[TriLUG] help with vsftpd FTPS / TLS -- really needed

Daniel Sterling sterling.daniel at gmail.com
Wed Jul 18 12:51:11 EDT 2012 

Hmm, if lftp works, then I'd assume the ftp server (vsftpd) is working OK.

Hard to say what's wrong without more details. So I'd say, try running
the python script under strace to see what it's actually doing; and
look at netstat as well. You can also turn up the python ftplib debug
level, see http://docs.python.org/library/ftplib.html

-- Dan

On Wed, Jul 18, 2012 at 10:11 AM, Mark R. Biggers <biggers at utsl.com> wrote:
> Hello,
>
> I am attempting to get 'vsftpd' fully working as a FTPS / TLS service,
> running
> on port 990.  I have Port 989-990 UDP & TCP open, and "passive ports"
> 5000-5999 open through the IPtables firewall.  I have tested with IPtables
> "up" and "down" (firewall stopped, anything ACCEPTed).
>
> The OS is CentOS 6.3, 64-bit.  Latest 'vsftpd' from that install:
> vsftpd-2.2.2-11.el6.x86_64
>
>
>   My config:
>
>     http://dpaste.com/hold/772180/
>
>
>   ** Successful connects, including file upload:
>
>   -- Filezilla windows-client @ 3.5.3.  Set for implicit SSL    ## no
> errors.
>
>   -- lftp -e "debug 4" ftps://depotlddsuser@depot-lab.us.to:990/ ## LFTP, no
> errors
>
>
>   ** Failures (important!):
>
>   -- openssl s_client -connect depot-lab.us.to:990 -starttls ftp ## just
> hangs
> CONNECTED(00000003)
>
>   -- test Python script.  Times out on ftps.connect().  This *has to work*,
> since it is code extracted from Production use:
>
>       http://dpaste.com/hold/772179/
>
>
>
> Any ideas?  A beer for anyone who figures this out!   (TLS and ordinary
> vsftpd logs, have been of little use)
>
> ( I have tried a similar config with Proftpd, but it is configured
> differently enough, and it breaks my "successes" -- nothing works for that
> FTP daemon... except openssl s_client, with the same DigiCert )
>
> Thank you for looking!
> ----mark
>
>
> --
> ==========================
> *biggers ATT utsl DOTT com*
> *919 295-4103 work*   desk
>
> //
> --
> This message was sent to: Daniel S. Sterling <sterling.daniel at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/sterling.daniel%40gmail.com
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions

More information about the TriLUG mailing list