FTP Server Only SSL/TLS

blackstar · Post by **blackstar** » Fri May 17, 2013 3:46 am

Hi,
I have two questions :

1) Is it possible to disable "regular" FTP connection while leaving FTPES connections open ?

2) How do I hide the "Home" folder of my ftp user when connecting through a ftp client ?

Thanks for any help that could be provided.
Cheers.

meteora · Post by **meteora** » Fri May 17, 2013 11:18 am

i remember proftpd.conf doesn't have such option for running SSL/TLS only

James.W@AST · Post by **James.W@AST** » Fri May 17, 2013 12:35 pm

Hi there,

1. FTP server cannot run SSL/TLS solely.
2. Just did some quick experiments, but I can just make the Home folder becomes inaccessible. There seems no easy way to hide the Home folder for any specific user...

blackstar · Post by **blackstar** » Fri May 17, 2013 4:44 pm

Mmmm,

In that case, is there a way to block the user from accesing via "regular" ftp connection ?

I want the users only to access through FTPES connection and not be able to log via simple ftp connection...

blackstar · Post by **blackstar** » Fri May 17, 2013 6:31 pm

Hi again, I've been snooping around the other NAS devices. ANd I found out that QNAP does allow for such configuration :
only FTP over explicit SSL withou "regular" FTP

And after discussing the subject with a friend of mine, I also foudn out that on QNAP there's an option when creating a user that allows NOT to create a home directory for the user.

Is there any way we could achieve this is a next release ?

In the meantime, I thought about a workaround : is there a way to use different port for FTP and FTP over SSL ? If so, Iwould only have to redirect only the FTPES port on my router to my NAS.

blackstar · Post by **blackstar** » Fri May 17, 2013 6:58 pm

meteora wrote:i remember proftpd.conf doesn't have such option for running SSL/TLS only

I just looked at this website : http://www.proftpd.org/docs/howto/TLS.html

and here what I found :
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off

Might it be how to configure it to require the explicit SSL and unable user to connect without it.

blackstar · Post by **blackstar** » Sat May 18, 2013 1:43 am

It seems there's also another issue : when I configure my FTP server on the non standard port and configure the port redirection on my router here's what I get when trying to connect with my public IP :

Statut : Le serveur a envoyé une réponse passive avec une adresse non routable. Adresse remplacée par celle du serveur.
Commande : MLSD
Erreur : GnuTLS error -53: Erreur au niveau de la fonction "push".

(Sorry it is in French)

Any help would be greatly appreciated.
Cheers.

blackstar · Post by **blackstar** » Sun May 19, 2013 12:20 am

Actually managed to find what was wrong : I had not redirected the passive ports.

Now connection works fine both with explicit ssl but also without.

It would be awesome if we could turn off one while leaving the other running in the future.
Having an option to create specific quser without home directories would be nice ( that way no Home directory would show up on the FTP client side)

Cheers.

yogi · Post by **yogi** » Sun Jul 14, 2013 7:11 pm

i agree, creating an own home dir for every ftp user is bs

and we need a 'force ssl' option, i would never use plain ftp unencrypted on port 21

blackstar · Post by **blackstar** » Fri Nov 29, 2013 6:28 pm

Hello,
Any input on this topic from the asustor team.
It would be really nice to be able to use this functionality.

ASUSTOR Community Forum

FTP Server Only SSL/TLS

FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS

Re: FTP Server Only SSL/TLS