I am activating proftpd service with encrypted connection.
For to do so, I’ve created the file /etc/proftpd/conf.d/sftp.conf:
# If mod_tls was built as a shared/DSO module, load it
# Support both SSLv3 and TLSv1
TLSProtocol SSLv3 TLSv1
# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
# Authenticate clients that want to use FTP over TLS?
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
# Enable compression
Following these guidelines: http://www.proftpd.org/docs/howto/TLS.html
Now if I try to connect to server.sio4.org with username and password, from (for example) ftp client Filezilla it asks me to recognize two certificate:
Where I’m wrong?
This ticket makes me think that FileZilla simply doesn’t have the concept of trusted root certificates. In other words, manually comparing the certificate fingerprint with one you have received out of band is the canonical way of using TLS in FileZilla.
(If you can make SFTP work for your use-case, I’d personally go with that.)
Filezilla client is kinda strange on certificates because it does not validate them itself. It relies on the user to validate them manually. Given the history of the client shipping with adware/malware and the fact that it doesn’t bother validating certificates, I’d advise against using that software.
I tested using a different client (Transmit on macOS) and had no problems or warnings connecting. I also tried connecting using Cyberduck and WinSCP (both on Windows 10) and additionally had no issues with the certs. Obviously, I couldn’t login because I don’t have an account, but the encryption comes before that step.
interesting, now this point my question changes:
could you suggest me a valid ftp client for Linux desktop?
I’m partial to LFTP, but that’s command-line only. It’s very powerful, though.
For GUI, gFTP works great despite its age. Both Konqueror (KDE) and Nautilus (GNOME) should work fine as well. Alternately, FireFTP, a plugin for Firefox that embeds a full GUI FTP client, should be quite fine.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.