You can use this method for ftp but not many people use ftps as much as they use https and thus its not currently supported.
Maybe you can submit a Request For Enhancement(RFE) so maybe we can all get support for ftps as well
Richard West
Similar Messages
-
Problems implementing AUTH TLS and AUTH SSL in VSFTPD
I have followed the common recommendations to require ssl on login and ssl on data, I have set made a self-signed certificate and key in a single file and set the pointer. When FireFTP client set up for TLSv1 tries to connect the following is the result (debug info in client):
DEBUG: ({account:" FireFTP Profile Name ", host:"6#.5#.##. ### ", port:"21", login:"bbop", password:"", anonymous:false, security:"authtls", pasvmode:true, ipmode:false, treesync:false, localdir:"", remotedir:"", webhost:"", prefix:"", downloadcasemode:0, uploadcasemode:0, encoding:"UTF-8", notes:"", timezone:0, folder:"", privatekey:""})
DEBUG: gConcurrent:2, gMaxCon:10, gRefreshMode:true, gTempPasvMode:true, gLoadUrl:false, fileMode:2, hiddenMode:true, keepAliveMode:true, networkTimeout:30, proxyHost:, proxyPort:0, proxyType:, activePortMode:false, activeLow:1, activeHigh:65535, reconnectMode:true, sessionsMode:true, timestampsMode:false, useCompression:true, integrityMode:true, userAgent:Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)
*220 This FTP Site provided by the State University System Board of Governors, Information Resource Management. Information available for download and uploaded by authorized users is subject to all state and federal privacy regulations and use of this site implies user understanding and acceptance of all responsibilities therein.*
AUTH TLS
*234 Proceed with negotiation.*
PBSZ 0
*200 PBSZ set to 0.*
USER bbop
*331 Please specify the password.*
PASS (password not shown)
*230 Login successful.*
FEAT
*211-Features:
AUTH SSL
AUTH TLS
EPRT
EPSV
MDTM
PASV
PBSZ
PROT
REST STREAM
SIZE
TVFS
211 End*
PWD
*257 "/"*
TYPE A
*200 Switching to ASCII mode.*
PROT P
*200 PROT now Private.*
PASV
*227 Entering Passive Mode (6#,5#,##,###,216,96)*
LIST -al
<<<20 seconds later.......>>>
QUIT
The pam.vsftpd looks as follows:
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
and the vsftpd.conf has the following associated with ssl and chroot jailing:
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pasv_address=6#.5#.##.###
I must be missing something, but I cannot figure out what! I need to have this site up for users in 14 hours!!!!!The problem was not in the vsftpd settings really. It was a network security (firewall) issue.
I defined pasv_min_port=#### and pasv_max_port=#### in vsftpd.conf. I had my network administrator open the ports in this range for TCP for this server.
Clients connecting pasv/tlsv1 now have no issues. -
I've made my pure-ftpd work properly (with a virtual user database and ssl/tls), but I haven't been able to find any proper ftp client for the unix platform
the most important thing is AUTH TLS support!
a gtk2 interface would be nice, but it's not mandatory...
any tips?I'm not using any ftp client with tls currently but let me search...
First this is a list and comparision of ftp clients with support for tls auth for all systems:
http://www.ford-hutchinson.com/~fh-1-pf … tml#client
These look promising:
Kermit http://www.columbia.edu/kermit/ck80.html
Ftp-tls (from Openbsd) http://www.runestig.com/osp.html
Kasablanca (with gui but for kde) http://kasablanca.berlios.de/features.html
Bsdftpd has cli ftps client http://bsdftpd-ssl.sc.ru/
Secureftp (Java gui) http://www.glub.com/products/secureftp/
Lftp (it should automatically recognize tls) http://lftp.yar.ru/
Iglooftp (nice gtk2 gui, commercial? closed source?) http://www.iglooftp.com/unix/download.html
Kftpgrabber (gui, kde) http://kftpgrabber.sourceforge.net/features.php
Pftp + gui clients (ncurses, gtk, qt ?) http://pftp.sourceforge.net/index.html
Tls wrapper (allows any ftp client to use tls) http://tlswrap.sunsite.dk/
BTW it's also good to read pure-ftpd readme first :-)
http://www.pureftpd.org/README.TLS (there is tested clients list)...
Maybe there are more. List of ftp clients for linux:
http://www.usinglinux.org/ftp/
http://www.linuxsoft.cz/en/sw_list.php?id_kategory=9
Maybe some of them support tls too. -
Help required in connecting to Implicit SSL FTP server
Hi,
I am working on a scenario of File to Idoc.
Here the File server (FTP server) is using the Implicit SSL protocol which is not supported by PI.
Hence, we thought of using the scripts for this.
Using Script we will move the file from the FTP server to the PI directory & then using NFS protocol in channel, PI will read the file.
Here my query is, is it possible to go for such a design in case of Implicit SSL?
If yes, please let me know how it can be achieved.
I am referring the below blog of writing the scripts in case of SSH protocol:
/people/daniel.graversen/blog/2008/12/11/sftp-with-pi-the-openssh-way
Please let me know if any such blog/material is available for Implicit SSL protocol as well.
Your help is highly appreciated.
-Supriya.have you tried calling from ABAP ?
Connect FTP Server through R/3
There is something called SAP cryptographic kit which you need to install ,please check this link I am not sure
File has to pass through FTPS connection.. Connection parameters?
Port for Implicit SSL is 990
regards
Ninad -
SSL FTP Transfer to non SAP system
Hi all. My company is sending an eForex interface to a bank that does not use SAP but requires our message to be sent using the FTP protocol we have but with SSL protection. There was an external tool doing the SSL encryption on our side but we want to do it directly from PI though i doubt the bank has any PCK etc on their side.
I see the option use this in the message interface (FTP with SSL for data etc.) but i would like to know if theres more technical configuration to be done to do the connection with the bank.
Any help would be appreciated.
Regards,
Darren.Hi Stefan thanks for noting that. This is not with Citi btw, a bank in SA. But let me get this correct. You're saying if we do the FTP/S in our interface and the bank does not use SAP or a PCK at least, it is possible to to do the transaction if we technically enable SSL on our PI system here and request that the bank allow for reverse DNS lookups to find us as well?
Just those steps on our side and them enabling the lookup means we dont need them to implement any PCK (but perhaps continue with their existing method of dealing with SSL on their side) and request that 1 technical change of allowing reverse lookups for us.
Thank you again for your response.
Regards,
Darren. -
Hi!
I've been looking for a FTP-client that supports the (not so common in the linux world) standard implicit SSL.
I've been trying IglooFTP, Kasablanca, lftp and kbear and so on..but none have worked...
does anyone have any ideas??
what I have found about implicit ssl, is that it is kind of standard in the windows world ((almost all ftp-clients such as ws_ftp and cuteftp supports it) but not in the rest of the world..hi there!
found this http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
it is a list of which clients that supprts different ssl-implementations -
Does XI support FTP over SSL with Command AUTH TLS??
Hi All,
Can we change Command AUTH TLS to AUTH SSL in the Command Order of receiver FTP adapter when you select FTPS (FTP using SSL/TLS) for Controal and Data Connection??
We are able to transfer business documents to bank's FTP server (Following RFC 2228 standards) using WS FTP Pro (I think follows RFC 959 and 1123 standards) which using AUTH SSL in Command order.
We did go through SAP note 821267 (FAQ for XI 3.0 / PI 7.0 File Adapter)...question number 33 address about the "AUTH TLS" command. But we not getting the same error. We get different as in this forum:
Re: Error: Message processing failed: FTPEx: PBSZ=0
Can someone please confirm if this is the issue with FTP RFC standarads?? Or can we coustomize FTPS adapter to send AUTH SSL command??
Thank you,
Indrasena JangaDear Andy,
I am also looking for the same information.
Could you please share with ,if u have got anything related....
Hi Experts,
Pls share your exp with us if u have any....
Regards,
Srinivas -
I've built somekind of advanced ftp server, and i would now like to add SSL or TLS on the server.
Implementing implicit SSL is easy. I used some SSL sockets, and everything was working fine.
But if i want to use TLS or explicit SSL, i have a problem.
With an SSL socket, any attemps to read/write with the streams initiate an handshake.
But an explicit SSL connection is done that way:
-> Connecting to myftpserver.com port 21
-> Connected to myftpserver.com
Server: Welcome to this nice ftp
Server: Enjoy this nice server
-> AUTH SSL
Server: 234 AUTH SSL successful
-> Now negociating SSL session...
So, as u can see, some data(welcome msg, AUTH SSL command, etc) are exchanged BEFORE the SSL negociation.
I dont know how to do that since "any attemps to read/write with the streams initiate an handshake"
I hope someone will be able to help me :)
DundeeWhat's wrong with my code then?You must make sure, before trying to send the first encrypted text, that both side are ready to negociate SSL.
I'm pretty sure your problem is about that.
Did you write both side (client and server) or only the client side?
Because if you are the author of the server side, you must also make sure the server will act as the server during the SSL negociation ( ((SSLSocket)s).setUseClientMode(false)).
So far, my understanding - based on my experimentation:
The client must ask to the server to start SSL communication, but MUST wait for the server to say it is ready before creating the SSL layer. This mean the client send - over the unencrypted communication - a command saying to the server: "i want to start to talk to you over SSL". Then the server answer "Ok, ,i'm ready". Then, and only then, the client create the SSL socket (over the already connected socket - as you seem to have done) and start the SSL negociation. By the way, it is not necessary to call SSLSocket.startNegotiate() explicitly, it will be called when sending the first block of data for the new SSL session.
I'm not sure if I made it clear. But I think the problem - the reason why you get the HandshakeException - is because the client try to negotiate SSL before the server is ready to accept SSL negotiation - maybe this should have been the only sentence of my answer ;-).
About the use of SSLContext; I feel that it only have value if you want to use your own customized X509TrustManager or X509KeyManager. For me, I found it very useful because my server certificate may not be valid as per the default validation algorithm. But basicly we can use the SSLContext the following way:
/* The creation of a KeyManager is a story in itself.
* The way I used it is to specify in my program the KeyStore to be used.
* I think it can be specified in other ways (-D java argument, for exemple).
* For now I not sure how useful it can be for the client side. (sorry)
KeyManager[] myKeyManagers= ....
/* The TrustManager give you the opportunity to do your own validation
* of the server / client - depending on the situation - certificate.
* For now, I don't know how to use TrustManager and KeyManager
* together.
TrustManager[] myTrustManager= new TrustManager[] {new MyX509TrustManager()};
/* The Key and Trust managers created above, can be used to initialize
* the SSL context below.
SSLContext context= SSLContext.getInstance("SSL");
/* Initialize the context with your customized managers.
* Note that all parameters are optional - they can be "null".
* You only specify those you have customized.
context.init( myKeyManager, myTrustManager, null);
/* Then later I can get my SSL socket factory, which will use my
* own customized key and trust manager and secure random.
SSLServerSocketFactory sslSSF= context.getServerSocketFactory();
SSLSocketFactory sslSF= context.getSocketFactory();I found an article in this forum about TrustManager.... seem very promising.
Hope this will help.
Hugues -
How to use a key file in the FTP Task using and SSL connection
In the past I have used this code to set the FTP pass word in an FTP component task in SSIS.
Does anyone know how to use a Key file in an SSL connection to download a file from an FTP site? If not can you tell me where I can get the C# code examples to learn how to create a script task or if there is another way in SSIS to download large files
from an SSL FTP site? Thank you for any help offered.
public void Main()
ConnectionManager FTPConn;
FTPConn = Dts.Connections["FTPServer"];
FTPConn.Properties["ServerPassword"].SetValue(FTPConn, Dts.Variables["FTPPassword"].Value);
Dts.TaskResult = (int)ScriptResults.Success;
AntonioYou can use SFTP for this.
This is a way of implementing SFTP in SSIS using standard tasks
http://visakhm.blogspot.in/2012/12/implementing-dynamic-secure-ftp-process.html
also see
http://blog.goanywheremft.com/2011/10/20/sftp-ftps-secure-ftp-transfers/
Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs -
Hi,
I want to close our plain-text FTP to the internet. Some customers migrated
to a SSH FTP connection. Another one wnats to use SSL-FTP (Explicit)
We are trieing to connect with a explicit connection in passive mode. We've
tried Filezilla and WS_FTP 9.01 as a clint.
We've tried two different Netware FTP servers (SP5 and SP6) on two different
internet location.
Both servers react the same way. When you connect... the certificate is
offered to the clint. Once the clint accepts the certificate nothing
happens. Listing is not possible. We also tried a clint in the local
network of the SP6 server. Same result. :(
Any info on this? How do I get NWFTPD work in SSL mode succesfully?What most often causes the symptoms you are describing is the combination
of SSL encryption and passing through a NAT firewall. Most firewalls are
educated about FTP and they watch inside the FTP data for some of the
extra information that gets passed back and forth about IP addresses.
This is one of the few cases where NAT will translate inside the data
portion of a packet rather than just in the TCP/IP headers.
But once you put FTP inside of SSL, the NAT firewalls can no longer see
inside the data an can't translate some of those addresses anymore,
preventing the extra data connections (needed for dir lists and file
transfers) from addressing their targets correctly.
For NetWare FTP Servers that need to do SSL, are behind NAT (FTP server
has private address), and passive data connections are needed, see TID
3931251.
For FTP clients that need to do SSL and are behind NAT, and active data
connections are needed, you will need to find a setting in the FTP client
which says something like, "use this address for active (nonpassive) data
connections."
> Hi,
>
> I want to close our plain-text FTP to the internet. Some customers
migrated
> to a SSH FTP connection. Another one wnats to use SSL-FTP (Explicit)
>
> We are trieing to connect with a explicit connection in passive mode.
We've
> tried Filezilla and WS_FTP 9.01 as a clint.
>
> We've tried two different Netware FTP servers (SP5 and SP6) on two
different
> internet location.
>
> Both servers react the same way. When you connect... the certificate is
> offered to the clint. Once the clint accepts the certificate nothing
> happens. Listing is not possible. We also tried a clint in the local
> network of the SP6 server. Same result. :(
>
> Any info on this? How do I get NWFTPD work in SSL mode succesfully?
>
> -
PI is not able to pick the file from the FTP folder
This is the FILE TO IDOC scenario. We have configured the file adapter. But its not able to pick the file from the specified directory. We have tried changing the transfer mode from Binary to Txt & also we have tried to put advance selection for source file but it didn't work. Its throwing the below error:
PI Adapter Log:
An error occurred while connecting to the FTP server '10.130.150.21:8529'. The FTP server returned the following error message: 'com.sap.aii.adapter.file.ftp.FTPEx: 451 Unexpected reply coderequested action aborted: local error in processing'. For details, contact your FTP server vendor.
Also we have contacted the FTP team & they told that PI is sending an unsupported command. So instead of taking the file TLOG.txt, its treating this file name a s a directory. Please find the logs from FTP end below:
FTP Log:
(207197)2/5/2013 14:48:25 PM - sysisappi (63.130.82.16)> 230 Logged on
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> FEAT
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> 211-Features:
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> MDTM
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> REST STREAM
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> SIZE
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> MLST type*;size*;modify*;
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> MLSD
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> AUTH SSL
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> AUTH TLS
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> PROT
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> PBSZ
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> UTF8
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> CLNT
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> MFMT
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> 211 End
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> PBSZ 0
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> 200 PBSZ=0
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> PROT P
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> 200 Protection level set to P
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> CWD /Qas
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> 250 CWD successful. "/Qas" is current directory.
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> CWD SAP_ORION
(207197)2/5/2013 14:48:26 PM - sysisappi (63.130.82.16)> 250 CWD successful. "/Qas/SAP_ORION" is current directory.
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> CWD Inbound
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> 250 CWD successful. "/Qas/SAP_ORION/Inbound" is current directory.
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> CWD IRIIN04
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> 250 CWD successful. "/Qas/SAP_ORION/Inbound/IRIIN04" is current directory.
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> CWD TLOG.txt
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> 550 CWD failed. "/Qas/SAP_ORION/Inbound/IRIIN04/TLOG.txt": directory not found.
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> QUIT
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> 221 Goodbye
It should list *TLOG.txt* but instead it is trying to get into a directory named *TLOG.txt*. same for other interface.
So me & my team is struggling for last couple of days to fix this issue.Please share your suggestionHi Sisir
The screen shot of your config doesn't seem to correspond to the FTP log. I say this because the * is dropped from file name pattern "*TLOG.txt" (comparing your config and the FTP log). Can you share an updated FTP log?
Sisir Das wrote:
"/Qas/SAP_ORION/Inbound/IRIIN04" is current directory.
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> CWD TLOG.txt
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> 550 CWD failed. "/Qas/SAP_ORION/Inbound/IRIIN04/TLOG.txt": directory not found.
(207197)2/5/2013 14:48:27 PM - sysisappi (63.130.82.16)> QUIT
Also, like Rajesh suggested, have you tried to manually check permissions by logging in, traversing the directory, and getting the file?
By the way, we always use backslash \ instead of forward slash in our configs. Not sure this would make any difference for you though. Also, I don't normally use a trailing \ at the end of the source directory path. -
FF 32.02 on Windows 8.1 Pro 64-bit. Attempting to access ftp site produces the following error message popup:
211-Features:
AUTH SSL
AUTH TLS
EPRT
EPSV
MDTM
PASV
PBSZ
PROT
with the following page displayed after acknowledging the popup:
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
Cuting-and-pasting the same URL into IE 11.0.9600 results in the page displaying with no problems. Therefore, there is none of the 3 suggestions is the problem.The county ftp site doesn't act strangely for me.
I'm not sure whether these general suggestions are applicable to ftp sites, but just in case:
When you have a problem with one particular site, a good "first thing to try" is clearing your Firefox cache and deleting your saved cookies for the site.
(1) Bypass Firefox's Cache
Use Ctrl+Shift+r to reload the page fresh from the server.
Alternately, you also can clear Firefox's cache completely using:
"3-bar" menu button (or Tools menu) > Options > Advanced
On the Network mini-tab > Cached Web Content : "Clear Now"
If you have a large hard drive, this might take a few minutes.
(2) Remove the site's cookies (save any pending work first). While viewing a page on the site, try either:
* right-click and choose View Page Info > Security > "View Cookies"
* (menu bar) Tools > Page Info > Security > "View Cookies"
In the dialog that opens, you can remove the site's cookies individually.
Then try reloading the page. Does that help? -
Hi,
I've developed an application to make an FTPS connection. The problem is I'm getting an exception in the sslsocket.starthandshake() line.
Here is part of my code:
try
TrustManager[] trustAllCerts = new TrustManager[]
new X509TrustManager(){
public java.security.cert.X509Certificate[] getAcceptedIssuers()
return null;
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
int a = 0;
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
int b = 0;
public boolean isClientTrusted(X509Certificate[] chain)
return true;
public boolean isServerTrusted(X509Certificate[] chain)
return true;
if (socket != null)
throw new IOException("SimpleFTP is already connected. Disconnect first.");
socket = new Socket(host, port);
reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
String response = readLine();
if (!response.startsWith("220"))
throw new IOException("SimpleFTP received an unknown response when connecting to the FTP server: " + response);
// turn on the SSL connection
sendLine("AUTH SSL");
response = readLine();
System.out.println("Response : " + response);
// create SSL socket as usual
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new SecureRandom());
SSLSocketFactory socketFactory = sc.getSocketFactory();
sslSocket = (SSLSocket) socketFactory.createSocket(socket, host, port, true);
sslSocket.startHandshake();The exception I get is the following:
< 220-FileZilla Server version 0.9.36 beta
AUTH SSL< 220-written by Tim Kosse ([email protected])
Response : 220-written by Tim Kosse ([email protected])
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.InputRecord.handleUnknownRecord(InputRecord.java:523)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:355)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:789)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
at base_testsendtoftps.NewClass.accessFTPsProc(NewClass.java:186)
at base_testsendtoftps.NewClass.<init>(NewClass.java:33)
at base_testsendtoftps.NewClass.main(NewClass.java:37)
Any idea of what I'm doing wrong?
Thanks in advance.
Edited by: 810125 on 13-jul-2011 3:11
Edited by: 810125 on 13-jul-2011 3:12You mean this?
if (socket != null)
throw new IOException("SimpleFTP is already connected. Disconnect first.");
socket = new Socket(host, port);
reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
writer = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
String response = readLine();
if (!response.startsWith("220"))
throw new IOException("SimpleFTP received an unknown response when connecting to the FTP server: " + response);
// turn on the SSL connection
sendLine("AUTH SSL");
response = readLine();
System.out.println("Response : " + response);
// create SSL socket as usual
SSLContext sc = SSLContext.getInstance("SSL");
System.out.println("1 - ");
*sc.init(null, null, new SecureRandom());*
System.out.println("2 - ");
SSLSocketFactory socketFactory = sc.getSocketFactory();
System.out.println("3 - ");
sslSocket = (SSLSocket) socketFactory.createSocket(socket, host, port, true);
System.out.println("4 - ");
sslSocket.startHandshake();I'm getting the same error... -
Hi
I am trying to setup vsftpd with ssl and it's not working. I can get normal FTP to work from both a session on the server and Fillezilla or Fireftp on a Windows XP box but SSL wont work from the XP box. It does work from a teminal on the server using lftp.
In the vsftpd log I see teh client connect then it starts auth and just stops. Same thing on the client. Here is the vstpd log:
on Oct 17 21:22:51 2011 [pid 2] CONNECT: Client "192.168.1.7"
Mon Oct 17 21:22:51 2011 [pid 2] FTP response: Client "192.168.1.7", "220 Welcome to Gustav FTP service."
Mon Oct 17 21:22:51 2011 [pid 2] FTP command: Client "192.168.1.7", "AUTH SSL"
Mon Oct 17 21:22:51 2011 [pid 2] FTP response: Client "192.168.1.7", "234 Proceed with negotiation."
The client is also stuck at proceed with negotiation and then it timesout.
I have tried running vstpd from xinetd with teh same result. Currebtly I am running it from the command line as root while I test it.
Below is my vsftpd.conf. Any help greaty appreciated as this is driving me mad.
# Example config file /etc/vsftpd.conf
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
# Activate logging of uploads/downloads.
xferlog_enable=YES
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
# nopriv_user=ftpsecure
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
# You may fully customise the login banner string:
ftpd_banner=Welcome to Gustav FTP service.
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd with two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
#Addeded by polbeck 17/10/11 to integrate with PAM
pam_service_name=ftp
### Enable Secure FTP
ssl_enable=YES
#choose what you like, if you accept anon-connections
# you may want to enable this
allow_anon_ssl=YES
# #choose what you like,
# # it's a matter of performance i guess
force_local_data_ssl=yes
# #choose what you like
force_local_logins_ssl=YES
# #you should at least enable this if you enable ssl...
ssl_tlsv1=YES
# #choose what you like
ssl_sslv2=YES
# #choose what you like
ssl_sslv3=YES
# #give the correct path to your currently generated *.pem file
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
# #the *.pem file contains both the key and cert
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
log_ftp_protocol=YES
#pasv_enable=YES
#require_ssl_reuse=NO
pasv_enable=YES
pasv_address=PUBLIC_IP_ADDRESS
pasv_min_port=46400
pasv_max_port=46410
Last edited by pcolbeck (2011-10-17 20:38:13)pcolbeck, please edit your post.
When pasting code, please use [ code ] tags https://bbs.archlinux.org/help.php#bbcode
like this
It makes the code more readable and more convenient to scroll through. -
Anybody interested in playing with my tool implementation of a ftp client
in forte feel free to email me, and I will send you it. I had tried to
post it to the user group, but it exceeded the size limitations (40000).
Could those of you who emailed me already please do so again. I deleted
your emails in anticipation of being able to post it to the user group.
Thank you,
Chris Henson
ATG Solutions Inc.
[email protected]
[email protected] (mail me here)
To unsubscribe, email '[email protected]' with
'unsubscribe forte-users' as the body of the message.
Searchable thread archive <URL:http://pinehurst.sageit.com/listarchive/>Hi,
Well, it appears that the 40 bit trial version of the
FTP server software was part of the problem. After I
found a trial FTP server version that had 128 bit
encrytpion, it no longer hung. However, I still get
an "Unknown SSL message, plaintext connection?" error
after I call startHandshake() after the "AUTH TLS-P"
or "AUTH SSL" command. However, setting the server
for implicit ssl and creating the ssl socket from the
beginning works just fine. Do secure sockets not work
with explicit SSL? Anyone have any ideas?
Thanks!
Anna I exactly get the same problem. In inmplicit SSL mode, eveything works just fine. But when I configure the server in explicit SSL mode, and thta my client is developped to create such connections, it doesn't work nad i get the same error message: "Unknown SSL message, plaintext connection?". Have you worked out this problem ???
I'm waiting for your answer
Maybe you are looking for
-
When I OCR two versions of the same document and then compare the documents in Acrobat Pro XI, I usually get the message that there are no changes to mark. However, I know there a quite a few number of changes. I raised this question more than a ye
-
Hi I use the GFW classes to show a chart ! I works fine! When I leave the dynpro who show the chart, I call the method CALL METHOD GP_INST->IF_GRAPHIC_PROXY~FREE. When I call this Dynpro again It dow not show the chart not again! The Problem is that
-
BIB-9009 Oracle OLAP could not create cursor.
Hi, I am working on OLAP catalog. I created one cube and 6 Dim. And OEM Console mgs showing this as valid CUbe. When I m trying to create Presentation after selecting my Measure it gives this error:- oracle.dss.dataSource.common.QueryRuntimeException
-
Trying to emulate a fill in actionscript 3
What I'm trying to do is, I load thumbnail pictures into a scrollbar, via XML,when a user selects the thumbnail, what I want it to do is: Take the thumbnail bitmapData (66x66) , copy it into an empty movieclip that can be used with multiple instances
-
Bonjour, que faire contre l'erreur 3194 concernant la restauration de l'iphone pour le desimlockage. Mise à jour logiciel : OK Mise à jour iphone 4S ios 6.1 : OK Pendant l'extraction du logiciel, le processus ne se fini pas et le message d'erreur arr