Author Topic: Opening ftps connections using lftp  (Read 375 times)

Offline biscuit

  • New user
  • *
  • Posts: 10
    • View Profile
Opening ftps connections using lftp
« on: March 19, 2017, 05:46:28 pm »
Hello,

I am running version 1.3.5d in my server.  I have configured proftpd to serve out ftps in a non default port(29301).  I am able to use Filezilla to open a connection and do the transfers etc, but I am having a tough time with lftp.  I would prefer using lftp as I can script it well.  Here are some details.

config settings

# TLS Configuration
TLSEngine on
TLSProtocol TLSv1
TLSOptions NoSessionReuseRequired NoCertRequest
TLSRequired on
TLSVerifyClient off
TLSRenegotiate none
# Server's certificate
# You need to generate these according to the faq
TLSRSACertificateFile /home/user1/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /home/user1/proftpd/ssl/proftpd.key.pem
</IfModule>

TLS Log
2017-03-19 13:38:32,224 mod_tls/2.6[28270]: SSL/TLS required but absent on control channel, denying ^V
^C^A^B command

lftp switches
set ftp:ssl-allow yes
set ftp:ssl-protect-data yes
set ftp:ssl-protect-list yes
 
lftp debug output
lftp user1@host:~> ls
---- dns cache hit
---- attempt number 1 (max_retries=1000)
---- Connecting to somehost.domain.com (a.b.c.d) port 29301
**** SSL_connect: unknown protocol
---- Closing control socket
ls: Fatal error: SSL_connect: unknown protocol
« Last Edit: March 19, 2017, 05:58:44 pm by biscuit »

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5336
    • View Profile
    • http://www.castaglia.org/
Re: Opening ftps connections using lftp
« Reply #1 on: March 19, 2017, 09:04:15 pm »
You might try including this in your lftp settings:

  set ftp:ssl-force yes

Offline biscuit

  • New user
  • *
  • Posts: 10
    • View Profile
Re: Opening ftps connections using lftp
« Reply #2 on: March 20, 2017, 12:16:50 am »
I tried that, and that doesn't work either :( :(

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5336
    • View Profile
    • http://www.castaglia.org/
Re: Opening ftps connections using lftp
« Reply #3 on: March 20, 2017, 12:18:40 am »
Could you provide the full proftpd.conf you're using?  I'm wondering if you have a <VirtualHost> section, and that section is not using the mod_tls directives you have, due to e.g. those mod_tls directives not being in a <Global> section (and thus not globally applied).

Offline biscuit

  • New user
  • *
  • Posts: 10
    • View Profile

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5336
    • View Profile
    • http://www.castaglia.org/
Re: Opening ftps connections using lftp
« Reply #5 on: March 20, 2017, 03:02:56 am »
Your ftps.conf file has:

  # TLS Configuration
  TLSEngine off

I think you meant to use "TLSEngine on" here...?

Offline biscuit

  • New user
  • *
  • Posts: 10
    • View Profile
Re: Opening ftps connections using lftp
« Reply #6 on: March 20, 2017, 09:46:34 am »
Doh I was trying something, let me turn that back on right now and try again.

Offline biscuit

  • New user
  • *
  • Posts: 10
    • View Profile
Re: Opening ftps connections using lftp
« Reply #7 on: March 20, 2017, 11:42:35 am »
I set TLSRequired to on, I have updated my configs in pastebin to reflect that.  I am still getting the same problem.

To recap, I issued the following commands in lftp

lftp :~> set ftp:ssl-allow yes
lftp :~> set ftp:ssl-protect-data yes
lftp :~> set ftp:ssl-protect-list yes
lftp :~> set ftp:ssl-force yes

lftp :~> open ftps://user1:somepass@host.somewhere.net:29301
lftp user1@host.somewhere.net:~> ls
ls: Fatal error: SSL_connect: unknown protocol


Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5336
    • View Profile
    • http://www.castaglia.org/
Re: Opening ftps connections using lftp
« Reply #8 on: March 20, 2017, 03:06:51 pm »
How are you starting proftpd, from the command-line?  What does proftpd debug logging, debug level 10, show?

Offline biscuit

  • New user
  • *
  • Posts: 10
    • View Profile
Re: Opening ftps connections using lftp
« Reply #9 on: March 20, 2017, 05:52:55 pm »
Here are the logs.
CLIENT
lftp :~> set ftp:ssl-allow no
lftp :~> set ftp:ssl-protect-data no
lftp :~> set ftp:ssl-protect-list no
lftp :~> set ftp:ssl-force yes
lftp :~> open ftps://user1:****l@somehost.domain.com:29301
lftp user1@somehost.domain.com:~> ls
ls: Fatal error: SSL_connect: unknown protocol
lftp user1@somehost.domain.com:~> debug level 10
lftp user1@somehost.domain.com:~> ls
**** SSL_connect: unknown protocol
ls: Fatal error: SSL_connect: unknown protocol
lftp user1@somehost.domain.com:~> ls
**** SSL_connect: unknown protocol
ls: Fatal error: SSL_connect: unknown protocol



SERVER
47:35,721 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): session requested from client in unknown class
2017-03-20 13:47:35,721 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): performing module session initializations
2017-03-20 13:47:35,721 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): mod_tls/2.6: supporting TLSv1, TLSv1.1, TLSv1.2 protocols
2017-03-20 13:47:35,722 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): mod_ident/1.0: ident lookup disabled
2017-03-20 13:47:35,722 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): opening scoreboard '/home/user1/proftpd/ftps.scoreboard'
2017-03-20 13:47:35,722 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): connected - local  : x.y.z.e:29301
2017-03-20 13:47:35,722 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): connected - remote : a.b.c.d:51986
2017-03-20 13:47:35,722 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): FTP session opened.
2017-03-20 13:47:35,731 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): dispatching PRE_CMD command '^V^C^A^B' to mod_tls
2017-03-20 13:47:35,731 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): dispatching PRE_CMD command '^V^C^A^B' to mod_core
2017-03-20 13:47:35,731 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): dispatching PRE_CMD command '^V^C^A^B' to mod_core
2017-03-20 13:47:35,731 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): dispatching LOG_CMD_ERR command '^V^C^A^B' to mod_log
2017-03-20 13:47:35,854 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): mod_tls/2.6: scrubbing 1 passphrase from memory
2017-03-20 13:47:35,854 somehost proftpd[3591] 0.0.0.0 (a.b.c.d[a.b.c.d]): FTP session closed.
2017-03-20 13:47:41,757 somehost proftpd[3529] 0.0.0.0: scrubbing scoreboard
2017-03-20 13:47:41,757 somehost proftpd[3529] 0.0.0.0: finished scrubbing scoreboard
Waiting for data... (interrupt to abort)

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5336
    • View Profile
    • http://www.castaglia.org/
Re: Opening ftps connections using lftp
« Reply #10 on: March 20, 2017, 06:25:35 pm »
That log makes it look like lftp is using _implicit_ FTPS -- trying to do the SSL handshake before issuing any FTP commands.

Instead, what if you try:

  lftp :~> set ftp:ssl-allow yes
  lftp :~> set ftp:ssl-protect-data yes
  lftp :~> set ftp:ssl-protect-list yes
  lftp :~> set ftp:ssl-force yes
  lftp :~> open -P 29301 somehost.domain.com

Offline biscuit

  • New user
  • *
  • Posts: 10
    • View Profile
Re: Opening ftps connections using lftp
« Reply #11 on: March 20, 2017, 07:42:42 pm »
That finally worked! Yeah!

I had to issue this 1 command for lftp to accept my certificate.

set ssl:verify-certificate no