[prev in list] [next in list] [prev in thread] [next in thread]
List: proftpd-users
Subject: Re: [Proftpd-user] Proftpd + OpenSSL Error.
From: "S a r a n" <sara_kovai () hotpop ! com>
Date: 2004-12-15 6:41:32
Message-ID: 004101c4e26f$725978d0$1c0110ac () saaco
[Download RAW message or body]
Hello List,
Now i can login into proftpd machine with the following change.
>>>> TLSRequired off <<<<
# ftp 172.16.1.156
Connected to 172.16.1.156.
220 ProFTPD 1.2.10 Server (ProFTPD Default Installation) [172.16.1.156]
Name (172.16.1.156:saa): sara
331 Password required for sara.
Password:
230 User sara logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp> mget xal*
mget xal_test_cases? y
200 PORT command successful
150 Opening BINARY mode data connection for xal_test_cases (2651 bytes)
226 Transfer complete.
2651 bytes received in 0.01 seconds (192.37 Kbytes/s)
ftp> bye
221 Goodbye.
#
Part of the Debug output :
krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - in dir_check_full(): path \
= '/home/sara/test', fullpath = '/home/sara/test'. krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching POST_CMD command 'PORT \
172,16,1,176,192,191' to mod_sql krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching LOG_CMD command 'PORT \
172,16,1,176,192,191' to mod_sql krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching LOG_CMD command 'PORT \
172,16,1,176,192,191' to mod_log krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'RETR \
xal_test_cases' to mod_tls krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) \
- dispatching PRE_CMD command 'RETR xal_test_cases' to mod_core krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'RETR \
xal_test_cases' to mod_core krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) \
- dispatching PRE_CMD command 'RETR xal_test_cases' to mod_xfer krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - in dir_check_full(): path = \
'/home/sara/test/xal_test_cases', fullpath = '/home/sara/test/xal_test_cases'. \
krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - dispatching CMD command \
'RETR xal_test_cases' to mod_xfer krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - active data connection opened - local : \
172.16.1.156:20 krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - active \
data connection opened - remote : 172.16.1.176:49343 krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching POST_CMD command 'RETR \
xal_test_cases' to mod_sql krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) \
- dispatching POST_CMD command 'RETR xal_test_cases' to mod_sql krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching POST_CMD command 'RETR \
xal_test_cases' to mod_radius krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching LOG_CMD command 'RETR \
xal_test_cases' to mod_sql krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) \
- dispatching LOG_CMD command 'RETR xal_test_cases' to mod_log krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching LOG_CMD command 'RETR \
xal_test_cases' to mod_xfer krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) \
- Transfer completed: 2651 bytes in 0.01 seconds krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'QUIT' to mod_tls \
krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD \
command 'QUIT' to mod_core krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) \
- dispatching PRE_CMD command 'QUIT' to mod_core krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'QUIT' to mod_sql \
krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD \
command 'QUIT' to mod_log krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - \
dispatching CMD command 'QUIT' to mod_core krishna.kovaiteam.com \
(chera.kovaiteam.com[172.16.1.176]) - mod_tls/2.0.7: scrubbing all passphrases from \
memory krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - FTP session \
closed.
But i am doubting, the ftp connection b/w client and server is secured through \
OpenSSL ?
Regards,
-Saravanan
Hello List,
I used the following steps to configure/test proftpd with openssl. But am getting \
an error while ftp-ying. Step 1 : ( Certificate Creation )
a. openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 1095 -nodes
b. openssl req -new -nodes -keyout server-key.pem -out server-req.pem
c. openssl x509 -req -in server-req.pem -out server-cert.pem -CA cacert.pem \
-CAcreateserial -CAkey cakey.pem
Step 2 : ( Proftpd.conf file usage )
<IfModule mod_tls.c>
TLSEngine on
TLSLog /opt/iexpress/proftpd/etc/tls.log
TLSProtocol TLSv1
TLSRequired on
TLSRSACertificateFile /opt/iexpress/proftpd/etc/server-cert.pem
TLSRSACertificateKeyFile /opt/iexpress/proftpd/etc/server-key.pem
TLSCACertificateFile /opt/iexpress/proftpd/etc/cacert.pem
TLSVerifyClient on
</IfModule>
Step 4: (ftp output)
# ftp localhost
Connected to localhost.
220 ProFTPD 1.2.10 Server (ProFTPD Default Installation) [127.0.0.1]
Name (localhost:sara): sara
550 SSL/TLS required on the control channel
Login failed.
Remote system type is UNIX.
Using ascii mode to transfer files.
ftp>
Please pass me your hints to solve this problem.
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hello List,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Now i can login into proftpd machine with the
following change.</FONT></DIV>
<DIV><FONT face=Arial
size=2> >>>> <FONT
color=#000080>TLSRequired off</FONT>
<<<<</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2># ftp 172.16.1.156</FONT></DIV>
<DIV><FONT face=Arial size=2>Connected to 172.16.1.156.<BR>220 ProFTPD 1.2.10
Server (ProFTPD Default Installation) [172.16.1.156]<BR>Name (172.16.1.156:saa):
sara<BR>331 Password required for sara.<BR>Password:<BR>230 User sara logged
in.<BR>Remote system type is UNIX.<BR>Using binary mode to transfer
files.<BR>ftp></FONT></DIV>
<DIV><FONT face=Arial size=2>ftp> mget xal*<BR>mget xal_test_cases? y<BR>200
PORT command successful<BR>150 Opening BINARY mode data connection for
xal_test_cases (2651 bytes)<BR>226 Transfer complete.<BR>2651 bytes received in
0.01 seconds (192.37 Kbytes/s)<BR>ftp> bye<BR>221 Goodbye.<BR>#</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><FONT color=#000080>Part of the Debug output</FONT>
> </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - in dir_check_full(): path =
'/home/sara/test', fullpath = '/home/sara/test'.<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching POST_CMD command 'PORT
172,16,1,176,192,191' to mod_sql<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching LOG_CMD command 'PORT
172,16,1,176,192,191' to mod_sql<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching LOG_CMD command 'PORT
172,16,1,176,192,191' to mod_log<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'RETR
xal_test_cases' to mod_tls<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'RETR
xal_test_cases' to mod_core<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'RETR
xal_test_cases' to mod_core<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'RETR
xal_test_cases' to mod_xfer<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - in dir_check_full(): path =
'/home/sara/test/xal_test_cases', fullpath =
'/home/sara/test/xal_test_cases'.<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching CMD command 'RETR
xal_test_cases' to mod_xfer<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - active data connection opened -
local : 172.16.1.156:20<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - active data connection opened - remote :
172.16.1.176:49343<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176])
- dispatching POST_CMD command 'RETR xal_test_cases' to
mod_sql<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) -
dispatching POST_CMD command 'RETR xal_test_cases' to
mod_sql<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) -
dispatching POST_CMD command 'RETR xal_test_cases' to
mod_radius<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) -
dispatching LOG_CMD command 'RETR xal_test_cases' to
mod_sql<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) -
dispatching LOG_CMD command 'RETR xal_test_cases' to
mod_log<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) -
dispatching LOG_CMD command 'RETR xal_test_cases' to
mod_xfer<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - Transfer
completed: 2651 bytes in 0.01 seconds<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'QUIT' to
mod_tls<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) -
dispatching PRE_CMD command 'QUIT' to mod_core<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'QUIT' to
mod_core<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) -
dispatching PRE_CMD command 'QUIT' to mod_sql<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - dispatching PRE_CMD command 'QUIT' to
mod_log<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) -
dispatching CMD command 'QUIT' to mod_core<BR>krishna.kovaiteam.com
(chera.kovaiteam.com[172.16.1.176]) - mod_tls/2.0.7: scrubbing all passphrases
from memory<BR>krishna.kovaiteam.com (chera.kovaiteam.com[172.16.1.176]) - FTP
session closed.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>But i am doubting, the ftp connection b/w client
and server is secured through OpenSSL ? </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Regards,</FONT></DIV>
<DIV><FONT face=Arial size=2>-Saravanan</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 \
2px solid; MARGIN-RIGHT: 0px"> <DIV><FONT face=Arial size=2>Hello List,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I used the following steps to configure/test
proftpd with openssl. But am getting an error while ftp-ying. </FONT><FONT
face=Arial size=2></FONT></DIV>
<DIV><STRONG><FONT face=Arial size=2>Step 1 : ( </FONT><FONT face=Arial
size=2>Certificate Creation )</FONT></STRONG></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>
<DIV><FONT face=Arial size=2>a. openssl req -new -x509 -keyout cakey.pem -out
cacert.pem -days 1095 -nodes</FONT></DIV>
<DIV><FONT face=Arial size=2>b. openssl req -new -nodes -keyout server-key.pem
-out server-req.pem</FONT></DIV>
<DIV><FONT face=Arial size=2>c. openssl x509 -req -in server-req.pem -out
server-cert.pem -CA cacert.pem -CAcreateserial -CAkey cakey.pem</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><STRONG>Step 2 : ( Proftpd.conf file usage
)</STRONG></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><IfModule mod_tls.c><BR>
TLSEngine on<BR> TLSLog
/opt/iexpress/proftpd/etc/tls.log<BR> TLSProtocol
TLSv1</FONT></DIV>
<DIV><FONT face=Arial size=2> TLSRequired on</FONT></DIV>
<DIV><FONT face=Arial size=2> TLSRSACertificateFile
/opt/iexpress/proftpd/etc/server-cert.pem<BR>
TLSRSACertificateKeyFile /opt/iexpress/proftpd/etc/server-key.pem</FONT></DIV>
<DIV><FONT face=Arial size=2> TLSCACertificateFile
/opt/iexpress/proftpd/etc/cacert.pem</FONT></DIV>
<DIV><FONT face=Arial size=2> TLSVerifyClient
on<BR></IfModule></FONT></DIV><FONT face=Arial size=2></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><STRONG>Step 4: (ftp
output)</STRONG></FONT></DIV>
<DIV><FONT face=Arial size=2><STRONG></STRONG></FONT> </DIV>
<DIV><FONT face=Arial size=2># ftp localhost<BR>Connected to localhost.<BR>220
ProFTPD 1.2.10 Server (ProFTPD Default Installation) [127.0.0.1]<BR>Name
(localhost:sara): sara<BR>550 SSL/TLS required on the control channel<BR>Login
failed.<BR>Remote system type is UNIX.<BR>Using ascii mode to transfer
files.<BR>ftp></DIV>
<DIV><BR>Please pass me your hints to solve this problem.</DIV>
<DIV> </DIV></BLOCKQUOTE></FONT></BODY></HTML>
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
ProFTPD Users List <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic