It's not possible now. It could be added - i just have to found a free server which support this. The refence documents says, this is insecure. I already know, that my favourite ftp server doesn't support it yet (i was asking for this, too :-). Of course, just to test this feature.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have been using a ftp server for a while that support this. I dont use it like that today, but I might be able to set up a secondary server that you can test against if you think it would help! :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Maybe you could just mention this server :-) I don't know when i'm back to this project, but this shouldn't be such big task, that i couldn't find time for it this month.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I use glftpd....that support that only use TLS at login and nothing more. I dont want to rush anything. I didnt know if you were working anything on it more. :)
If you have the time and want to do it it would be great. Just do it when and if you want to! :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Can you give me a hint, how to configure glftpd 2.0 (downloaded from glftpd.at) to allow CCC command? This command is necessary to reset command channel back to plaintext.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I been away for a while and haven't been reading this forum. Did you solve the CCC command or? I'm not sure what it is! :-) I'm actually not any good at this!
Is it something you want me to test against the site I have access to?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, you said you have used the feature to use TLS only for login. So you noted your server software, maybe you could the client one, too. As I downloaded that ftp server I tried to configure it for TLS-for-login-only. But it wasn't possible. As the specification says, I have to send "CCC" command after login. And this is on most ftp servers unsupported (as it's not so secure :-) So I don't have any real ftp server to test the solution again. I just patched one of my server to stop SSL somewhere, but I don't really know that software internals, so I did it only for first tests. So, as I didn't found any working ftpd with CCC support, I can't say it works. And most possibly it doesn't solve your problem.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I haven't set that up myself to use TLS for login only. But a ftp site I log on to have set it up like that and that site uses glftpd too. The guy who gave me the account mentioned the server software for me. I can ask him how he have done it and get back to you! :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The only thing you need to do is to comment out all the TLS lines exept "userrejectinsecure" and make sure that there is a "*" after it. Then everyone must use TLS for login!
The other lines is if you want to use encryption for other things too.
# TLS enforcements.
# userrejectsecure !*
userrejectinsecure * <-- this forces everyone to use TLS for login!
The next two lines are if you want directory listing and data encrypted or not!
# denydiruncrypted !*
# denydatauncrypted !*
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, using the same server version and this configuration I get same message as before "CCC not understood". So you have to use SSL/TLS for commands. You can still leave data unencrypted. just use "AUTH TLS". If you wish to use SSL/TLS for data channel, too - then you have to use "AUTH TLS SECURE". Well, those names and options should be documented and so.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thats what I get when I try using AUTH TLS. When I use Flash FXP I use AUTH TLS and checks out Secure File Listing and Secure File Transfers. So maybe it should be the same thing, but it dosnt work! :-)
Thank you for trying and checking this anyway. I guess I'll just continue to use Flash FXP for this site even though it would have been nice to only use Total Commander as the only client!
If you have any ide whats wrong, feel free to tell me! But you dont have to take more time in the matter if you dont want to! Thats OK! I'm glad you started to check it out anyway!
Good job!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
How does the connection log looks like, when you use another client, e.g. Flash FXP? I assume, the plugin has problem with the welcome message. Maybe there's no number on the line, or empty line or so...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is the beginning of the login, it's pretty long, but its a ascii picture followd by some site info! But above you have the beginning that is displayed directly after the password! Do you want a complete cutout? :-)
After the ascii picture this comes up:
[R] 230 User XXXX logged in.
[R] SYST
[R] 215 UNIX Type: L8
[R] FEAT
[R] 211- Extensions supported:
[R] AUTH TLS
[R] AUTH SSL
[R] PBSZ
[R] PROT
[R] CPSV
[R] SSCN
[R] MDTM
[R] SIZE
[R] SYST
[R] 211 END
[R] PWD
[R] 257 "/" is current directory.
[R] TYPE A
[R] 200 Type set to A.
[R] PROT C
[R] 200 Protection set to Clear
[R] PASV
[R] 227 Entering Passive Mode (IP-address)
[R] Opening data connection IP: IP-address PORT: XXXX
[R] LIST -al
[R] 150 Opening ASCII mode data connection for directory listing.
[R] 226- [Ul: 0.0MB] [Dl: 0.0MB] [Speed: 5.19K/s] [Free: 11223MB]
[R] 226 [Section: DEFAULT] [Credits: XXXXMB] [Ratio: Unlimited]
[R] List Complete: 1 KB in 0.44 seconds (2.3 KB/s)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, this is it - it's too long :-) I have to check what's the problem. Anyway, those settings in Flash FXP both deactived is the same as "AUTH TLS" and both actived "AUTH TLS SECURE". Maybe there should be extra option for AUTH TLS.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Great....then we know what the cause is. Stange that the long welcome mess breaks the connection! :-)
About the extra option for AUTH TLS, I dont know if that's needed, but someone might like it! :-) It wouldn't hurt I think! It looks like some servers can use it anyway.
I wish that I could make this kind of things! But I'm not that good at coding stuff! hehe
Keep up the good work!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
By the way....I read the readme again to see if I have missed something!
It says that its a "new standard for ecryption with standard port". The site I connect to dont use the standard port 21, could it be this that is the problem then?
"AUTH TLS - new standard for encryption with standard port, renders AUTH SSL obsolete. This connection type secures only command channel, so your username/password will be encrypted, the commands too, but not the file transfer or directory listing"
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is it possible to use TLS for login only not for commands after the login.
I'm trying to login to a ftp that uses TLS for login and not for any other commands.
Is it possible to do this with the FTPS version that exist today or will it be in a future release?
It's not possible now. It could be added - i just have to found a free server which support this. The refence documents says, this is insecure. I already know, that my favourite ftp server doesn't support it yet (i was asking for this, too :-). Of course, just to test this feature.
Is it something I can do to help you with this!
I have been using a ftp server for a while that support this. I dont use it like that today, but I might be able to set up a secondary server that you can test against if you think it would help! :)
Maybe you could just mention this server :-) I don't know when i'm back to this project, but this shouldn't be such big task, that i couldn't find time for it this month.
I use glftpd....that support that only use TLS at login and nothing more. I dont want to rush anything. I didnt know if you were working anything on it more. :)
If you have the time and want to do it it would be great. Just do it when and if you want to! :)
Can you give me a hint, how to configure glftpd 2.0 (downloaded from glftpd.at) to allow CCC command? This command is necessary to reset command channel back to plaintext.
Well, I have a solution for CCC, but i can't test it with a real ftp server.
I been away for a while and haven't been reading this forum. Did you solve the CCC command or? I'm not sure what it is! :-) I'm actually not any good at this!
Is it something you want me to test against the site I have access to?
Well, you said you have used the feature to use TLS only for login. So you noted your server software, maybe you could the client one, too. As I downloaded that ftp server I tried to configure it for TLS-for-login-only. But it wasn't possible. As the specification says, I have to send "CCC" command after login. And this is on most ftp servers unsupported (as it's not so secure :-) So I don't have any real ftp server to test the solution again. I just patched one of my server to stop SSL somewhere, but I don't really know that software internals, so I did it only for first tests. So, as I didn't found any working ftpd with CCC support, I can't say it works. And most possibly it doesn't solve your problem.
I haven't set that up myself to use TLS for login only. But a ftp site I log on to have set it up like that and that site uses glftpd too. The guy who gave me the account mentioned the server software for me. I can ask him how he have done it and get back to you! :)
Hi!
The only thing you need to do is to comment out all the TLS lines exept "userrejectinsecure" and make sure that there is a "*" after it. Then everyone must use TLS for login!
The other lines is if you want to use encryption for other things too.
# TLS enforcements.
# userrejectsecure !*
userrejectinsecure * <-- this forces everyone to use TLS for login!
The next two lines are if you want directory listing and data encrypted or not!
# denydiruncrypted !*
# denydatauncrypted !*
Well, using the same server version and this configuration I get same message as before "CCC not understood". So you have to use SSL/TLS for commands. You can still leave data unencrypted. just use "AUTH TLS". If you wish to use SSL/TLS for data channel, too - then you have to use "AUTH TLS SECURE". Well, those names and options should be documented and so.
Well.....it still dosent work when I try to log in that way! It looks like this:
220 The Site (glFTPd 2.00 Linux+TLS) ready.
234 AUTH TLS successful
<<<<CERT INFO>>>>
.
glftpd
<<<</CERT INFO>>>>
Verify code: 18
331 Password required for user.
PASS *******
Uncatched exception
====================================
Thats what I get when I try using AUTH TLS. When I use Flash FXP I use AUTH TLS and checks out Secure File Listing and Secure File Transfers. So maybe it should be the same thing, but it dosnt work! :-)
Thank you for trying and checking this anyway. I guess I'll just continue to use Flash FXP for this site even though it would have been nice to only use Total Commander as the only client!
If you have any ide whats wrong, feel free to tell me! But you dont have to take more time in the matter if you dont want to! Thats OK! I'm glad you started to check it out anyway!
Good job!
How does the connection log looks like, when you use another client, e.g. Flash FXP? I assume, the plugin has problem with the welcome message. Maybe there's no number on the line, or empty line or so...
[R] PASS (hidden)
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
[R] 230-
This is the beginning of the login, it's pretty long, but its a ascii picture followd by some site info! But above you have the beginning that is displayed directly after the password! Do you want a complete cutout? :-)
After the ascii picture this comes up:
[R] 230 User XXXX logged in.
[R] SYST
[R] 215 UNIX Type: L8
[R] FEAT
[R] 211- Extensions supported:
[R] AUTH TLS
[R] AUTH SSL
[R] PBSZ
[R] PROT
[R] CPSV
[R] SSCN
[R] MDTM
[R] SIZE
[R] SYST
[R] 211 END
[R] PWD
[R] 257 "/" is current directory.
[R] TYPE A
[R] 200 Type set to A.
[R] PROT C
[R] 200 Protection set to Clear
[R] PASV
[R] 227 Entering Passive Mode (IP-address)
[R] Opening data connection IP: IP-address PORT: XXXX
[R] LIST -al
[R] 150 Opening ASCII mode data connection for directory listing.
[R] 226- [Ul: 0.0MB] [Dl: 0.0MB] [Speed: 5.19K/s] [Free: 11223MB]
[R] 226 [Section: DEFAULT] [Credits: XXXXMB] [Ratio: Unlimited]
[R] List Complete: 1 KB in 0.44 seconds (2.3 KB/s)
Well, this is it - it's too long :-) I have to check what's the problem. Anyway, those settings in Flash FXP both deactived is the same as "AUTH TLS" and both actived "AUTH TLS SECURE". Maybe there should be extra option for AUTH TLS.
Great....then we know what the cause is. Stange that the long welcome mess breaks the connection! :-)
About the extra option for AUTH TLS, I dont know if that's needed, but someone might like it! :-) It wouldn't hurt I think! It looks like some servers can use it anyway.
I wish that I could make this kind of things! But I'm not that good at coding stuff! hehe
Keep up the good work!
By the way....I read the readme again to see if I have missed something!
It says that its a "new standard for ecryption with standard port". The site I connect to dont use the standard port 21, could it be this that is the problem then?
"AUTH TLS - new standard for encryption with standard port, renders AUTH SSL obsolete. This connection type secures only command channel, so your username/password will be encrypted, the commands too, but not the file transfer or directory listing"