Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Unable to activate TLS in Pure-FTPD
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tabanus
l33t
l33t


Joined: 11 Jun 2004
Posts: 626
Location: UK

PostPosted: Fri Sep 19, 2014 5:58 pm    Post subject: Unable to activate TLS in Pure-FTPD Reply with quote

I'm having difficulty setting up tls in pure-ftpd.

I followed the instructions at: http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS

I created the SSL key at /etc/ssl/private/pure-ftpd.pem using this command:

Code:
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem


Changed the permissions:
Code:
chmod 600 /etc/ssl/private/*.pem


My /etc/conf.d/pure-ftpd file (comments stripped out):

Code:
# Config file for /etc/init.d/pure-ftpd
IS_CONFIGURED="yes"

SERVER="-S 21"

MAX_CONN="-c 30"
MAX_CONN_IP="-C 10"

DAEMON="-B"

DISK_FULL="-k 90%"

AUTH="-l puredb:/etc/pureftpd.pdb"


MISC_OTHER="-A -X -j -R -Z -M -H -Y 1"


I'm testing this over localhost using konqueror.

I can access ftp://localhost/ just fine. However, sftp://localhost/ gives this error:

Code:
Details of the Request:
URL: sftp://localhost/
Protocol: sftp
Date and Time: Friday 19 Sep 2014 18:47
Additional Information: Connection refused
Description:
Connection refused


If I change: SERVER="-S 21" to SERVER="-S 22" then try to access sftp://localhost/ I get this error:

Code:
Details of the Request:
URL: sftp://localhost/
Protocol: sftp
Date and Time: Friday 19 Sep 2014 18:49
Additional Information: Protocol mismatch: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Description:
Protocol mismatch: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------


Not sure if it's something to do with the permissions I have on /etc/ssl/private (where the key resides), :

Code:
# ls -l /etc/ssl
total 40
drwxr-xr-x 2 root root 20480 Aug 25 18:47 certs
drwxr-xr-x 2 root root  4096 Aug 25 18:47 misc
-rw-r--r-- 1 root root 10835 Aug 25 18:46 openssl.cnf
drwx------ 2 root root  4096 Sep 18 23:25 private


Thanks
_________________
Things you might say if you never took Physics: "I'm overweight even though I don't overeat." - Neil deGrasse Tyson


Last edited by tabanus on Sat Sep 20, 2014 8:05 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Fri Sep 19, 2014 11:34 pm    Post subject: Reply with quote

SFTP and FTP-over-TLS are different things. SFTP is an FTP-like protocol that runs inside an ssh tunnel. FTP-over-TLS is an SSL-encrypted connection to a traditional ftpd. They provide similar functionality, but you cannot use a client speaking SFTP to talk to a server speaking FTP-over-TLS.
Back to top
View user's profile Send private message
tabanus
l33t
l33t


Joined: 11 Jun 2004
Posts: 626
Location: UK

PostPosted: Sat Sep 20, 2014 7:27 am    Post subject: Reply with quote

OK, didn't know that. How do I verify that TLS is active?
_________________
Things you might say if you never took Physics: "I'm overweight even though I don't overeat." - Neil deGrasse Tyson
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13509

PostPosted: Sat Sep 20, 2014 3:41 pm    Post subject: Reply with quote

Use an ftp client that supports TLS and monitor the network traffic to confirm that you see an SSL handshake. I prefer sftp over ftps, so I cannot provide more specific advice.
Back to top
View user's profile Send private message
tabanus
l33t
l33t


Joined: 11 Jun 2004
Posts: 626
Location: UK

PostPosted: Sun Sep 21, 2014 4:26 pm    Post subject: Reply with quote

OK, it seems I have to connect via ftpes://localhost (at least using filezilla)

Thanks
_________________
Things you might say if you never took Physics: "I'm overweight even though I don't overeat." - Neil deGrasse Tyson
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum