Ftp
Filezilla 客戶端和 VSFTPD:GnuTLS 錯誤 -12:已收到 TLS 致命警報
所以現在我正在嘗試為 FTP(e)S 配置 vsftpd 伺服器。看來我遇到了不同客戶的問題。安全 FTPD 對我來說很好用。Filezilla 沒有。
Filezilla 的輸出
tatus: Connecting to foo:21... Status: Connection established, waiting for welcome message... Trace: CFtpControlSocket::OnReceive() Response: 220 "Welcome to FTP!" Trace: CFtpControlSocket::SendNextCommand() Command: AUTH TLS Trace: CFtpControlSocket::OnReceive() Response: 234 Proceed with negotiation. Status: Initializing TLS... Trace: CTlsSocket::Handshake() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::OnSend() Trace: CTlsSocket::OnRead() Trace: CTlsSocket::ContinueHandshake() Trace: CTlsSocket::Failure(-12, 53) Trace: GnuTLS alert 40: Handshake failed Error: GnuTLS error -12: A TLS fatal alert has been received.
從 vsftpd 粘貼:
# Could be whatever you like, or 990 if you want to use the now-deprecated ftps port. listen_port=21 # Limit passive ports to this range to assis firewalling pasv_min_port=30000 pasv_max_port=30003 #May be needed to help packets through some NAT/firewall setups. The address # is the external ip of the machine, assuming it is a static one. pasv_address= "foo" ---> we NAT everything so this has the EXTERNAL IP # Set to ssl_enable=YES if you want to enable SSL ssl_enable=YES anon_mkdir_write_enable=NO anon_root=/srv/ftp anon_upload_enable=NO idle_session_timeout=900 log_ftp_protocol=YES pasv_enable=YES ssl_sslv2=NO ssl_sslv3=NO ssl_tlsv1=YES # Path to the certificate and key files (which should be the same file) rsa_cert_file=/etc/vsftpd2.pem rsa_private_key_file=/etc/vsftpd2.pem # No ssl for bad boys #allow_anon_ssl=NO # All local logins (i.e. non-anonymous) are forced to use ssl. force_local_data_ssl=NO #force_local_logins_ssl=YES #dsa_cert_file=/etc/vsftpd.pem require_ssl_reuse=NO
所以問題是:這裡出了什麼問題?順便說一句:我也不完全確定 ftps 和 ftpEs 之間有什麼區別
謝謝
好的,找到了。顯然,最新的 filezilla 3.5 客戶端和 ftps 之間存在一些奇怪的行為。
對於 vsftpd,解決方案只是在 vsftpd.conf 文件中添加:ssl_ciphers=HIGH
我不確定我是否也被允許發布此內容,但在 filezilla 論壇中對此存在威脅。
http://forum.filezilla-project.org/viewtopic.php?f=2&t=23280
如果
chroot_local_user=yes
使用則ssl_ciphers=HIGH
不會工作。