How to connect to FTP server which requires SSL authentication?

Hello,

I tried searching through lot of threads for a solution but couldn't fetch the exact solution, so I am creating a new thread.

I am trying to connect to a FTP server

1) using a simple FTP command, it gives the error :

534 Policy requires SSL.
Login failed.

2) using SFTP command on port number 21

ssh_exchange_identification: read: Connection reset by peer
Couldn't read packet: Connection reset by peer

3) using curl command, it throws following error

curl: (67) Access denied: 534

I am stuck at this point and could not think of any solution. Let me know if I am missing out on anything here.

Thanks in advance & apologies if a similar thread already exist.

Regards,
Amit

1. May be due to iptables or other firewalls. Try turning off the firewall and then ftp.
   For turning off iptables, do /etc/init.d/iptables stop

2. SSH keys are not setup (Search for "passwordless ssh" in unix.com/google) or the SSH daemon is not running.

[root@bt]ps -eaf | grep sshd
root      1987     1  0  2010 ?        00:00:00 /usr/sbin/sshd

To start the ssh daemon /etc/init.d/sshd start

3. Same as 1.

Make sure the ftp daemon is running on the server. Mine is vsftpd.

[root@bt]ps -eaf | grep ftp
root      2083     1  0  2010 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

To start the ftp daemon
/etc/init.d/vsftpd start

HTH
--ahamed

Hi,
there are some ftp-protcolls that use ssh/ssl. Did you try FTPS or FTP over SSH?

Hi Ahamed,

Thanks for your response. I tried all the options you have suggested.
1) Turned off the firewall
2) SSHD services were running

But it did not help

@Cero : could you please elaborate on those options with an example. I haven't tried those.

Thanks

• Amit

Did you get information about the used protocol when you got username and password?
I'd try the easiest method first. Issue AUTH SSL before sending username and password in an normal ftp-session.
I never had to use FTP over SSH - its basically tunneling normal FTP over an ssh-connection.
For FTPS you need a client that can handle that protocol like lftp. Opening a connection with lftp could look like this:

lftp -c 'open -e "set ftps:initial-prot ""; \
   set ftp:ssl-force true; \
   set ftp:ssl-protect-data true; "\
   <your FTP command>; " \
   -u "USERNAME","PASSWORD" \
   ftps://HOSTNAME:990 '

Hello Cero,

I tried that option, it is throwing an error :

/lib64/libcrypto.so.6: undefined symbol: inflateEnd
connect: ftp - not supported protocol

Do we have to set up any env variables before using lftp ?

• Amit

Which option did you try? AUTH SSL or ftps?
For ftps you need a version of lftp compiled with tls support. This one for example supports ftps transfers:

$ lftp -v
LFTP | Version 3.7.3 | Copyright (c) 1996-2008 Alexander V. Lukyanov

LFTP is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
There is absolutely no warranty for LFTP.  See COPYING for details.

Send bug reports and questions to <lftp@uniyar.ac.ru>.

Libraries used: Readline 5.2, GnuTLS 2.4.2, zlib 1.2.3.3

Sorry for not mentioning that. I tried ftps option with lftp. I too have the utility though the version looks little older than yours :

-------------------------

LFTP | Version 3.5.1 | Copyright (c) 1996-2006 Alexander V. Lukyanov

LFTP is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
There is absolutely no warranty for LFTP.  See COPYING for details.

Send bug reports and questions to <lftp@uniyar.ac.ru>.

Libraries used: Readline 5.1

-----------------------------

In the normal ftp session, I am getting below error :

220 Microsoft FTP Service
504 Security mechanism not implemented.
504 Security mechanism not implemented.
KERBEROS_V4 rejected as an authentication type

I am able to connect to FTP using Filezilla on windows with explicit FTP over TLS option.

Your version of lftp does not support ftps.
Did you try AUTH TLS ?

what is output after execute this?

# curl -v -k --ftp-ssl-reqd ftp://YOURFTPSERVER

@Cero : Where should I put that ? 'AUTH SSL'. I tried putting it on FTP console, it came back with an error.

The response of curl command is :

* About to connect() to FTPSERVER port 21
*   Trying FTPSERVER... connected
* Connected to FTPSERVER (FTPSERVER) port 21
< 220 Microsoft FTP Service
> AUTH SSL
< 234 AUTH command ok. Expecting TLS Negotiation.
* SSL: couldn't set callback!
* Closing connection #0
curl: (35) SSL: couldn't set callback!

Does that mean, it can not FTP explicitly over TLS ?

this means probably , your client does not support tls negotiation.
i guess,ftp server wants to start tls and send message to your ftp client about this.but your ftp client couldnt answer to this.
it says there is an error during ssl connection and returns the error message about try to preapere ssl connection..

what is the curl version?

# curl --version

Curl version :

curl 7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.1 OpenSSL/0.9.8b zlib/1.2.1
Protocols: tftp ftp gopher telnet dict ldap http file https ftps
Features: IPv6 Largefile NTLM SSL libz

---------- Post updated at 04:14 PM ---------- Previous update was at 11:07 AM ----------

I upgraded my version of lftp and now I am able to login to the FTP server.

I have another question around lftp, I need to download files from a particular location. In the lftp command I couldn't find any place where we can specify folder name using ftps.

Does anyone have any example of doing similar thing ?

• Amit

curl-)
i guess, libcurl/7.15.1 and your local ssl library(ies) are incompatible..
what is the output for these?

# rpm -qa|grep openssl
# rpm -qf `ldd /usr/lib64/libcurl.so|awk '/ssl/{print $3}'`

and i think best way , update the entire curl package..
try

# yum -y update curl*

/* or remove curl and download and install the new version. */
cURL - Download

lftp-)
you can use like this..

> !cd /particularfolder/
> get infiles

regards
ygemici

Any idea about following error ?

Login failed: 530 User cannot log in.

I am getting this error while connecting to a FTP server through Unix

• Amit

The shell associated may be false or nologin...

grep <user> /etc/passwd

--ahamed

It did not return anything. What does that mean ?

The FTP server I am trying to connect to requires SSL authentication so I am using 'lftp'.

You should execute this on the remote server...

--ahamed

be careful to substitute the <user> with the REAL USER NAME...

Hi Ahamed,

Remote server is a windows server. Is there any other way to identify the issue.

Thanks