Koozali.org: home of the SME Server

issue with ftp asking tls

Offline Yull

  • *
  • 9
  • +0/-0
issue with ftp asking tls
« on: April 15, 2021, 01:04:13 PM »
Hello

I hope that my procedure will work for you, with my method, there is indeed a file present in each of the three ssl directories

However, I have another little problem: FTP

I know it would be better to switch to SFTP (which works fine in 10), but I have one last application that needs FTP, and I can't get it to work:
WINSCP
The connection failed
SSL / TLS required on the control channel

If you have an idea

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: issue with ftp asking tls
« Reply #1 on: April 15, 2021, 01:09:24 PM »
I know it would be better to switch to SFTP (which works fine in 10), but I have one last application that needs FTP, and I can't get it to work:
WINSCP
The connection failed
SSL / TLS required on the control channel

Sorry no help - That is all I have ever used..enable remote access in SM and has always just worked
--
qui scribit bis legit

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: issue with ftp asking tls
« Reply #2 on: April 15, 2021, 05:28:47 PM »
i splitted your message as it was a different issue.


you have the answer in your error message.

it is not an issue anymore to keep using ftp you do not need to migrate to sftp as now SME uses ftp over tls.

you just need to configure your app to use tls


Offline Yull

  • *
  • 9
  • +0/-0
Re: issue with ftp asking tls
« Reply #3 on: April 15, 2021, 11:31:24 PM »
Thank you for your reply

Indeed it works with putty, I had not thought of activating TLS

Is there a way to disable TLS in SME 10 as with SME 9.2?

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: issue with ftp asking tls
« Reply #4 on: April 16, 2021, 02:14:30 AM »
Thank you for your reply

Indeed it works with putty, I had not thought of activating TLS

Is there a way to disable TLS in SME 10 as with SME 9.2?
yes ....
but ....
why would you want your password in cleartext on the network when it can be encrypted ?

Offline Yull

  • *
  • 9
  • +0/-0
Re: issue with ftp asking tls
« Reply #5 on: April 16, 2021, 09:45:14 AM »
Yes that's a good idea, but, ... it's a ... 20 year old VB6 application that doesn't support TLS and that we are rewriting, and it gives me some problems if it doesn't. no longer works during the transition

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: issue with ftp asking tls
« Reply #6 on: April 16, 2021, 01:05:50 PM »
Code: [Select]
config setprop ftp TLSRequired off
expand-template /etc/proftpd.conf
systemctl restart ftp.service

should make it non mandatory


if still failing with your app

Code: [Select]
config setprop ftp TLSEnable off
config delprop ftp TLSRequired
expand-template /etc/proftpd.conf
systemctl restart ftp.service

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: issue with ftp asking tls
« Reply #7 on: April 17, 2021, 12:42:01 AM »
Or better still just rewrite it for 202*

This change has been coming a long time.

The problem is if you don't fix it now, in a few years when this is removed entirely you'll have to fix it.

You might as well do it now.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Yull

  • *
  • 9
  • +0/-0
Re: issue with ftp asking tls
« Reply #8 on: April 19, 2021, 09:52:32 AM »
Hello

It's good for me, it works, thank you for everything

We are a small cooperative (13 people) with 2 IT "specialists", and we develop our software internally, this is the last one we have to rewrite, the others use SFTP, I am aware that it must be finished quickly, but we do with our means

Thank you again for everything and especially for this all-in-one SME-SERVER distribution which allows us to have a usable tool without having to be an expert in all areas

Code: [Select]
config setprop ftp TLSRequired off
expand-template /etc/proftpd.conf
systemctl restart ftp.service
« Last Edit: April 19, 2021, 09:54:14 AM by Yull »

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: issue with ftp asking tls
« Reply #9 on: April 19, 2021, 01:28:57 PM »
Hello

It's good for me, it works, thank you for everything

Thank you again for everything and especially for this all-in-one SME-SERVER distribution which allows us to have a usable tool without having to be an expert in all areas

and that is the whole story start to finish of Koozali Sme Server, it works, and its easy to get it to work, particularly for those of us like me, a retired auto mechanic who volunteers his time to a community group, Sme Server, it just works
--
qui scribit bis legit

Offline Merv

  • 9
  • +0/-0
Re: issue with ftp asking tls
« Reply #10 on: April 20, 2021, 01:28:45 AM »
Hi Jean-Phillipe, thanks also for the old ftp change scripts as above - I have been running an optical observatory for many years now, and I have a few sensors which are running without problems, but use plain text ftp and the original software suppliers have long since left, so when I decided to switch from 9.2 last week and test rc1 I found multiple problems with my system.

I know it's not good practice, but am reluctant to throw away good equipment and thankfully you and the SME server can be "tweaked" backwards. I do consider the subnet/vlan on which this equipment is running to be hopefully very secure!!!

cheers again, Merv

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: issue with ftp asking tls
« Reply #11 on: April 20, 2021, 01:59:05 AM »
Hi Jean-Phillipe, thanks also for the old ftp change scripts as above - I have been running an optical observatory for many years now, and I have a few sensors which are running without problems, but use plain text ftp and the original software suppliers have long since left, so when I decided to switch from 9.2 last week and test rc1 I found multiple problems with my system.

I know it's not good practice, but am reluctant to throw away good equipment and thankfully you and the SME server can be "tweaked" backwards. I do consider the subnet/vlan on which this equipment is running to be hopefully very secure!!!

cheers again, Merv

if you are using a limited account and on lan with only trusted users you should be good. but be aware that the password travels in clear text and all the data. And once one has sniffed the password they can log in to do anything they want with the permissions allowed to the account. 

Offline Merv

  • 9
  • +0/-0
Re: issue with ftp asking tls
« Reply #12 on: April 20, 2021, 02:27:04 AM »
Quite understand Jean-Philippe - even though my lack of security knowledge is probably lacking, I started out from the beginning to just have dedicated equipment on this network - the results I get back are too important to let "silly" apps and users run across this system - hopefully "screwed and nailed" down enough!!
Saying that though - upgraded hardware will include more stringent software with latest security.

Thanks again for your help, Merv
 

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: issue with ftp asking tls
« Reply #13 on: April 20, 2021, 07:02:41 AM »
Gday Merv, nice project you have there..and in Tassy.. :-)
--
qui scribit bis legit

Offline Merv

  • 9
  • +0/-0
Re: issue with ftp asking tls
« Reply #14 on: April 20, 2021, 07:19:05 AM »
Thanks Terry!! ... and SME and a couple of NAS units have enabled me to do the things I do over the years!!!

cheers, Merv