• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Can't connect via FTPS

filavision

New Pleskian
Server operating system version
CentOS Linux 7.9.2009 (Core)
Plesk version and microupdate number
Plesk Obsidian v18.0.54_build1800230714.10 os_CentOS 7
Hey!

When i try to connect via FTPS (Explizit FTP over TLS) i will get these errors on FileZilla:

Status: Verbindung hergestellt, warte auf Willkommensnachricht...
Antwort: 220 ProFTPD Server (ProFTPD) [***.***.***.***]
Befehl: AUTH TLS
Antwort: 504 Command not implemented for that parameter
Befehl: AUTH SSL
Antwort: 504 Command not implemented for that parameter
Fehler: Kritischer Fehler: Herstellen der Verbindung zum Server fehlgeschlagen

Any idea what i can do? Plesk is set to accept FTP and FTPS connections.
 
Hey!

Yes, Tools & Settings > Security Police > Secure FTP is set to the second option (allow both). I also added the config file for passive mode and restarted xinetd but nothing works. Firewall is off.
 
Now I get a new warning in the server logs:

2023-07-19 16:48:33warningproftpd [21955]
System-Daemons [3]
warning: handling possibly truncated configuration data at line 2 of '/etc/proftpd.d/55-passive-ports.conf'
 
This is the server logfile when i try to connect vie FTP over TLS:

2023-07-19 10:57:03infoproftpd [24643]
Sicherheits-/Authentifizierungsmeldungen [10]
pam_unix(proftpd:session): session closed for user pbtftpnas
2023-07-19 10:57:03errproftpd [24643]
Sicherheits-/Authentifizierungsmeldungen [10]
pam_systemd(proftpd:session): Failed to connect to system bus: Datei oder Verzeichnis nicht gefunden
2023-07-19 10:57:03errproftpd [24643]
Sicherheits-/Authentifizierungsmeldungen [10]
pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Datei oder Verzeichnis nicht gefunden
2023-07-19 10:57:03infoproftpd [24643]
Sicherheits-/Authentifizierungsmeldungen [10]
pam_unix(proftpd:session): session opened for user pbtftpnas by (uid=0)
 
Now I get a new warning in the server logs: ... warning: handling possibly truncated configuration data at line 2 of '/etc/proftpd.d/55-passive-ports.conf'
Please check the content of /etc/proftpd.d/55-passive-ports.conf that it is
Code:
<Global>
PassivePorts 49152 65535
</Global>
If not, please change it so that it matches this example.
 
This is the server logfile when i try to connect vie FTP over TLS:

... pam_systemd(proftpd:session): Failed to connect to system bus: Datei oder Verzeichnis nicht gefunden ...
... pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: Datei oder Verzeichnis nicht gefunden ...

You should have a file /etc/security/pam_env.conf with this content:
Code:
#%PAM-1.0
auth       required    pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth       include     system-auth
account    include     system-auth
session    include     system-auth
session    required    pam_loginuid.so
If this is missing, it can be an indicator that something is very basically wrong. How was ProFTPD installed? Did you install by running Plesk installer or was it installed separately?
 
I'v checked the 55-passive-ports.conf file again and it is exactly the same it should be. To be sure, i copy paste your code. Still the same warning in the server log.

I didn't installed ProFTP by myself, just installed CentOS with Plesk via STRATO.
I have the /etc/security/pam_env.conf file on my server. The rights are 0644 with owner root and the content is:

#
# This is the configuration file for pam_env, a PAM module to load in
# a configurable list of environment variables for a
#
# The original idea for this came from Andrew G. Morgan ...
#<quote>
# Mmm. Perhaps you might like to write a pam_env module that reads a
# default environment from a file? I can see that as REALLY
# useful... Note it would be an "auth" module that returns PAM_IGNORE
# for the auth part and sets the environment returning PAM_SUCCESS in
# the setcred function...
#</quote>
#
# What I wanted was the REMOTEHOST variable set, purely for selfish
# reasons, and AGM didn't want it added to the SimpleApps login
# program (which is where I added the patch). So, my first concern is
# that variable, from there there are numerous others that might/would
# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
#
# Of course, these are a different kind of variable than REMOTEHOST in
# that they are things that are likely to be configured by
# administrators rather than set by logging in, how to treat them both
# in the same config file?
#
# Here is my idea:
#
# Each line starts with the variable name, there are then two possible
# options for each variable DEFAULT and OVERRIDE.
# DEFAULT allows and administrator to set the value of the
# variable to some default value, if none is supplied then the empty
# string is assumed. The OVERRIDE option tells pam_env that it should
# enter in its value (overriding the default value) if there is one
# to use. OVERRIDE is not used, "" is assumed and no override will be
# done.
#
# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]]
#
# (Possibly non-existent) environment variables may be used in values
# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
# be used in values using the @{string} syntax. Both the $ and @
# characters can be backslash escaped to be used as literal values
# values can be delimited with "", escaped " not supported.
# Note that many environment variables that you would like to use
# may not be set by the time the module is called.
# For example, HOME is used below several times, but
# many PAM applications don't make it available by the time you need it.
#
#
# First, some special variables
#
# Set the REMOTEHOST variable for any hosts that are remote, default
# to "localhost" rather than not being set at all
#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable
#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
#
#
# Now some simple variables
#
#PAGER DEFAULT=less
#MANPAGER DEFAULT=less
#LESS DEFAULT="M q e h15 z23 b80"
#NNTPSERVER DEFAULT=localhost
#PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
#
# silly examples of escaped variables, just to show how they work.
#
#DOLLAR DEFAULT=\$
#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR}
#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST}
#ATSIGN DEFAULT="" OVERRIDE=\@
 
One more strange thing: I'm in France at the moment and i use my mobile hotspot to connect to the server. FTP is working, FTPS not. When i use a VPN to my Router in Germany, both methods are working.
 
Back
Top