Cannot access vsftpd service via WinSCP

Advertisement

Guest

Cannot access vsftpd service via WinSCP

I built the vsftpd environment in Ubuntu box. And I chose the FTP protocol: FTP over explicit TLS/SSL.

Then I succeeded to access that vsftpd service via FileZilla, but I cannot via WinSCP. ("Connection Failed" error message was displayed.)

Is that the WinSCP setting issue or the setting on server side or other reason? Is there some advise?

Server-side vsftpd.conf: (Ubuntu Server 13.04, i386)
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
connect_from_port_20=YES
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list
ssl_enable=YES
require_ssl_reuse=NO
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
allow_writeable_chroot=YES
debug_ssl=YES
log_ftp_protocol=YES
pasv_enable=YES
pasv_min_port=65000
pasv_max_port=65050
Server-side vsftpd.log:
Mon Jul  8 13:48:07 2013 [pid 12923] CONNECT: Client "192.168.0.135"
Mon Jul  8 13:48:07 2013 [pid 12923] FTP response: Client "192.168.0.135", "220 (vsFTPd 3.0.2)"
Mon Jul  8 13:48:07 2013 [pid 12923] FTP command: Client "192.168.0.135", "AUTH SSL"
Mon Jul  8 13:48:07 2013 [pid 12923] FTP response: Client "192.168.0.135", "234 Proceed with negotiation."
Mon Jul  8 13:48:08 2013 [pid 12923] DEBUG: Client "192.168.0.135", "SSL version: TLSv1/SSLv3, SSL cipher: DES-CBC3-SHA, not reused, no cert"
Mon Jul  8 13:48:11 2013 [pid 12923] DEBUG: Client "192.168.0.135", "Connection terminated without SSL shutdown - buggy client?"
Client-side winscp.log: (Win7 64bit)
. 2013-07-08 13:47:03.028 Session name: 192.168.0.145/user1@192.168.0.145 (Stored session)
. 2013-07-08 13:47:03.028 Host name: 192.168.0.145 (Port: 21)
. 2013-07-08 13:47:03.028 User name: user1 (Password: Yes, Key file: No)
. 2013-07-08 13:47:03.028 Tunnel: No
. 2013-07-08 13:47:03.028 Transfer Protocol: FTP
. 2013-07-08 13:47:03.028 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-07-08 13:47:03.028 Proxy: none
. 2013-07-08 13:47:03.028 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: A]
. 2013-07-08 13:47:03.028 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-07-08 13:47:03.028 Cache directory changes: Yes, Permanent: Yes
. 2013-07-08 13:47:03.028 DST mode: 1; Timezone offset: 0h 0m
. 2013-07-08 13:47:03.028 --------------------------------------------------------------------------
. 2013-07-08 13:47:03.184 Connecting to 192.168.0.145 ...
. 2013-07-08 13:47:03.246 Connected with 192.168.0.145, negotiating SSL connection...
< 2013-07-08 13:47:03.246 220 (vsFTPd 3.0.2)
> 2013-07-08 13:47:03.246 AUTH SSL
< 2013-07-08 13:47:03.246 234 Proceed with negotiation.
. 2013-07-08 13:47:04.136 Connection failed.
* 2013-07-08 13:47:04.198 (EFatal) Connection failed.
* 2013-07-08 13:47:04.198 Connection failed.
* 2013-07-08 13:47:04.198 Proceed with negotiation.
Thanks in advance,
Matsuyama

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,469
Location:
Prague, Czechia

Re: Cannot access vsFTPd service via WinSCP

What version of WinSCP are you using?

Please attach a full log file on Debug 2 level using the latest version of WinSCP.

Reply with quote

Guest

Re: Cannot access vsFTPd service via WinSCP

Thank you for replay.

I use the latest version of WinSCP, 5.1.5.
I got the Debug 2 level log, but I don't know what is what.
Is it indicated that SSL 3 protocol is always required for my circumstance?
Will you give me help?

The Debug 2 level log is following:
. 2013-07-10 09:30:54.976 --------------------------------------------------------------------------
. 2013-07-10 09:30:54.976 WinSCP Version 5.1.5 (Build 3261) (OS 6.1.7601 Service Pack 1)
. 2013-07-10 09:30:54.976 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-07-10 09:30:54.976 Local account: matsuyama4\matsuyama
. 2013-07-10 09:30:54.976 Working directory: C:\Program Files (x86)\WinSCP
. 2013-07-10 09:30:54.976 Process ID: 5864
. 2013-07-10 09:30:54.976 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe" 
. 2013-07-10 09:30:54.976 Time zone: Current: GMT+9, Standard: GMT+9, DST: GMT+10, DST Start: 1899/12/30, DST End: 1899/12/30
. 2013-07-10 09:30:54.976 Login time: 2013年7月10日 9:30:54
. 2013-07-10 09:30:54.976 --------------------------------------------------------------------------
. 2013-07-10 09:30:54.976 Session name: 192.168.0.145/FTPS_user1@192.168.0.145 (Stored session)
. 2013-07-10 09:30:54.976 Host name: 192.168.0.145 (Port: 21)
. 2013-07-10 09:30:54.976 User name: user1 (Password: Yes, Key file: No)
. 2013-07-10 09:30:54.976 Tunnel: No
. 2013-07-10 09:30:54.976 Transfer Protocol: FTP
. 2013-07-10 09:30:54.976 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-07-10 09:30:54.976 Proxy: none
. 2013-07-10 09:30:54.976 FTP: FTPS: Explicit SSL; Passive: Yes [Force IP: A]
. 2013-07-10 09:30:54.976 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-07-10 09:30:54.976 Cache directory changes: Yes, Permanent: Yes
. 2013-07-10 09:30:54.976 DST mode: 1; Timezone offset: 0h 0m
. 2013-07-10 09:30:54.976 --------------------------------------------------------------------------
. 2013-07-10 09:30:55.132 Connecting to 192.168.0.145 ...
. 2013-07-10 09:30:55.132 m_pSslLayer changed state from 0 to 1
. 2013-07-10 09:30:55.132 m_pSslLayer changed state from 1 to 2
. 2013-07-10 09:30:55.132 m_pSslLayer changed state from 2 to 4
. 2013-07-10 09:30:55.195 Connected with 192.168.0.145, negotiating SSL connection...
< 2013-07-10 09:30:55.195 220 (vsFTPd 3.0.2)
> 2013-07-10 09:30:55.195 AUTH SSL
< 2013-07-10 09:30:55.195 234 Proceed with negotiation.
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 read server hello A
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 read server certificate A
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 read server certificate request A
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 read server done A
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 write client certificate A
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 write client key exchange A
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 write change cipher spec A
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 write finished A
. 2013-07-10 09:30:56.068 SSL_connect: SSLv3 flush data
. 2013-07-10 09:30:56.084 SSL_connect: SSLv3 read server session ticket A
. 2013-07-10 09:30:56.084 SSL_connect: SSLv3 read finished A
. 2013-07-10 09:30:56.084 Connection failed.
. 2013-07-10 09:30:56.084 Got reply 1004 to the command 1
* 2013-07-10 09:30:56.178 (EFatal) Connection failed.
* 2013-07-10 09:30:56.178 Connection failed.
* 2013-07-10 09:30:56.178 Proceed with negotiation.
. 2013-07-10 09:31:01.372 Internal error: Connect called while still connected
. 2013-07-10 09:31:01.372 Connection failed.
. 2013-07-10 09:31:01.372 Got reply 3004 to the command 1
* 2013-07-10 09:31:01.435 (EFatal) Connection failed.
* 2013-07-10 09:31:01.435 Internal error: Connect called while still connected
* 2013-07-10 09:31:01.435 Connection failed.
. 2013-07-10 09:31:06.614 Session upkeep
. 2013-07-10 09:31:06.739 Connecting to 192.168.0.145 ...
. 2013-07-10 09:31:06.739 m_pSslLayer changed state from 0 to 1
. 2013-07-10 09:31:06.739 m_pSslLayer changed state from 1 to 2
. 2013-07-10 09:31:06.739 m_pSslLayer changed state from 2 to 4
. 2013-07-10 09:31:06.801 Connected with 192.168.0.145, negotiating SSL connection...
< 2013-07-10 09:31:06.801 220 (vsFTPd 3.0.2)
> 2013-07-10 09:31:06.801 AUTH SSL
< 2013-07-10 09:31:06.801 234 Proceed with negotiation.
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 read server hello A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 read server certificate A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 read server certificate request A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 read server done A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 write client certificate A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 write client key exchange A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 write change cipher spec A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 write finished A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 flush data
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 read server session ticket A
. 2013-07-10 09:31:06.801 SSL_connect: SSLv3 read finished A
. 2013-07-10 09:31:06.801 Connection failed.
. 2013-07-10 09:31:06.801 Got reply 1004 to the command 1
* 2013-07-10 09:31:06.895 (EFatal) Connection failed.
* 2013-07-10 09:31:06.895 Connection failed.
* 2013-07-10 09:31:06.895 Proceed with negotiation.
. 2013-07-10 09:31:12.058 Internal error: Connect called while still connected
. 2013-07-10 09:31:12.058 Connection failed.
. 2013-07-10 09:31:12.058 Got reply 3004 to the command 1
* 2013-07-10 09:31:12.121 (EFatal) Connection failed.
* 2013-07-10 09:31:12.121 Internal error: Connect called while still connected
* 2013-07-10 09:31:12.121 Connection failed.
. 2013-07-10 09:31:17.300 Session upkeep
. 2013-07-10 09:31:17.440 Connecting to 192.168.0.145 ...
. 2013-07-10 09:31:17.440 m_pSslLayer changed state from 0 to 1
. 2013-07-10 09:31:17.440 m_pSslLayer changed state from 1 to 2
. 2013-07-10 09:31:17.440 m_pSslLayer changed state from 2 to 4
. 2013-07-10 09:31:17.503 Connected with 192.168.0.145, negotiating SSL connection...
< 2013-07-10 09:31:17.503 220 (vsFTPd 3.0.2)
> 2013-07-10 09:31:17.503 AUTH SSL
< 2013-07-10 09:31:17.503 234 Proceed with negotiation.
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 read server hello A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 read server certificate A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 read server certificate request A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 read server done A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 write client certificate A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 write client key exchange A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 write change cipher spec A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 write finished A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 flush data
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 read server session ticket A
. 2013-07-10 09:31:17.503 SSL_connect: SSLv3 read finished A
. 2013-07-10 09:31:17.503 Connection failed.
. 2013-07-10 09:31:17.503 Got reply 1004 to the command 1
* 2013-07-10 09:31:17.581 (EFatal) Connection failed.
* 2013-07-10 09:31:17.581 Connection failed.
* 2013-07-10 09:31:17.581 Proceed with negotiation.
Regards,
Matsuyama

Reply with quote

martin
Site Admin
martin avatar

Re: Cannot access vsFTPd service via WinSCP

Anonymous wrote:

Is it indicated that SSL 3 protocol is always required for my circumstance?
WinSCP does not allow SSLv2 anymore. If that's what you ask.

Reply with quote

Advertisement

Matsuyama
Joined:
Posts:
5
Location:
Japan

Re: Cannot access vsFTPd service via WinSCP

I see.
So I understand that the setting ssl_sslv2=YES in the vsftpd.conf is of no use when I use WinSCP to access the vsftpd service. It's ok, but my problem has not been resolved.

I have tried several additional settings in the vsftpd.conf, for example, ssl_tlsv1=YES, ssl_sslv3=YES, but the situation that can not be connected vsftpd service via WinSCP does not change. Any help?

Regards,
Matsuyama

Reply with quote

Matsuyama

Re: Cannot access vsFTPd service via WinSCP

Sorry. My FTP server is now located inside the LAN.

By the way, I can make the FTP server in the VMware virtual machine. Is it OK for you to try testing? (It may be required few days for me to build such an environment. )

Reply with quote

martin
Site Admin
martin avatar

Re: Cannot access vsFTPd service via WinSCP

Sounds good. But first, I have sent you an email with development version of WinSCP for testing.

Reply with quote

Advertisement

Matsuyama
Joined:
Posts:
5
Location:
Japan

Re: Cannot access vsFTPd service via WinSCP

Thank you for sending me a debug version of WinSCP. I tried to access the FTPS server via the debug version of WinSCP, but it failed. (I got alomost the same error log and cannot access the server.)
Any help?

I used WinSCP settings as follows:
File Protocol: FTP
Encryption: TLS Explicit encryption (I also try SSL Explicit encryption)
Minimum TLS/SSL version: SSL 3.0
Maximum TLS/SSL version: TLS 1.0

Its output log is as follows:
(I changed the server environment, so there are a few differences between this log and the former log I posted before in this forum.)
. 2013-08-03 11:42:15.532 --------------------------------------------------------------------------
. 2013-08-03 11:42:15.532 WinSCP Version 5.2.3 (Build 3409) (OS 6.1.7601 Service Pack 1)
. 2013-08-03 11:42:15.532 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2013-08-03 11:42:15.532 Local account: A222-MATSUYAMA4\matsuyama
. 2013-08-03 11:42:15.532 Working directory: C:\Download\Tools\WinSCP\debug
. 2013-08-03 11:42:15.532 Process ID: 5512
. 2013-08-03 11:42:15.532 Command-line: "C:\Download\Tools\WinSCP\debug\WinSCP.exe" 
. 2013-08-03 11:42:15.532 Time zone: Current: GMT+9, Standard: GMT+9, DST: GMT+10, DST Start: 1899/12/30, DST End: 1899/12/30
. 2013-08-03 11:42:15.532 Login time: 2013年8月3日 11:42:15
. 2013-08-03 11:42:15.532 --------------------------------------------------------------------------
. 2013-08-03 11:42:15.532 Session name: 192.168.184.140/user1@192.168.184.140 (Modified site)
. 2013-08-03 11:42:15.532 Host name: 192.168.184.140 (Port: 21)
. 2013-08-03 11:42:15.532 User name: user1 (Password: Yes, Key file: No)
. 2013-08-03 11:42:15.532 Tunnel: No
. 2013-08-03 11:42:15.532 Transfer Protocol: FTP
. 2013-08-03 11:42:15.532 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2013-08-03 11:42:15.532 Proxy: none
. 2013-08-03 11:42:15.532 FTP: FTPS: Explicit TLS; Passive: Yes [Force IP: A]; MLSD: A [List all: A]
. 2013-08-03 11:42:15.532 Session reuse: Yes
. 2013-08-03 11:42:15.532 TLS/SSL versions: SSLv3-TLSv1.0
. 2013-08-03 11:42:15.532 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2013-08-03 11:42:15.532 Cache directory changes: Yes, Permanent: Yes
. 2013-08-03 11:42:15.532 DST mode: 1; Timezone offset: 0h 0m
. 2013-08-03 11:42:15.532 --------------------------------------------------------------------------
. 2013-08-03 11:42:15.688 Connecting to 192.168.184.140 ...
. 2013-08-03 11:42:15.688 TLS layer changed state from unconnected to connecting
. 2013-08-03 11:42:15.688 TLS layer changed state from connecting to connected
. 2013-08-03 11:42:15.750 Connected with 192.168.184.140, negotiating TLS connection...
< 2013-08-03 11:42:15.750 220 (vsFTPd 3.0.2)
> 2013-08-03 11:42:15.750 AUTH TLS
< 2013-08-03 11:42:15.750 234 Proceed with negotiation.
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 read server hello A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 read server certificate A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 read server certificate request A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 read server done A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 write client certificate A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 write client key exchange A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 write change cipher spec A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 write finished A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 flush data
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 read server session ticket A
. 2013-08-03 11:42:15.750 TLS connect: SSLv3 read finished A
. 2013-08-03 11:42:15.750 Connection failed.
. 2013-08-03 11:42:15.750 Got reply 1004 to the command 1
* 2013-08-03 11:42:15.844 (EFatal) Connection failed.
* 2013-08-03 11:42:15.844 Connection failed.
* 2013-08-03 11:42:15.844 Proceed with negotiation.
. 2013-08-03 11:42:21.008 Internal error: Connect called while still connected
. 2013-08-03 11:42:21.008 Connection failed.
. 2013-08-03 11:42:21.008 Got reply 3004 to the command 1
* 2013-08-03 11:42:21.070 (EFatal) Connection failed.
* 2013-08-03 11:42:21.070 Internal error: Connect called while still connected
* 2013-08-03 11:42:21.070 Connection failed.
Regards,
Matsuyama

Reply with quote

martin
Site Admin
martin avatar

Re: Cannot access vsFTPd service via WinSCP

Ok, thanks. Can you please proceed with creating a test account for me on the virtual machine?

Reply with quote

Matsuyama
Joined:
Posts:
5
Location:
Japan

Re: Cannot access vsFTPd service via WinSCP

I built the VMware virtual machine, so will you try to test the FTPS access via WinSCP using this virtual machine?

Please access <invalid hyperlink removed by admin> and download VMmachine_UbuntuSvr32.7z (333MB). Extracting this 7zip file creates a subdirectory called UbuntuSvr32, and there exists UbuntuSvr32.vmx and _README.txt. Read _README.txt for a little bit of information about the server, the user account and so on.

Regards,
Matsuyama

Reply with quote

martin
Site Admin
martin avatar

Re: Cannot access vsFTPd service via WinSCP

Thanks! Got it downloaded and running. I was able to reproduce your problem. Will debug it soon.

Reply with quote

Advertisement

Matsuyama
Joined:
Posts:
5
Location:
Japan

Re: Cannot access vsFTPd service via WinSCP

I got the debug version of WinSCP, and tested the FTPS access with it. Then the test is successful.

Very much thanks.
Matsuyama

Reply with quote

jmh
Joined:
Posts:
1

Re: Cannot access vsFTPd service via WinSCP

Hi,
We are exactly in the same situation (vsftpd with explicit SSL/TLS and can't connect with WinSCP 5.1.7)
Where can we download the corrected version of WinSCP (version 5.1.8?), or when this version will be publicly available?

Thanks

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: Cannot access vsFTPd service via WinSCP

@jmh: Thanks for your report.
I have sent you an email with a development version of WinSCP to address you have used to register on this forum.

Reply with quote

freimann
Joined:
Posts:
1
Location:
Czech Republic

Re: Cannot access vsFTPd service via WinSCP

We have the same problem here – can you please send us the link for the 5.1.8-dev version as well?

Thankx ... peter@freimann.cz

Reply with quote

Advertisement

pddaniels
Joined:
Posts:
2
Location:
UK

Hi,

I seem to be getting the same problem. I've tried everything I can find on every forum I can find and still no luck. FileZilla connects ok.

Did this fix ever make it through to 5.5.6 and 5.6.5 RC or am I barking up completely the wrong tree here?

(Same vsftpd config as original poster and same WinSCP client config other than supported min/max TLS versions both at v1.0, although I have tried just about every combination available – and I am using a different passive port range).

(Log)
. 2015-01-21 08:34:59.068 --------------------------------------------------------------------------
. 2015-01-21 08:34:59.068 Session name: xxxxxxxx (Modified site)
. 2015-01-21 08:34:59.068 Host name: xxxxxxxx (Port: 990)
. 2015-01-21 08:34:59.068 User name: xxxxxxxx (Password: Yes, Key file: No)
. 2015-01-21 08:34:59.068 Transfer Protocol: FTP
. 2015-01-21 08:34:59.068 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2015-01-21 08:34:59.068 Disable Nagle: No
. 2015-01-21 08:34:59.068 Proxy: none
. 2015-01-21 08:34:59.068 Send buffer: 262144
. 2015-01-21 08:34:59.068 UTF: 2
. 2015-01-21 08:34:59.068 FTP: FTPS: Implicit TLS/SSL; Passive: Yes [Force IP: A]; MLSD: A [List all: A]
. 2015-01-21 08:34:59.068 Session reuse: No
. 2015-01-21 08:34:59.068 TLS/SSL versions: TLSv1.0-TLSv1.0
. 2015-01-21 08:34:59.068 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2015-01-21 08:34:59.068 Cache directory changes: Yes, Permanent: Yes
. 2015-01-21 08:34:59.068 Timezone offset: 0h 0m
. 2015-01-21 08:34:59.068 --------------------------------------------------------------------------
. 2015-01-21 08:34:59.070 Session upkeep
. 2015-01-21 08:34:59.133 Connecting to xxxxxxxx:990 ...
. 2015-01-21 08:34:59.133 TLS layer changed state from unconnected to connecting
. 2015-01-21 08:34:59.133 TLS layer changed state from connecting to connected
. 2015-01-21 08:34:59.186 Connected with xxxxxxxx:990, negotiating TLS connection...
. 2015-01-21 08:34:59.186 TLS connect: error in SSLv2/v3 read server hello A
. 2015-01-21 08:34:59.186 Can't establish TLS connection
. 2015-01-21 08:34:59.186 Disconnected from server
. 2015-01-21 08:34:59.186 Connection failed.
. 2015-01-21 08:34:59.186 Got reply 1004 to the command 1
* 2015-01-21 08:34:59.242 (EFatal) Connection failed.
* 2015-01-21 08:34:59.242 TLS connect: error in SSLv2/v3 read server hello A
* 2015-01-21 08:34:59.242 Can't establish TLS connection
* 2015-01-21 08:34:59.242 Disconnected from server
* 2015-01-21 08:34:59.242 Connection failed.

Reply with quote

martin
Site Admin
martin avatar

@pddaniels: Can you share a FileZilla log too?
Can you share your host address, so we can try to connect ourselves? (no need for credentials, just the hostname/IP address, you can put it into a private attachment here for privacy).

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,469
Location:
Prague, Czechia

From your FileZilla log, I can see that despite the 990 port (TLS/SSL implicit), it's connecting in TLS/SSL explicit mode. That's quite wrong setup (on the FTP server-side). Even FileZilla "comments" on that:
Status: Selected port usually in use by a different protocol.
So try to select the TLS/SSL explicit mode in WinSCP. Note that WinSCP automatically selects "implicit" mode when you type "990" for port. So you need to first type the port and then override the TLS/SSL mode to explicit.

Reply with quote

pddaniels
Joined:
Posts:
2
Location:
UK

Re: Cannot access vsFTPd service via WinSCP

And success!

I hadn't noticed the explicit switching back to implicit when I changed the port.

You're a star. Many thanks!

Reply with quote

Advertisement

spongman
Guest

martin wrote:

So try to select the TLS/SSL explicit mode in WinSCP.

something is still wrong here. if you start winscp on the command line with "winscp ftps://<hostname>", then it fails to connect. shouldn't it 'just work' ?

. 2015-10-15 12:19:32.726 --------------------------------------------------------------------------
. 2015-10-15 12:19:32.727 WinSCP Version 5.7.5 (Build 5665) (OS 6.1.7601 Service Pack 1 - Windows 7 Ultimate)
. 2015-10-15 12:19:32.727 Configuration: C:\bin\WinSCP.ini
. 2015-10-15 12:19:32.728 Log level: Debug 2
. 2015-10-15 12:19:32.728 Local account: <domain>\<user>
. 2015-10-15 12:19:32.728 Working directory: C:\
. 2015-10-15 12:19:32.728 Process ID: 9708
. 2015-10-15 12:19:32.728 Command-line: "C:\bin\WinSCP.exe" ftps://ftp.<domain>.com
. 2015-10-15 12:19:32.728 Parameter: ftps://ftp.<domain>.com
. 2015-10-15 12:19:32.728 Time zone: Current: GMT-7, Standard: GMT-8 (Pacific Standard Time), DST: GMT-7 (Pacific Daylight Time), DST Start: 3/8/2015, DST End: 11/1/2015
. 2015-10-15 12:19:32.728 Login time: Thursday, October 15, 2015 12:19:32 PM
. 2015-10-15 12:19:32.728 --------------------------------------------------------------------------
. 2015-10-15 12:19:32.728 Session name: ftp.<domain>.com (Ad-Hoc site)
. 2015-10-15 12:19:32.728 Host name: ftp.<domain>.com (Port: 990)
. 2015-10-15 12:19:32.728 User name:  (Password: No, Key file: Yes)
. 2015-10-15 12:19:32.728 Transfer Protocol: FTP
. 2015-10-15 12:19:32.728 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2015-10-15 12:19:32.728 Disable Nagle: No
. 2015-10-15 12:19:32.728 Proxy: none
. 2015-10-15 12:19:32.728 Send buffer: 262144
. 2015-10-15 12:19:32.728 UTF: 2
. 2015-10-15 12:19:32.728 FTP: FTPS: Implicit TLS/SSL; Passive: Yes [Force IP: A]; MLSD: A [List all: A]
. 2015-10-15 12:19:32.728 Session reuse: Yes
. 2015-10-15 12:19:32.728 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2015-10-15 12:19:32.728 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2015-10-15 12:19:32.728 Cache directory changes: Yes, Permanent: Yes
. 2015-10-15 12:19:32.728 Timezone offset: 0h 0m
. 2015-10-15 12:19:32.728 --------------------------------------------------------------------------
. 2015-10-15 12:19:32.728 Username prompt (no username provided)
. 2015-10-15 12:19:34.943 Connecting to ftp.<domain>.com:990 ...
. 2015-10-15 12:19:34.943 TLS layer changed state from unconnected to connecting
. 2015-10-15 12:19:34.990 TLS layer changed state from connecting to connected
. 2015-10-15 12:19:34.990 Connected with ftp.<domain>.com:990, negotiating TLS connection...
. 2015-10-15 12:19:35.071 TLS connect: error in SSLv2/v3 read server hello A
. 2015-10-15 12:19:35.071 Can't establish TLS connection
. 2015-10-15 12:19:35.071 TLS layer changed state from connected to closed
. 2015-10-15 12:19:35.071 Disconnected from server
. 2015-10-15 12:19:35.071 Connection failed.
. 2015-10-15 12:19:35.071 Got reply 1004 to the command 1
* 2015-10-15 12:19:35.130 (EFatal) Connection failed.
* 2015-10-15 12:19:35.130 TLS connect: error in SSLv2/v3 read server hello A
* 2015-10-15 12:19:35.130 Can't establish TLS connection
* 2015-10-15 12:19:35.130 Disconnected from server
* 2015-10-15 12:19:35.130 Connection failed.

Reply with quote

Spongman
Guest

if the server is only listening on port 21, then the connection fails with:

. 2015-10-15 12:25:02.980 --------------------------------------------------------------------------
. 2015-10-15 12:25:02.980 WinSCP Version 5.7.5 (Build 5665) (OS 6.1.7601 Service Pack 1 - Windows 7 Ultimate)
. 2015-10-15 12:25:02.981 Configuration: C:\bin\WinSCP.ini
. 2015-10-15 12:25:02.982 Log level: Debug 2
. 2015-10-15 12:25:02.982 Local account: DFCN\piersh
. 2015-10-15 12:25:02.982 Working directory: C:\
. 2015-10-15 12:25:02.982 Process ID: 6404
. 2015-10-15 12:25:02.982 Command-line: "C:\bin\WinSCP.exe" ftps://ftp.dfcn.com
. 2015-10-15 12:25:02.982 Parameter: ftps://ftp.dfcn.com
. 2015-10-15 12:25:02.982 Time zone: Current: GMT-7, Standard: GMT-8 (Pacific Standard Time), DST: GMT-7 (Pacific Daylight Time), DST Start: 3/8/2015, DST End: 11/1/2015
. 2015-10-15 12:25:02.982 Login time: Thursday, October 15, 2015 12:25:02 PM
. 2015-10-15 12:25:02.982 --------------------------------------------------------------------------
. 2015-10-15 12:25:02.982 Session name: ftp.dfcn.com (Ad-Hoc site)
. 2015-10-15 12:25:02.982 Host name: ftp.dfcn.com (Port: 990)
. 2015-10-15 12:25:02.982 User name:  (Password: No, Key file: Yes)
. 2015-10-15 12:25:02.982 Transfer Protocol: FTP
. 2015-10-15 12:25:02.982 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2015-10-15 12:25:02.982 Disable Nagle: No
. 2015-10-15 12:25:02.982 Proxy: none
. 2015-10-15 12:25:02.982 Send buffer: 262144
. 2015-10-15 12:25:02.982 UTF: 2
. 2015-10-15 12:25:02.982 FTP: FTPS: Implicit TLS/SSL; Passive: Yes [Force IP: A]; MLSD: A [List all: A]
. 2015-10-15 12:25:02.982 Session reuse: Yes
. 2015-10-15 12:25:02.982 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2015-10-15 12:25:02.982 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2015-10-15 12:25:02.982 Cache directory changes: Yes, Permanent: Yes
. 2015-10-15 12:25:02.982 Timezone offset: 0h 0m
. 2015-10-15 12:25:02.982 --------------------------------------------------------------------------
. 2015-10-15 12:25:02.982 Username prompt (no username provided)
. 2015-10-15 12:25:05.403 Connecting to ftp.dfcn.com:990 ...
. 2015-10-15 12:25:05.403 TLS layer changed state from unconnected to connecting
. 2015-10-15 12:25:06.611 TLS layer changed state from connecting to aborted
. 2015-10-15 12:25:06.612 No connection could be made because the target machine actively refused it.
. 2015-10-15 12:25:06.612 Connection failed.
. 2015-10-15 12:25:06.612 Got reply 1004 to the command 1
* 2015-10-15 12:25:06.671 (EFatal) Connection failed.
* 2015-10-15 12:25:06.671 No connection could be made because the target machine actively refused it.
* 2015-10-15 12:25:06.671 Connection failed.

Reply with quote

Wengiel
Donor
Joined:
Posts:
1

I've has the exact same problem in version 5.19.4. I was using VSFTPD with no SSL. Turns out my vsftpd.chroot_list was not where it was supposed to be.

Reply with quote

Advertisement

You can post new topics in this forum