FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 03-02-2012, 06:09 AM
Bob Hoffman
 
Default VSftp, ssl/tls, slight issue with directory listings

Centos 6, stock installation, no additional repos added.

vsftp works fine in regular mode, going to ssl I got issues. I get as
far as 'directory listing' and it dies. It times out and disconnects.

file: /etc/sysconfig/iptables-config
added: IPTABLES_MODULES="ip_conntrack_ftp"
(without this line, ftp normally fails, afraid it may be causing issues
with the ssl)

iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
again, normal ftp fine.

vsftp file
below are the additional commands I entered to get ssl/tls up and running.


pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

ssl_enable=YES
implicit_ssl=yes <--- tried with and without this and the port 21 below
listen_port=21 <-- see above
allow_anon_ssl=NO
force_local_data_ssl=NO <-- set this to yes so I can still test normal
functions
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
ssl_ciphers=HIGH <-- this was added as I was using filezilla and it
wanted different ciphers. without this it would have a tls fatal error,
adding this absolved that issue.


Now I have tried playing with the settings and in all cases when it can
connect it dies at directory listing.
Implicit ssl wants 990, but the listen_port directive can tell it to go
to 21. Again, full connect, changes folders, dies at trying to display
contents of initial folder.

I have redone the pem a few times and even moved it in and out of the
vsftpd folder just for kicks, no joy.

I tried opening port 990 and that made no difference at all (even
changing listen_port or leaving it commented out)

so, cannot figure what is up. Most online notes are for non-centos 6
and/or generally follow this same set of commands. Most of the debug
threads about this issue deal with plain connections and not tls/ssl.

I can find no solution yet, has anyone out there secured their vsftp
server and wanna throw me a bone?

Only this and two other things prevent me from throwing out a nice video
tutorial of how to go from a stock install to a fully armed and
operational webserver, ssl everywhere, etc....

all nighter and no where with this one. At least not yet.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-02-2012, 06:34 AM
John R Pierce
 
Default VSftp, ssl/tls, slight issue with directory listings

On 03/01/12 11:09 PM, Bob Hoffman wrote:
> vsftp works fine in regular mode, going to ssl I got issues. I get as
> far as 'directory listing' and it dies. It times out and disconnects.

if you need secure file transfer, use sftp/scp, not ftp-over-ssl...
ftp-over-ssl is a mess.




--
john r pierce N 37, W 122
santa cruz ca mid-left coast

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org