• March 29, 2024, 03:19:51 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 2 [3] 4

Author Topic: How to use FTP over SSL/TLS  (Read 53622 times)

bripab007

  • Level 3 Member
  • ***
  • Posts: 104
Re: How to use FTP over SSL/TLS
« Reply #30 on: March 09, 2009, 11:46:42 AM »

Yeah, I haven't figured it out yet either.  I think I'm going to disable the stock FTP server anyway and install ProFTPD or VSFTPD.

That way I'll kill two birds with one stone by fixing the even more annoying stock FTP server issue:  not being able to assign user permissions to multiple folders!
Logged

Zardoz66

  • Level 2 Member
  • **
  • Posts: 49
Re: How to use FTP over SSL/TLS
« Reply #31 on: March 09, 2009, 01:25:10 PM »


I would also like to config the NAS to only accept SSL connections only.
Logged
Zardoz66

DGL-4300 v1.9 | DAP-1522 v1.20 | DGS-2208 | DPR-1260 v1.24 | DNS-323 v1.6
1Gb JF=9k single drive mode
1 Seagate ST3300831AS 3NF1E956 300 G 
2 Seagate ST3300831AS 3NF1E03G 300 G

jrak

  • Level 2 Member
  • **
  • Posts: 35
Re: How to use FTP over SSL/TLS
« Reply #32 on: March 15, 2009, 04:37:55 PM »

I'm also interested in using FTP over SSL/TLS.  My DNS-323 is connected to a DIR-655 Router.  I have no problem transferring files using unencrypted FTP via Port 21.  But I have no success using the Filezilla client with the server type set to FTPES - FTP over explicit SSL/TLS.  I'm able to connect to the server, but then get the following messages:

Response:   230 OK. Current restricted directory is /
Command:   SYST
Response:   215 UNIX Type: L8
Command:   FEAT
Response:   211-Extensions supported:
Response:    EPRT
Response:    IDLE
Response:    MDTM
Response:    SIZE
Response:    REST STREAM
Response:    MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:    MLSD
Response:    ESTP
Response:    PASV
Response:    EPSV
Response:    SPSV
Response:    ESTA
Response:    AUTH TLS
Response:    PBSZ
Response:    PROT
Response:   211 End.
Command:   PBSZ 0
Response:   200 PBSZ=0
Command:   PROT P
Response:   534 Fallback to [C]
Status:   Connected
Status:   Retrieving directory listing...
Command:   PWD
Response:   257 "/" is your current location
Command:   TYPE I
Response:   200 TYPE is now 8-bit binary
Command:   PASV
Response:   227 Entering Passive Mode (192,168,0,191,186,142)
Status:   Server sent passive reply with unroutable address. Using server address instead.
Command:   LIST
Error:   Connection timed out
Error:   Failed to retrieve directory listing

I've read that FTP over SSL/TLS typically uses port 990.  However, the DNS-323 can't be configured to use this port.  So, for the moment, that's as far as I can go.  Does anyone have any suggestions for other things to try?   Or is their another way of encrypting FTP communications that does not require any special expertise.
Logged

lucanaut

  • Level 1 Member
  • *
  • Posts: 22
Re: How to use FTP over SSL/TLS
« Reply #33 on: March 17, 2009, 08:07:39 AM »

That is pretty much verbatim my situation (using FileZilla, so same exact log).  I just got off the phone with D-Link support, and he admitted he had no idea how to help me, and in fact he was looking at this very same forum...uuuuhhhhh...is  there anyone who's qualified who can help us?  Obviously the group of people with this issue is growing.
Logged

bigclaw

  • Level 2 Member
  • **
  • Posts: 81
Re: How to use FTP over SSL/TLS
« Reply #34 on: March 17, 2009, 08:51:14 AM »

Have you tried using active mode instead of passive?
Logged

jrak

  • Level 2 Member
  • **
  • Posts: 35
Re: How to use FTP over SSL/TLS
« Reply #35 on: March 17, 2009, 09:30:20 AM »

I've tried all the options available on Filezilla, but with no success.
Logged

D-Link Multimedia

  • Poweruser
  • Level 7 Member
  • **
  • Posts: 1066
    • D-link Systems, Inc.
Re: How to use FTP over SSL/TLS
« Reply #36 on: March 17, 2009, 11:46:59 AM »

Best I can do is tell you how to do it on FireFTP. I don't have enough experience on FileZilla to guide you. Perhaps something from this guide can help you with FileZilla Setup.


From the Tools menu, click FireFTP to start the FireFTP FTP client.



Create a new connection.



Set the IP address and user account on the Main tab of the Account Manager window to login to the DNS-323 FTP server. Click OK.



Go to the Connection tab of the Account Manager window and set the security function to “Auth TLS (Best)” mode. Press OK to finish the setting.



You will now see a series of pop-up warning messages that look similar to these depicted on the right. Click the Or you can add an exception… button.



Click the Add exception… button



Click the Get Certificate button.



Click the Confirm Security Exception button.



Press the Connect button to connect to the DNS-323 FTP server.



This window indicates you have made a successful connection.


Logged

jrak

  • Level 2 Member
  • **
  • Posts: 35
Re: How to use FTP over SSL/TLS
« Reply #37 on: March 17, 2009, 09:05:01 PM »

Thanks for the guidance on using FireFTP.  I followed the instructions and was able to log on to my server.  However, I was not able to access my files.  Whenever I tried to open a directory -- whether it was large or small -- the program would indicate that it was "running" and then a minute or so later it generated a 421 time out error.  When I disabled the TLS security, I was able to access the files immediately.
Logged

lucanaut

  • Level 1 Member
  • *
  • Posts: 22
Re: How to use FTP over SSL/TLS
« Reply #38 on: March 18, 2009, 11:15:24 AM »

Same here...which is essentially similar to what happened with FileZilla or another client I tried - log in seems successful, but access to directories is not working.  At least it's consitently NOT working.  I'm starting to wonder if SSl/TLS support was not sufficiently tested to make sure it actually works, and whether there's a problem with the new firmware...
Logged

clubincdj

  • Level 1 Member
  • *
  • Posts: 4
Re: How to use FTP over SSL/TLS
« Reply #39 on: March 18, 2009, 11:51:46 AM »

Has anyone considered the HUGE security hole that the FTP server has NO anti-hack feature for incorrect login attempts?? That has bad written all over it. I have another FTP server at home that people try to get in all the time, but it has anti-hack built into it's firmware. It did cost 5 times more that my D-Link though...
Logged

bripab007

  • Level 3 Member
  • ***
  • Posts: 104
Re: How to use FTP over SSL/TLS
« Reply #40 on: March 18, 2009, 01:46:02 PM »

What exactly does this "anti-hack" feature do?
Logged

jrak

  • Level 2 Member
  • **
  • Posts: 35
Re: How to use FTP over SSL/TLS
« Reply #41 on: March 18, 2009, 04:43:40 PM »

As I see it, there are 2 security issues here.  One is the risk associated with transmitting unencrypted passwords and the other is the risk associated with a hacker using a brute force dictionary attack.  While the former would be addressed by transmitting FTP over SSL/TLS, the latter would not.  I'm not sure how vulnerable the DNS 323 is to a brute force attack and, as a consequence, I don't have the FTP server turned on or leave a port open on my router.  Does anyone have sense of what the risks might be given the lack of anti-hacking measures on the device?
Logged

ttmcmurry

  • Level 4 Member
  • ****
  • Posts: 438
Re: How to use FTP over SSL/TLS
« Reply #42 on: March 19, 2009, 05:22:48 PM »

There aren't any measures such as:

Auto-Ban IP after x failed attempts / ban retry interval
Allowed IP address(es)
Deny IP address(es)
Allow if specific user certificate is present

The 323 is a SOHO device, not a full fledged FTP server.

One side of me says "if you're going to make a FTP server that does TLS/SSL, then do it right and give us the above features (and ability to specify pasv port range)."

The other side of me says "who gives a flip about SSL/TLS at home?  It will slow down the transfer due to encryption."

I'd hope said security features would be available to us; and perhaps if implemented you could have a "Simple" "Advanced" & "Off" radio button in the 323's web GUI for FTP setup (that defaults to simple).  That way it's always in simple/dumb mode unless a user who knows what they're doing sets it to advanced mode with the goodies.  That would keeps down on user frustration because they don't get it by keeping the interface intentionally simplified.
Logged

fordem

  • Level 10 Member
  • *****
  • Posts: 2168
Re: How to use FTP over SSL/TLS
« Reply #43 on: March 19, 2009, 07:02:59 PM »

There aren't any measures such as:

Auto-Ban IP after x failed attempts / ban retry interval
Allowed IP address(es)
Deny IP address(es)

Allow if specific user certificate is present

The 323 is a SOHO device, not a full fledged FTP server.
<SNIP>

Maybe it's just the network engineer in me - but items #2 & #3 in your list would be best handled in the router/firewall - at least, that's where I've been doing it for much of the last decade.
Logged
RAID1 is for disk redundancy - NOT data backup - don't confuse the two.

ttmcmurry

  • Level 4 Member
  • ****
  • Posts: 438
Re: How to use FTP over SSL/TLS
« Reply #44 on: March 19, 2009, 07:48:38 PM »

Maybe it's just the network engineer in me

Hehe, the struggle between network and admin guys ensues.  :)

Yeah, while the router is an acceptable place to do that, it may be desirable to ban or allow an ip address to/from specific services.  The router approach enables or disables all access regardless of what service it's connecting to. 

We both know in an enterprise environment we get that kind of granularity on the router/firewall, but for SOHO not all routers have access lists to control specific data connections -- the D-Link 6xx & 8xx series do, but not every vendor does.  It's for that reason I suggest the IP filtering on the FTP server; it's what I'd consider a "standard" modern FTP feature.
« Last Edit: March 19, 2009, 07:53:26 PM by ttmcmurry »
Logged
Pages: 1 2 [3] 4