WinSCP connects via SFTP without user certificate
Hello.
Server Centos7 with VSFTPD with the following config
I used to connect to it via FireFTP (Firefox plugin) and it works as expected (using SFTP, port 22):
1. I can connect only if I give client key signed by this server's CA (it's PKCS12 file)
2. My users is chrooted and I can't modify or add files in directory, only download/read (files and folders belong to 'root' and I'm connecting as "someftpuser").
3. I'm kicked out without client key.
I've made some modifications to sshd_config to make "unprivileged sftp users" thing work (using this article)
The thing is, when I connect to my server using WinSCP (SFTP, port 22) it never requires client certificate. Checked it on several machines.
How FireFTP acts in the case I dont provide client certificate? It throws error "530 Non-anonymous sessions must use encryption."
So, why WinSCP acts like a coolhacker or what am I doing wrong?
Server Centos7 with VSFTPD with the following config
local_enable=YES anonymous_enable=NO write_enable=NO local_umask=022 anon_upload_enable=NO dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/xferlog xferlog_std_format=YES log_ftp_protocol=YES debug_ssl=YES listen=YES pam_service_name=vsftpd userlist_enable=YES userlist_file=/etc/vsftpd/user_list userlist_deny=YES tcp_wrappers=YES #SSL conf BEGIN ssl_enable=YES validate_cert=YES require_ssl_reuse=NO require_cert=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO ssl_ciphers=HIGH #SSL conf END force_local_data_ssl=YES force_local_logins_ssl=YES #SSL certificates rsa_cert_file=/etc/ssl/ftp2.cer rsa_private_key_file=/etc/ssl/ftp.key ca_certs_file=/etc/ssl/ca.cer pasv_enable=YES pasv_address=192.168.200.1 #(ip is not real) pasv_min_port=34000 pasv_max_port=35000 listen_port=21 hide_ids=YES
I used to connect to it via FireFTP (Firefox plugin) and it works as expected (using SFTP, port 22):
1. I can connect only if I give client key signed by this server's CA (it's PKCS12 file)
2. My users is chrooted and I can't modify or add files in directory, only download/read (files and folders belong to 'root' and I'm connecting as "someftpuser").
3. I'm kicked out without client key.
I've made some modifications to sshd_config to make "unprivileged sftp users" thing work (using this article)
The thing is, when I connect to my server using WinSCP (SFTP, port 22) it never requires client certificate. Checked it on several machines.
How FireFTP acts in the case I dont provide client certificate? It throws error "530 Non-anonymous sessions must use encryption."
So, why WinSCP acts like a coolhacker or what am I doing wrong?