| Author | Message |
|---|---|
|
MrBrik
Guest |
Posted: 2015-07-23 13:06
Hello.
Server Centos7 with VSFTPD with the following config Code: local_enable=YES anonymous_enable=NO write_enable=NO local_umask=022 anon_upload_enable=NO dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/xferlog xferlog_std_format=YES log_ftp_protocol=YES debug_ssl=YES listen=YES pam_service_name=vsftpd userlist_enable=YES userlist_file=/etc/vsftpd/user_list userlist_deny=YES tcp_wrappers=YES #SSL conf BEGIN ssl_enable=YES validate_cert=YES require_ssl_reuse=NO require_cert=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO ssl_ciphers=HIGH #SSL conf END force_local_data_ssl=YES force_local_logins_ssl=YES #SSL certificates rsa_cert_file=/etc/ssl/ftp2.cer rsa_private_key_file=/etc/ssl/ftp.key ca_certs_file=/etc/ssl/ca.cer pasv_enable=YES pasv_address=192.168.200.1 #(ip is not real) pasv_min_port=34000 pasv_max_port=35000 listen_port=21 hide_ids=YES I used to connect to it via FireFTP (Firefox plugin) and it works as expected (using SFTP, port 22): 1. I can connect only if I give client key signed by this server's CA (it's PKCS12 file) 2. My users is chrooted and I can't modify or add files in directory, only download/read (files and folders belong to 'root' and I'm connecting as "someftpuser"). 3. I'm kicked out without client key. I've made some modifications to sshd_config to make "unprivileged sftp users" thing work (using this article) The thing is, when I connect to my server using WinSCP (SFTP, port 22) it never requires client certificate. Checked it on several machines. How FireFTP acts in the case I dont provide client certificate? It throws error "530 Non-anonymous sessions must use encryption." So, why WinSCP acts like a coolhacker or what am I doing wrong? |
|
martin
Site Admin 
Joined: 2002-12-10
Posts: 26504 Location: Prague, Czechia |
Posted: 2015-07-27
Please attach a full log file both from WinSCP and FireFTP, without the certificate.
|
| Advertisements |
|
You can post new topics in this forum
