Resolved How to set FTP with Passive mode, or SFTP

[CoyoteKG]

Hi,

recently I turn on firewall on this server, and I was not able to connect to FTP with regular user.
I'm able to connect with root account to SFTP
But when I create FTP users for webspace, I can only use FTP protocol, only Active mode, and no encryption.

Of course, I searched documentation, and some tutorials before this post.

Firstly from this article I was open port 20 in firewall, and after that I was able to connect but with Active mode.

Also from this article I tried to enable Passive mode.
I created file /etc/proftpd.d/passive_ports.conf with
PassivePorts 49152 65000

I opened those ports in firewalls but no success.

At this moment I can only connect with Active mode and No encription.
Also if I check SSL/TLS explicit encryption, connection stuck on

Timeout detected. (data connection)
Could not retrieve directory listing
Error listing directory '/'.

Also my first question, is it possible to force all FTP accounts to use SFTP protocol?


I'm using Plesk Onyx on Centos 7.3

 

[AYamshanov]

Hi,

Are you do not confuse SFTP (SSH File Transfer Protocol - Wikipedia) with FTPS (FTPS - Wikipedia)? If you use client for SFTP (SSH protocol), then you should enable ssh login and use ssh login/password. Otherwise, if you want use FTPS, you should choose FTPS-protocol in your ftp-client.

 

[CoyoteKG]

Hi, yes I mixed SFTP and FTPS.

FTPS is FTP with SSL/TLS encryption?

I have installed SSL for server, but I can log only if I check in ftp-client "No secure".
If I check SSL/TLS Explicit encryption

I got this like TLS connection is established, and client is connected, but after that I'm getting "error listing directory '/'

Timeout detected. (data connection)
Could not retrieve directory listing
Error listing directory '/'.

If I switch again to "no encryption" or "plain FTP" I'm able to connect

 

[Bitpalast]

The issue here is that you are using passive mode (the standard, PASV). In that case you must
a) Create a passive FTP port range in ProFTPD.
b) Add a firewall rule allowing the passive FTP port range.
As described here: Resolved - FTP EXPLICIT NOT WORKING

 

[CoyoteKG]

Hi Peter, I wrote already that I was set client for Active mode. And I created file /etc/proftpd.d/passive_ports.conf with
PassivePorts 49152 65000.
Also I opened those ports in hosting firewall, and disabled Plesk's firewall.

Also I noticed if I'm using
- Active mode + No Encryption - I'm able to log in
- Active mode + SSL Explicit Encryption - I got Error listing directory '/'.

I'm trying with WinSCP and FileZilla.


edit:
I noticed that .conf file I just added
PassivePorts 57000 59000, did not added it in global tags. I will try now

 

[AYamshanov]

One more link to KB: How to configure a passive ports range for ProFTPd on a server behind a firewall

 

[CoyoteKG]

Hi,

I got it. Now works.
In this article KB Odin: Cannot connect to FTP in passive mode
I did not found that I need to use global tags.
Now it works perfectly. Also with TLS/SSL encryption.

Thanks and regards