• March 28, 2024, 09:27:35 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2 3 4

Author Topic: How to use FTP over SSL/TLS  (Read 53610 times)

jrbilodeau

  • Level 3 Member
  • ***
  • Posts: 100
How to use FTP over SSL/TLS
« on: December 31, 2008, 07:28:23 AM »

Hey i just upgraded to fw 1.06 and was just wondering how to use FTP over SSL/TLS. i'm using FileZilla and if i pick  "servertype: FTPS - FTP over implicit TLS/SSL" it wont connect, but if i pick regular ftp it works.

also is there a way to for the dns 323 to only work with ftps so that unsecure connections cant be made to it. thanks
Logged

zehninguem

  • Level 2 Member
  • **
  • Posts: 37
Re: How to use FTP over SSL/TLS
« Reply #1 on: December 31, 2008, 09:22:16 AM »

Same question here.....
Logged

Tank_Killer

  • Level 2 Member
  • **
  • Posts: 91
Re: How to use FTP over SSL/TLS
« Reply #2 on: December 31, 2008, 10:00:57 AM »

I dont see any option in the gui for SSL, I as well am wondering how to enable this feature.

thank you.
Logged

jrbilodeau

  • Level 3 Member
  • ***
  • Posts: 100
Re: How to use FTP over SSL/TLS
« Reply #3 on: December 31, 2008, 10:06:53 AM »

Ok so i think i might have figured it out. in FileZilla ftp client it works if i select "servertype: FTPES - FTP over explicit TLS/SSL". the it asks if you wish to accept the certificate.

problem that i see with this is that it leaves the security up to the client and not the server. if you get a user that decides not to use ftpes then it sends username and password in clear text over the net, then someone can gain acces to your nas. but if it were possible to specify from the nas to only accept FTPES it would be more secure.
Logged

D-Link Multimedia

  • Poweruser
  • Level 7 Member
  • **
  • Posts: 1066
    • D-link Systems, Inc.
Re: How to use FTP over SSL/TLS
« Reply #4 on: December 31, 2008, 10:13:21 AM »

New documentation (manual) hasn't been posted yet but we are working on a FAQ for this exact thing. Also we have no plans to disable regular Non-SSL FTP. We leave it up the client (you or however you configure it for your users) to select to use SSL or not.
Logged

zehninguem

  • Level 2 Member
  • **
  • Posts: 37
Re: How to use FTP over SSL/TLS
« Reply #5 on: December 31, 2008, 10:30:03 AM »

Sorry to tell this but we have no plans to give an option to disable non ssl ftp seems a lame answer.
Security should always comes from the server side. The main idea of an ssl ftp is to not have the weaker ftp open to the web.

Just my 5 cents
Logged

jrbilodeau

  • Level 3 Member
  • ***
  • Posts: 100
Re: How to use FTP over SSL/TLS
« Reply #6 on: December 31, 2008, 11:08:31 AM »

i totaly agree, there should be an option to select or disable regular ftp on the server side
Logged

mcduarte2000

  • Level 2 Member
  • **
  • Posts: 40
    • Miguel Duarte
Re: How to use FTP over SSL/TLS
« Reply #7 on: December 31, 2008, 01:06:50 PM »

I agree. It would be a very important feature to be able to force users to use SSL/TLS. Only that way I would accept to give access to my home server to other users.
Logged

zehninguem

  • Level 2 Member
  • **
  • Posts: 37
Re: How to use FTP over SSL/TLS
« Reply #8 on: January 03, 2009, 11:07:56 AM »

No news from DLINK except for the lame answer?

I'm starting to think that the best way to solve all 323 limitations and buggy firmwares is eBay ;)

FTP server with no log, no way to know who is logged and no way to go only ssl ...
AV UPnP not 100% DLNA ...
Printer server that stops to work every two new versions of firmware ...
Very limited BT client (e.g. can not choose individual files) ...

Good idea weak implementation
Logged

MountainMan

  • Level 1 Member
  • *
  • Posts: 24
Re: How to use FTP over SSL/TLS
« Reply #9 on: January 03, 2009, 11:29:39 PM »

This seems like a very good feature request for 1.07.  I suggest you add a constructive post in the 1.07 feature wish list asking for forced SSL (ie block non SSL log-ins) as a selectable option.  Also give clear reasons why it is important and any specific ideas about how it should be implemented to make sure it is useful and doesn't fail to address this security concern.

The computer industry is full of products and companies with essentially zero post-sales support, even to fix serious bugs.  The fact that D-Link is continuing to actively support this product to fix bugs, add enhancements, and even read/respond to this forum, is excellent.  This alone earns my patience and some customer loyalty as they continue to improve the product.  I encourage you to consider this as well.
Logged

zehninguem

  • Level 2 Member
  • **
  • Posts: 37
Re: How to use FTP over SSL/TLS
« Reply #10 on: January 04, 2009, 08:23:31 AM »

Dear MountainMan

I agree with you but these points were part of my wish list for 1.05, and 1.06.
What bugged me was the answer from DLINk that we will not do that since allowing to disable simple FTP (FTP without ssl) would increase security. I'm a project manager in IT for more than 20 years and security must always come from server side and not count on client side.
Talking about the AV UPnP if it is not recognized by WMP11 as a server the most used mediaclient something is wrong, do I need more justification than that.
Again I had put all these points on the old wish lists and I really tis that this time the "we will not do" answer for the FTP ssl point was a lame one.

Cheers and happy new year
Logged

madpenguin

  • Level 1 Member
  • *
  • Posts: 13
Re: How to use FTP over SSL/TLS
« Reply #11 on: January 04, 2009, 10:35:00 PM »

I agree. There should be an option to disable vanilla FTP in favor of TLS/SSL. I'm not holding my breath tho so thats why I'm in the middle of implementing sftp (ssh) in chroot (funplug). Once up and running, kill port 21 and forget about it.

This is linux folks. Quit *****ing about it and do it yourself. Besides, TLS/SSL is still fairly weak security wise.
Logged

jrbilodeau

  • Level 3 Member
  • ***
  • Posts: 100
Re: How to use FTP over SSL/TLS
« Reply #12 on: January 05, 2009, 05:56:01 AM »

ftpes doesn`t seem to work unless your on your local network. right now im at work and it logs in with ftpes but stops at the list command. whats up with this.
Logged

bripab007

  • Level 3 Member
  • ***
  • Posts: 104
Re: How to use FTP over SSL/TLS
« Reply #13 on: January 05, 2009, 12:19:46 PM »

Yes, I'm SFTP typically runs on a port other than the commonly-used 21 for regular FTP, hence why you're seeing it work on the local network, behind your firewall, but not outside it.

We don't know which port, though, as D-Link hasn't told us.  Guess we could use a network traffic analyzer program...
Logged

D-Link Multimedia

  • Poweruser
  • Level 7 Member
  • **
  • Posts: 1066
    • D-link Systems, Inc.
Re: How to use FTP over SSL/TLS
« Reply #14 on: January 05, 2009, 12:49:32 PM »

Dear MountainMan

What bugged me was the answer from DLINk that we will not do that since allowing to disable simple FTP (FTP without ssl) would increase security.

Where did I say that we absolutely will not do anything in my post? I simply stated at this time there are no plans to make those changes. As you as a Project Manager should know, plans do not always go according to...well...plans. You also have to remember the little guys/gals out there who don't care about the security or or only access it via their internal LAN. The only ones complaining are those who access it outside of their LAN which is beyond what most consumers do already.

There is no reason to start a flame over something as simple as requesting the change in 1.07 requests thread. I started that thread for the sole reason of your constructive feedback and if you feel that we should implement something differently than we have done in the past then by all means make mention of it and we will consider it and its impact as a WHOLE.
Logged
Pages: [1] 2 3 4