Issue Can't connect via FTPS

[filavision]

Server operating system version

CentOS Linux 7.9.2009 (Core)

Plesk version and microupdate number

Plesk Obsidian v18.0.54_build1800230714.10 os_CentOS 7

Hey!

When i try to connect via FTPS (Explizit FTP over TLS) i will get these errors on FileZilla:

Status: Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort: 220 ProFTPD Server (ProFTPD) [***.***.***.***]
Befehl: AUTH TLS
Antwort: 504 Command not implemented for that parameter
Befehl: AUTH SSL
Antwort: 504 Command not implemented for that parameter
Fehler: Kritischer Fehler: Herstellen der Verbindung zum Server fehlgeschlagen

Any idea what i can do? Plesk is set to accept FTP and FTPS connections.

 

[MarkM]

Tools & Settings > Security Policy > Secure FTP - set on one of the first two choices?

Edit - Another thing, make sure passive ports are open; (Plesk for Linux) Configuring Passive FTP Mode

 

[filavision]

Hey!

Yes, Tools & Settings > Security Police > Secure FTP is set to the second option (allow both). I also added the config file for passive mode and restarted xinetd but nothing works. Firewall is off.

 

[filavision]

Now I get a new warning in the server logs:

2023-07-19 16:48:33

warning

proftpd [21955] System-Daemons [3]

warning: handling possibly truncated configuration data at line 2 of '/etc/proftpd.d/55-passive-ports.conf'

 

[filavision]

This is the server logfile when i try to connect vie FTP over TLS:

2023-07-19 10:57:03	info	proftpd [24643] Sicherheits-/Authentifizierungsmeldungen [10]	pam_unix(proftpd:session): session closed for user pbtftpnas
2023-07-19 10:57:03	err	proftpd [24643] Sicherheits-/Authentifizierungsmeldungen [10]	pam_systemd(proftpd:session): Failed to connect to system bus: Datei oder Verzeichnis nicht gefunden
2023-07-19 10:57:03	err	proftpd [24643] Sicherheits-/Authentifizierungsmeldungen [10]	pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Datei oder Verzeichnis nicht gefunden
2023-07-19 10:57:03	info	proftpd [24643] Sicherheits-/Authentifizierungsmeldungen [10]	pam_unix(proftpd:session): session opened for user pbtftpnas by (uid=0)

 

[Peter Debik]

Now I get a new warning in the server logs: ... warning: handling possibly truncated configuration data at line 2 of '/etc/proftpd.d/55-passive-ports.conf'

Please check the content of /etc/proftpd.d/55-passive-ports.conf that it is

<Global>
PassivePorts 49152 65535
</Global>

If not, please change it so that it matches this example.

 

[Peter Debik]

This is the server logfile when i try to connect vie FTP over TLS:

... pam_systemd(proftpd:session): Failed to connect to system bus: Datei oder Verzeichnis nicht gefunden ...
... pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Datei oder Verzeichnis nicht gefunden ...

You should have a file /etc/security/pam_env.conf with this content:

#%PAM-1.0
auth       required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       include     system-auth
account    include     system-auth
session    include     system-auth
session    required    pam_loginuid.so

If this is missing, it can be an indicator that something is very basically wrong. How was ProFTPD installed? Did you install by running Plesk installer or was it installed separately?

 

[filavision]

I'v checked the 55-passive-ports.conf file again and it is exactly the same it should be. To be sure, i copy paste your code. Still the same warning in the server log.

I didn't installed ProFTP by myself, just installed CentOS with Plesk via STRATO.
I have the /etc/security/pam_env.conf file on my server. The rights are 0644 with owner root and the content is:

#
# This is the configuration file for pam_env, a PAM module to load in
# a configurable list of environment variables for a
#
# The original idea for this came from Andrew G. Morgan ...
#<quote>
# Mmm. Perhaps you might like to write a pam_env module that reads a
# default environment from a file? I can see that as REALLY
# useful... Note it would be an "auth" module that returns PAM_IGNORE
# for the auth part and sets the environment returning PAM_SUCCESS in
# the setcred function...
#</quote>
#
# What I wanted was the REMOTEHOST variable set, purely for selfish
# reasons, and AGM didn't want it added to the SimpleApps login
# program (which is where I added the patch). So, my first concern is
# that variable, from there there are numerous others that might/would
# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
#
# Of course, these are a different kind of variable than REMOTEHOST in
# that they are things that are likely to be configured by
# administrators rather than set by logging in, how to treat them both
# in the same config file?
#
# Here is my idea:
#
# Each line starts with the variable name, there are then two possible
# options for each variable DEFAULT and OVERRIDE.
# DEFAULT allows and administrator to set the value of the
# variable to some default value, if none is supplied then the empty
# string is assumed. The OVERRIDE option tells pam_env that it should
# enter in its value (overriding the default value) if there is one
# to use. OVERRIDE is not used, "" is assumed and no override will be
# done.
#
# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
#
# (Possibly non-existent) environment variables may be used in values
# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
# be used in values using the @{string} syntax. Both the $ and @
# characters can be backslash escaped to be used as literal values
# values can be delimited with "", escaped " not supported.
# Note that many environment variables that you would like to use
# may not be set by the time the module is called.
# For example, HOME is used below several times, but
# many PAM applications don't make it available by the time you need it.
#
#
# First, some special variables
#
# Set the REMOTEHOST variable for any hosts that are remote, default
# to "localhost" rather than not being set at all
#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable
#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
#
#
# Now some simple variables
#
#PAGER DEFAULT=less
#MANPAGER DEFAULT=less
#LESS DEFAULT="M q e h15 z23 b80"
#NNTPSERVER DEFAULT=localhost
#PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
#
# silly examples of escaped variables, just to show how they work.
#
#DOLLAR DEFAULT=\$
#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
#ATSIGN DEFAULT="" OVERRIDE=\@

 

[filavision]

One more strange thing: I'm in France at the moment and i use my mobile hotspot to connect to the server. FTP is working, FTPS not. When i use a VPN to my Router in Germany, both methods are working.