FTP over TLS/SSL not working

[john_calvert]

OS: CentOS 6.6
Plesk: 11.5.30 #48
ProFTPd: 1.3.4c

Hi,

I am unable to connect over TLS/SSL using my FTP client. I have ports 989 & 990 enabled in my server's firewall. My FTP client is attempting connection on port 990, but times out waiting for the server to respond. I also tried adding "TLSProtocol TLSv1" or "TLSProtocol SSLv3" to /etc/proftpd.conf, but get the same result, except that a non-TLS/SSL connection attempt then returns "server closed the connection".

thanks,
JC

 

[UFHH01]

Hi john_calvert,

please investigate your logs in the first place.

/usr/local/psa/var/log/ftp_tls.log ( should link to: "/var/log/plesk/ftp_tls.log" )
/usr/local/psa/var/log/xferlog ( should link to: "/var/log/plesk/xferlog" )​

There are three depending configuration files for ProFTP with Plesk:

/etc/xinetd.d/ftp_psa
/etc/proftpd.conf
/etc/proftpd.include​

Please investigate these files as well, to find issues.

Depending on your system configuration, you might find as well additional log - files at "var/log/", which might point to issues with auth, firewall or other depending settings, which can cause your issue.


If you don't find the issues/failures on your own, please provide the logs and your configuration files, so that people willing to help don't have to guess, but could instead may suggest ways to solve your issues.

 

[john_calvert]

Thanks for the advice about the logs and firewall. The firewall was part of the issue: FTPS requires that a range of ports be open for the data channel, and this range can be specified in the proftpd.conf file. Another part of the issue was the connection settings in the FTP client (for example, the port should be left blank or set to the default, 21). I found that Filezilla was helpful because it displays the details of the connection handshake, and also the security protocol and certificate info.

I have FTPS working now (FTP over TLS/SSL). This was not a Plesk issue.

 

[Matt Clayburn]

I had a similar issue and just thought it might be helpful to post my info for someone else.

I have a VPS in Amazon EC2, running PLesk 12.5, Centos 6.7
I have undertaken some modifications to meet PCI compliance.

Part of this is enforcing FTP connections via TLS (which is accomplished with a setting in Plesk Panel > Server > Security Policy)

The FTP would connect successfully via TLS on port 21, but fail on Directory Listing in Filezilla.

I discovered this is due to my defined Passive port range not being open on my firewall.

SSH in to the server, change user to root then run the following command;

cat /etc/proftpd.conf

At the bottom of the config you will see a line like;

PassivePorts 60000 65535

This port range must be open on the firewall, I added this port range to my firewall and FTP over TLS now works.

 

[Davidrm]

I have the documented issue with EC2 / Plesk and FTP. I have followed all the guides and still cannot get it to work. Here is my current set up

EC2 instance with passive ports open in the security settings
Matching passive ports in the proftpd.conf file
(For testing I added an EC2 rule for all traffic from all locations so I can be totally sure EC2 is not blocking)
The proftd.cong files have correct MasquradeAddress (same as my elastic IP)

I set up an instance myself and then installed Plesk from command line (OS Ubuntu)
I'm connecting with FileZilla.

My thoughts:
When I installed plesk it thinks the private IP was the public so the first time login URL was wrong so I don't know if the private address has been used in other locations?
OR
I have my FileZilla settings all wrong

Can someone from Plesk get in touch with me and I can provide an FTP username and password and you can see if you can login?

Or does anyone have any extra ideas for me?

 

[AYamshanov]

Hi Davidrm,

Current topic created in the section about Plesk 11.x (in 2014 year). Are you use Plesk 11.x?

- Did you configure public IP for Plesk (https://docs.plesk.com/en-US/onyx/a...nning-plesk-behind-a-router-with-nat.64949/)?
- Do you use iptables or any other internal Linux firewall? Are you configured network port range for passive ftp in such firewall?
- Could you show an output of `plesk version`?
- Could you please provide logs from FileZilla?

 

[Davidrm]

Hello, Thank you for the reply. The issue was something to do with my own network. After powering everything down and up I can connect. The docs and process you have are all correct. May be in the interests of clarity my threads could be removed? Thanks, David. PS. Excited to use Plesk on EC2 now!