Results 1 to 1 of 1
I am trying to setup Proftp with SSL/TLS on Opensuse 11 Proftpd vs 1.3.2rc1 My problem is when I try to connect via Filezilla it gets to LIST then I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 07-20-2008 #1
- Join Date
- May 2005
- Knoxville, Tn
Proftpd with TLS fails at LIST
Proftpd vs 1.3.2rc1
My problem is when I try to connect via Filezilla it gets to LIST then I get connection timed out, Failed to retrieve directory list. It never actually lists the directories. I have no doubt this is my lack of knowledge, but I have tried to search for the exact issue to my situation and cannot find an answer.
My syslog.log shows this as the last entry:
Preparing to chroot to directory '/ftp/directory'
Jul 19 21:16:26 mod_tls/2.2: TLS/TLS-C requested, starting TLS handshake Jul 19 21:16:26 mod_tls/2.2: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits) Jul 19 20:16:27 mod_tls/2.2: Protection set to Private
# To really apply changes reload proftpd after modifications. AllowOverwrite on AuthAliasOnly on # Choose here the user alias you want !!!! UserAlias bob user1 UserAlias jim user2 ServerName "My FPT Site" ServerType standalone DeferWelcome on MultilineRFC2228 on DefaultServer on ShowSymlinks off TimeoutNoTransfer 600 TimeoutStalled 100 TimeoutIdle 2200 #DisplayFirstChdir .message ListOptions "-l" RequireValidShell off TimeoutLogin 20 RootLogin off # It's better for debug to create log files ;-) ExtendedLog /var/log/ftp.log TransferLog /var/log/xferlog SystemLog /var/log/syslog.log #DenyFilter \*.*/ RequireValidShell off # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me) UseFtpUsers off # Allow to restart a download AllowStoreRestart on # Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want) Port 1980 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 8 # Set the user and group that the server normally runs at. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 PersistentPasswd off MaxClients 8 MaxClientsPerHost 8 MaxClientsPerUser 8 MaxHostsPerUser 8 # Display a message after a successful login AccessGrantMsg "Good day!!!" # This message is displayed for each access good or not ServerIdent on "Welcome to your Home" <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/tls.log TLSProtocol TLSv1 # Are clients required to use FTP over TLS when talking to this server? TLSRequired on # Server's certificate TLSRSACertificateFile /etc/ftpcert/server.crt TLSRSACertificateKeyFile /etc/ftpcert/server.key # CA the server trusts TLSCACertificateFile /etc/ftpcert/ca.crt # Authenticate clients that want to use FTP over TLS? TLSVerifyClient off #TLSOptions NoCertRequest </IfModule> # Set /srv/ftp/ftpdir as home directory DefaultRoot /srv/ftp/ftpdir # Lock all the users in home directory, ***** really important ***** DefaultRoot ~ # Set Passive Ports range - to allow login from internet behind firewall PassivePorts 49152 64432 MasqueradeAddress mysite.domain.com MaxLoginAttempts 5 #VALID LOGINS <Limit LOGIN> AllowUser user1 user2 DenyALL </Limit> <Directory /srv/ftp/ftpdir> #Umask 022 022 AllowOverwrite on <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> DenyAll </Limit> </Directory>
proftpd -l output:
Compiled-in modules: mod_core.c mod_xfer.c mod_auth_unix.c mod_auth_file.c mod_auth.c mod_ls.c mod_log.c mod_site.c mod_delay.c mod_facts.c mod_ident.c mod_auth_pam.c mod_tls.c mod_cap.c
The directory that is set to default has chmod 775 with root as owner and users for group.
I have tried with SSL/TLS set to not required with same results. The server does have a firewall running on it, but the ports listed are allowed. I also tried with the firewall disabled. At this point I do not know where to look for the issue so any assistance is much appreciated.