Discussion:
Does lftp 4.4.0 support ftps server other than port 990?
depig
2013-01-02 04:04:28 UTC
Permalink
HI,

My ftps server is IIS 7.5. It's original port is 990. For some reason, it's
port is changed to 9990.

lftp works well with ftps:990. However, when I change the port number on
IIS 7.5 from 990 to 9990, It doesn't work any more.
Here is the debug message:

--------------------------------------------------------------
***@ubuntu:~# lftp ftps://user1:***@192.168.200.77:9990
lftp ***@192.168.200.77:~> debug 20
lftp ***@192.168.200.77:~> ls
FileCopy(0x9cd6438) enters state INITIAL
FileCopy(0x9cd6438) enters state DO_COPY
---- dns cache hit
---- Connecting to 192.168.200.77 (192.168.200.77) port 9990
GNUTLS: REC[0x9f20308]: Allocating epoch #0
GNUTLS: REC[0x9f20308]: Allocating epoch #1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
GNUTLS: HSK[0x9f20308]: Keeping ciphersuite: RSA_ARCFOUR_MD5
GNUTLS: EXT[0x9f20308]: Sending extension SAFE RENEGOTIATION (1 bytes)
GNUTLS: EXT[SIGA]: sent signature algo (4.2) DSA-SHA256
GNUTLS: EXT[SIGA]: sent signature algo (4.1) RSA-SHA256
GNUTLS: EXT[SIGA]: sent signature algo (2.1) RSA-SHA1
GNUTLS: EXT[SIGA]: sent signature algo (2.2) DSA-SHA1
GNUTLS: EXT[0x9f20308]: Sending extension SIGNATURE ALGORITHMS (10 bytes)
GNUTLS: HSK[0x9f20308]: CLIENT HELLO was sent [112 bytes]
GNUTLS: REC[0x9f20308]: Sending Packet[0] Handshake(22) with length: 112
GNUTLS: REC[0x9f20308]: Sent Packet[1] Handshake(22) with length: 117
**** gnutls_handshake: An unexpected TLS packet was received.
---- Closing control socket
GNUTLS: REC[0x9f20308]: Epoch #0 freed
GNUTLS: REC[0x9f20308]: Epoch #1 freed
ls: Fatal error: gnutls_handshake: An unexpected TLS packet was received.
--------------------------------------------------------------

If I use Filezilla 3.6.0.2 to test the same ftps server, it will ask for
certificate and can work.

1. Does it because lftp support ftps on port 990 only?
Because if I treat the server as a normal ftp server with port 9990 by
command: lftp ftp://192.168.200.77:9990, it works fine.

2. Could it be certificate problem?
I mean, lftp has saved some certification information from the server
(which is listening port 990 before), and found the saved certification
doesn't match the same server with new port 9990.

Thanks for reading this post.

depig

--------------------------------------------------------------
p.s.: my setting on lftp
set bmk:auto-sync yes
set bmk:save-passwords no
set cache:cache-empty-listings no
set cache:enable yes
set cache:expire 60m
set cache:expire-negative 1m
set cache:size 16M
set cmd:at-exit ""
set cmd:at-exit-bg ""
set cmd:at-finish ""
set cmd:at-queue-finish ""
set cmd:cls-completion-default -FB
set cmd:cls-default -F
set cmd:csh-history off
set cmd:default-protocol ftp
set cmd:default-title "lftp \\h:\\w"
set cmd:fail-exit no
set cmd:interactive no
set cmd:long-running 30
set cmd:ls-default ""
set cmd:move-background yes
set cmd:move-background-detach yes
set cmd:parallel 1
set cmd:prompt "lftp \\S\\? \\u\\@\\h:\\w> "
set cmd:queue-parallel 1
set cmd:remote-completion on
set cmd:save-cwd-history yes
set cmd:save-rl-history yes
set cmd:set-term-status no
set cmd:status-interval 0.8s
set cmd:stifle-rl-history 500
set cmd:term-status ""
set cmd:term-status/*rxvt* "\\e[11;0]\\e]2;\\T\\007\\e[11]"
set cmd:term-status/*screen* \\e_\\T\\e\\
set cmd:term-status/*xterm* "\\e[11;0]\\e]2;\\T\\007\\e[11]"
set cmd:time-style "%b %e %Y|%b %e %H:%M"
set cmd:trace no
set cmd:verbose no
set cmd:verify-host yes
set cmd:verify-path yes
set cmd:verify-path-cached no
set color:dir-colors
"rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:"
set color:use-color auto
set dns:SRV-query no
set dns:cache-enable yes
set dns:cache-expire 1h
set dns:cache-size 256
set dns:fatal-timeout 7d
set dns:max-retries 1000
set dns:order "inet6 inet"
set dns:use-fork yes
set file:charset UTF-8
set fish:charset ""
set fish:connect-program "ssh -a -x"
set fish:shell /bin/sh
set ftp:abor-max-wait 15s
set ftp:acct ""
set ftp:anon-pass lftp@
set ftp:anon-user anonymous
set ftp:auto-passive-mode yes
set ftp:auto-sync-mode "icrosoft FTP Service|MadGoat|MikroTik"
set ftp:bind-data-socket yes
set ftp:charset ""
set ftp:client lftp/4.4.0
set ftp:device-prefix no
set ftp:fix-pasv-address yes
set ftp:fxp-force no
set ftp:fxp-passive-source no
set ftp:fxp-passive-sscn yes
set ftp:home ""
set ftp:ignore-pasv-address no
set ftp:lang ""
set ftp:list-empty-ok no
set ftp:list-options ""
set ftp:netkey-allow yes
set ftp:nop-interval 120
set ftp:passive-mode on
set ftp:port-ipv4 ""
set ftp:port-range full
set ftp:prefer-epsv no
set ftp:proxy ""
set ftp:proxy-auth-type user
set ftp:rest-list no
set ftp:rest-stor yes
set ftp:retry-530 "too many|overloaded|try (again |back )?later|is
restricted to|maximum number|number of connect|only.*session.*allowed|more
connection|already connected|simultaneous login"
set ftp:retry-530-anonymous "Login incorrect"
set ftp:site-group ""
set ftp:skey-allow yes
set ftp:skey-force no
set ftp:ssl-allow yes
set ftp:ssl-allow-anonymous no
set ftp:ssl-auth TLS
set ftp:ssl-copy-sid yes
set ftp:ssl-data-use-keys yes
set ftp:ssl-force no
set ftp:ssl-protect-data no
set ftp:ssl-protect-fxp no
set ftp:ssl-protect-list yes
set ftp:ssl-shutdown-timeout 5
set ftp:ssl-use-ccc no
set ftp:stat-interval 1
set ftp:sync-mode on
set ftp:sync-mode/ftp.idsoftware.com on
set ftp:sync-mode/ftp.microsoft.com on
set ftp:sync-mode/sunsolve.sun.com on
set ftp:timezone GMT
set ftp:trust-feat no
set ftp:use-abor yes
set ftp:use-allo yes
set ftp:use-feat yes
set ftp:use-fxp yes
set ftp:use-hftp yes
set ftp:use-ip-tos no
set ftp:use-mdtm yes
set ftp:use-mdtm-overloaded no
set ftp:use-mlsd no
set ftp:use-pret yes
set ftp:use-quit yes
set ftp:use-site-chmod yes
set ftp:use-site-idle no
set ftp:use-site-utime yes
set ftp:use-site-utime2 yes
set ftp:use-size yes
set ftp:use-stat yes
set ftp:use-stat-for-list no
set ftp:use-telnet-iac yes
set ftp:use-tvfs auto
set ftp:verify-address no
set ftp:verify-port no
set ftp:waiting-150-timeout 5
set ftp:web-mode off
set ftps:initial-prot ""
set hftp:cache yes
set hftp:cache-control ""
set hftp:proxy ""
set hftp:use-allprop no
set hftp:use-authorization yes
set hftp:use-head yes
set hftp:use-mkcol no
set hftp:use-propfind no
set hftp:use-type yes
set http:accept */*
set http:accept-charset ""
set http:accept-language ""
set http:authorization ""
set http:cache yes
set http:cache-control ""
set http:cookie ""
set http:post-content-type application/x-www-form-urlencoded
set http:proxy ""
set http:put-content-type ""
set http:put-method PUT
set http:referer ""
set http:set-cookies no
set http:use-allprop no
set http:use-mkcol yes
set http:use-propfind no
set http:user-agent lftp/4.4.0
set https:proxy ""
set mirror:dereference no
set mirror:exclude-regex "(^|/)(\\.in\\.|\\.nfs)"
set mirror:include-regex ""
set mirror:no-empty-dirs no
set mirror:order "*.sfv *.sig *.md5* *.sum * */"
set mirror:parallel-directories yes
set mirror:parallel-transfer-count 1
set mirror:set-permissions yes
set mirror:skip-noaccess no
set mirror:use-pget-n 1
set module:path /usr/local/lib/lftp/4.4.0:/usr/local/lib/lftp
set net:connection-limit 0
set net:connection-takeover yes
set net:idle 3m
set net:limit-max 0
set net:limit-rate 0:0
set net:limit-total-max 0
set net:limit-total-rate 0:0
set net:max-retries 1000
set net:no-proxy ""
set net:persist-retries 0
set net:reconnect-interval-base 30
set net:reconnect-interval-max 600
set net:reconnect-interval-multiplier 1.5
set net:socket-bind-ipv4 ""
set net:socket-bind-ipv6 ""
set net:socket-buffer 0
set net:socket-maxseg 0
set net:timeout 5m
set pget:default-n 5
set pget:save-status 10s
set sftp:charset ""
set sftp:connect-program "ssh -a -x"
set sftp:max-packets-in-flight 16
set sftp:protocol-version 6
set sftp:server-program sftp
set sftp:size-read 32k
set sftp:size-write 32k
set sftp:use-full-path yes
set ssl:ca-file /etc/ssl/certs/ca-certificates.crt
set ssl:cert-file ""
set ssl:check-hostname yes
set ssl:crl-file ""
set ssl:key-file ""
set ssl:verify-certificate no
set torrent:ip ""
set torrent:ipv6 ""
set torrent:max-peers 60
set torrent:port-range 6881-6889
set torrent:retracker ""
set torrent:seed-max-time 30d
set torrent:seed-min-peers 3
set torrent:stop-on-ratio 2.0
set torrent:use-dht yes
set xfer:auto-rename no
set xfer:buffer-size 0x10000
set xfer:clobber no
set xfer:destination-directory ""
set xfer:disk-full-fatal no
set xfer:eta-period 120
set xfer:eta-terse yes
set xfer:log yes
set xfer:log-file ""
set xfer:make-backup yes
set xfer:max-redirections 10
set xfer:rate-period 15
set xfer:verify no
set xfer:verify-command /usr/local/share/lftp/verify-file
t***@ubal.to
2013-01-02 12:39:41 UTC
Permalink
hi,
I'm trying to connect to the proftpd server:
---> USER tloudev
<--- 331 Password required for tloudev
---> PASS XXXX
<--- 230 User tloudev logged in
---> PWD
<--- 230 Ls oi a:2013-01-02 13:18:34
---> PBSZ 0
<--- 257 "/" is the current directory
---> PROT P
<--- 200 PBSZ 0 successful
---> PASV
<--- 200 Protection set to Private
---> LIST
---> ABOR

...then lftp tries to reconnect, but the second time without passive mode:

---> PWD
<--- 230 Ls oi a:2013-01-02 13:22:41
---> PBSZ 0
<--- 257 "/" is the current directory
---> PROT P
<--- 200 PBSZ 0 successful
---> PORT 192,168,1,156,142,145
<--- 200 Protection set to Private
---> LIST
<--- 500 Illegal PORT command

Maybe it's fault on the server side I'd like to know the reason, why the
lftp send "LIST" followed by "ABOR" and disables the passive mode.

The only setting I have in my ~/.lftpd/rc is set ftp:passive-mode on
I use lftp 4.3.5 (linux mint 12)
Thank you
O.Pachner
Alexander V. Lukyanov
2013-01-03 18:50:46 UTC
Permalink
Post by t***@ubal.to
hi,
---> USER tloudev
<--- 331 Password required for tloudev
---> PASS XXXX
<--- 230 User tloudev logged in
---> PWD
<--- 230 Ls oi a:2013-01-02 13:18:34
---> PBSZ 0
<--- 257 "/" is the current directory
It's a broken ftp server which sends two "230" replies thus causing
protocol desynchronization.
--
Alexander.
t***@ubal.to
2013-01-04 10:37:54 UTC
Permalink
hi,
thank you for reply, the solution was upgrade proftpd to 1.3.4a (wheezy)
O.P.
Post by Alexander V. Lukyanov
Post by t***@ubal.to
hi,
---> USER tloudev
<--- 331 Password required for tloudev
---> PASS XXXX
<--- 230 User tloudev logged in
---> PWD
<--- 230 Ls oi a:2013-01-02 13:18:34
---> PBSZ 0
<--- 257 "/" is the current directory
It's a broken ftp server which sends two "230" replies thus causing
protocol desynchronization.
Alexander V. Lukyanov
2013-01-03 18:53:04 UTC
Permalink
Post by depig
1. Does it because lftp support ftps on port 990 only?
Because if I treat the server as a normal ftp server with port 9990 by
command: lftp ftp://192.168.200.77:9990, it works fine.
I bet you should use the above URL, apparently the ftp server on port 9990
uses explicit TLS negotiation.
--
Alexander.
Loading...