Topic "WinSCP connects via SFTP without user certificate"

Author Message
MrBrik

Guest


Hello.
Server Centos7 with VSFTPD with the following config

Code:

local_enable=YES

anonymous_enable=NO

write_enable=NO
local_umask=022

anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES

connect_from_port_20=YES

xferlog_file=/var/log/xferlog
xferlog_std_format=YES
log_ftp_protocol=YES
debug_ssl=YES

listen=YES

pam_service_name=vsftpd
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=YES
tcp_wrappers=YES

#SSL conf BEGIN
ssl_enable=YES
validate_cert=YES
require_ssl_reuse=NO
require_cert=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_ciphers=HIGH
#SSL conf END


force_local_data_ssl=YES
force_local_logins_ssl=YES

#SSL certificates
rsa_cert_file=/etc/ssl/ftp2.cer
rsa_private_key_file=/etc/ssl/ftp.key
ca_certs_file=/etc/ssl/ca.cer

pasv_enable=YES
pasv_address=192.168.200.1 #(ip is not real)

pasv_min_port=34000
pasv_max_port=35000
listen_port=21

hide_ids=YES


I used to connect to it via FireFTP (Firefox plugin) and it works as expected (using SFTP, port 22):
1. I can connect only if I give client key signed by this server's CA (it's PKCS12 file)
2. My users is chrooted and I can't modify or add files in directory, only download/read (files and folders belong to 'root' and I'm connecting as "someftpuser").
3. I'm kicked out without client key.

I've made some modifications to sshd_config to make "unprivileged sftp users" thing work (using this article)

The thing is, when I connect to my server using WinSCP (SFTP, port 22) it never requires client certificate. Checked it on several machines.
How FireFTP acts in the case I dont provide client certificate? It throws error "530 Non-anonymous sessions must use encryption."

So, why WinSCP acts like a coolhacker or what am I doing wrong?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Please attach a full log file both from WinSCP and FireFTP, without the certificate.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License