EldoS | Feel safer!

Software components for data protection, secure storage and transfer

FTPS Server FileZilla "waiting for welcome message"

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#15459
Posted: 01/11/2011 18:37:55
by Colin Mathews (Standard support level)
Joined: 01/11/2011
Posts: 9

I am trying out the 8.2 beta and building an FTPS server in C#. I used IIS7 to generate a self-signed SSL certificate for my local machine and am using the FTPSServerDemo sample code. In the settings window I am using my machine's IP address on port 21 and I have created a test user account. Allow anonymous access is OFF, Implicit SSL, Require TLS for control chann, and Require TLS for data chann are all ON. I linked to the exported *.pfx file of my self-signed certificate with the proper password.

After starting the server in the demo form, I'm using FileZilla to test connecting (connecting via explicit TLS/SSL). It establishes a connection, but never gets passed "waiting for welcome message..." The logs I'm seeing in FileZilla are:

Status: Connecting to 192.168.10.112:21...
Status: Connection established, waiting for welcome message...
Error: Connection timed out
Error: Could not connect to server

Any help would be appreciated!
Thanks
#15460
Posted: 01/12/2011 01:54:10
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Try to turn off implicit SSL on the server side or turn it on on client side. In FileZilla this can be done via File->Site manager-> Server type should be "FTPS - FTP over implicit SSL/TLS".
#15461
Posted: 01/12/2011 02:25:12
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

Implicit and explicit TLS are completely different (in implicit, control channel is secured with TLS from the beginning, but in explicit connection is done via clear TCP/IP connection, and is secured only after sending AUTH TLS/AUTH SSL by client).
#15464
Posted: 01/12/2011 07:39:04
by Colin Mathews (Standard support level)
Joined: 01/11/2011
Posts: 9

Thanks -- I just tried every combination of Implicit/Explicit and requiring TLS for control/data channels as well as flipping FileZilla back and forth between implicit/explicit. Based on those scenarios I'm getting one of three error messages from FileZilla:

[Scenario: server=explicit, client=explicit]
Status: Connecting to 192.168.10.112:21...
Status: Connection established, waiting for welcome message...
Response: 220-EldoS SecureBlackbox FTPS server ready.
Response: 220 Library version 8.2.193.0
Command: AUTH TLS
Response: 234 Security data exchange complete.
Status: Initializing TLS...
Error: GnuTLS error -48: Key usage violation in certificate has been detected.
Error: Could not connect to server

[Scenario: server=explicit or implicit, client=implicit]
Status: Connecting to 192.168.10.112:990...
Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".
Error: Could not connect to server

[Scenario: server=implicit, client=explicit]
Status: Connecting to 192.168.10.112:21...
Status: Connection established, waiting for welcome message...
Error: Connection timed out
Error: Could not connect to server
#15465
Posted: 01/12/2011 07:50:48
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

1. It looks like filezilla doesn't allow certificate you generated. Have you added it to security exceptions/trusted cert storage, whatever else?
2. In such scenario you should set server to use implicit SSL. And, it looks like you forget to change port after changing settings, since ECONNREFUSED tells about absence of opened socket.
3. explicit-configured client will never connect to implicit server, and vice versa.
#15466
Posted: 01/12/2011 07:52:15
by Vsevolod Ievgiienko (EldoS Corp.)

Try to use demo certificate from SecureBlackbox distribution on server side. It can be found in \SecureBlackbox\Extra\Certificates
#15467
Posted: 01/12/2011 08:03:34
by Eugene Mayevski (EldoS Corp.)

Quote
Colin Mathews wrote:
I just tried every combination of Implicit/Explicit and requiring TLS for control/data channels as well as flipping FileZilla back and forth between implicit/explicit.


... which has absolutely no sense. Implicit mode means literally FTP over TLS, and explicit is "TLS within FTP". Obviously the client and the server must use the same mode.


Sincerely yours
Eugene Mayevski
#15468
Posted: 01/12/2011 08:17:22
by Colin Mathews (Standard support level)
Joined: 01/11/2011
Posts: 9

Thanks very much for your help -- using the certificate in \SecureBlackbox\Extra\Certificates got it working.

The FTPS server sample code I'm looking at uses the SBSimpleFTPSServer.TElSimpleFTPSServer class. The connection establishes fine in FileZilla and lists the C:\ directory, but any other operation results in an error (included below is the error I got when trying to list a sub-directory). I'm not personally concerned with this error, but I wanted to post it for completeness.

So, how exactly do I take advantage of the more interesting events (defined in the SBFTPSServer.TElFTPSServer class), such as listing directory contents programmatically and specially handling file transfers?

My initial thought was simply to change the server class from SBSimpleFTPSServer.TElSimpleFTPSServer to SBFTPSServer.TElFTPSServer, but there seemed to be no way to specify Host, Port, etc.

My next guess was to listen to the OnNewConnection event and set up event handlers there on the Session.FTPSServer object -- though this felt a bit counter-intuitive seeing as how it seems that a different FTPSServer object shouldn't exist for each session.


Error for completeness as noted above:
Status: Retrieving directory listing...
Command: CWD /Documents and Settings
Response: 250 Directory change successful.
Command: TYPE I
Response: 200 Command okay.
Command: PORT 192,168,10,112,199,127
Response: 200 Command okay.
Command: MLSD
Error: GnuTLS error -9: A TLS packet with unexpected length was received.
Status: Server did not properly shut down TLS connection
Error: Disconnected from server: ECONNABORTED - Connection aborted
Error: Failed to retrieve directory listing
#15470
Posted: 01/12/2011 08:42:24
by Mykola Olshevsky (Basic support level)
Joined: 07/07/2005
Posts: 450

We checked FTPS server with FileZilla (version 3.3.5.1) and everything works fine.
Are you using the latest version?

Regarding using TElFTPSServer - this component is low-level, thus it handles only commands, calling callbacks on each one. And all socket/connection stuff must be done in object which uses ElFTPSServer (that's what ElSimpleFTPSServer do). So if you need to completely custom control over FTPS session, you should write your own wrapper. If you need only few customizations, please write which ones - we'll consider extending ElSimpleFTPSServer functionality.
#15472
Posted: 01/12/2011 08:50:53
by Colin Mathews (Standard support level)
Joined: 01/11/2011
Posts: 9

I am looking for analogous functionality to your SFTP server/session. Specifically I need programmatic control over the following:

  • Authenticating users
  • Listing directory contents
  • Creating/deleting/renaming directories
  • Renaming/deleting files
  • Moving files and folders into folders (perhaps this is just a rename operation)
  • Uploading and downloading multiple files

I know this component is in beta -- if the next release is soon and would include a wrapper to accomplish these tasks, I would wait for it. Otherwise if it might be several weeks, I'd love a little assistance in how I go about writing a wrapper for ElFTPSServer.

Thanks!
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 34300 times

Number of guests: 4, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!