Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Error conecting via FTPS with TLS #1785

Open
2 tasks done
pedroponte opened this issue Oct 17, 2024 · 1 comment
Open
2 tasks done

[Bug]: Error conecting via FTPS with TLS #1785

pedroponte opened this issue Oct 17, 2024 · 1 comment
Labels
support request request for free support. Check out our support policy

Comments

@pedroponte
Copy link

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration issue.
  • This issue is not already reported on Github (I've searched it).

Bug description

Whilst the normal FTP connection works, the FTP with TLS and Let's encrypt certificates is not working.

Any help would be appreciated. Many thanks

Steps to reproduce

Client connection
Screenshot 2024-10-17 at 17 21 05

Server settings
Screenshot 2024-10-17 at 17 23 15

Expected behavior

Allow connections via FTPs

SFTPGo version

SFTPGo 2.6.2 636a1c2

Data provider

sqlite

Installation method

Community Docker image

Configuration

sftpgo.json config
{
"common": {
"idle_timeout": 15,
"upload_mode": 0,
"actions": {
"execute_on": [],
"execute_sync": [],
"hook": ""
},
"setstat_mode": 0,
"rename_mode": 0,
"resume_max_size": 0,
"temp_path": "",
"proxy_protocol": 0,
"proxy_allowed": [],
"proxy_skipped": [],
"startup_hook": "",
"post_connect_hook": "",
"post_disconnect_hook": "",
"data_retention_hook": "",
"max_total_connections": 0,
"max_per_host_connections": 20,
"allowlist_status": 0,
"allow_self_connections": 0,
"umask": "",
"server_version": "",
"metadata": {
"read": 0
},
"defender": {
"enabled": false,
"driver": "memory",
"ban_time": 30,
"ban_time_increment": 50,
"threshold": 15,
"score_invalid": 2,
"score_valid": 1,
"score_limit_exceeded": 3,
"score_no_auth": 0,
"observation_time": 30,
"entries_soft_limit": 100,
"entries_hard_limit": 150,
"login_delay": {
"success": 0,
"password_failed": 1000
}
},
"rate_limiters": [
{
"average": 0,
"period": 1000,
"burst": 1,
"type": 2,
"protocols": [
"SSH",
"FTP",
"DAV",
"HTTP"
],
"generate_defender_events": false,
"entries_soft_limit": 100,
"entries_hard_limit": 150
}
]
},
"acme": {
"domains": [],
"email": "",
"key_type": "4096",
"certs_path": "certs",
"ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory",
"renew_days": 30,
"http01_challenge": {
"port": 80,
"proxy_header": "",
"webroot": ""
},
"tls_alpn01_challenge": {
"port": 0
}
},
"sftpd": {
"bindings": [
{
"port": 2022,
"address": "",
"apply_proxy_config": true
}
],
"max_auth_tries": 0,
"host_keys": [],
"host_certificates": [],
"host_key_algorithms": [],
"kex_algorithms": [],
"min_dh_group_exchange_key_size": 2048,
"ciphers": [],
"macs": [],
"public_key_algorithms": [],
"trusted_user_ca_keys": [],
"revoked_user_certs_file": "",
"login_banner_file": "",
"enabled_ssh_commands": [
"md5sum",
"sha1sum",
"sha256sum",
"cd",
"pwd",
"scp"
],
"keyboard_interactive_authentication": true,
"keyboard_interactive_auth_hook": "",
"password_authentication": true,
"folder_prefix": ""
},
"ftpd": {
"bindings": [
{
"port": "2121",
"address": "",
"apply_proxy_config": true,
"tls_mode": "1",
"tls_session_reuse": 0,
"certificate_file": "/etc/sftpgo/certs/ftp.domain.com.crt",
"certificate_key_file": "/etc/sftpgo/certs/ftp.domain.com.key",
"min_tls_version": 12,
"force_passive_ip": "",
"passive_ip_overrides": [],
"passive_host": "",
"client_auth_type": 0,
"tls_cipher_suites": [],
"passive_connections_security": 0,
"active_connections_security": 0,
"ignore_ascii_transfer_type": 0,
"debug": true
}
],
"banner_file": "",
"active_transfers_port_non_20": true,
"passive_port_range": {
"start": 50000,
"end": 50100
},
"disable_active_mode": true,
"enable_site": false,
"hash_support": 0,
"combine_support": 0,
"certificate_file": "",
"certificate_key_file": "",
"ca_certificates": [],
"ca_revocation_lists": []
},
"webdavd": {
"bindings": [
{
"port": 0,
"address": "",
"enable_https": false,
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"client_auth_type": 0,
"tls_cipher_suites": [],
"tls_protocols": [],
"prefix": "",
"proxy_allowed": [],
"client_ip_proxy_header": "",
"client_ip_header_depth": 0,
"disable_www_auth_header": false
}
],
"certificate_file": "/etc/sftpgo/certs/ftp.domain.com.crt",
"certificate_key_file": "/etc/sftpgo/certs/ftp.domain.com.key",
"ca_certificates": [],
"ca_revocation_lists": [],
"cors": {
"enabled": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 0,
"options_passthrough": false,
"options_success_status": 0,
"allow_private_network": false
},
"cache": {
"users": {
"expiration_time": 0,
"max_size": 50
},
"mime_types": {
"enabled": true,
"max_size": 1000,
"custom_mappings": []
}
}
},
"data_provider": {
"driver": "sqlite",
"name": "sftpgo.db",
"host": "",
"port": 0,
"username": "",
"password": "",
"sslmode": 0,
"disable_sni": false,
"target_session_attrs": "",
"root_cert": "",
"client_cert": "",
"client_key": "",
"connection_string": "",
"sql_tables_prefix": "",
"track_quota": 2,
"delayed_quota_update": 0,
"pool_size": 0,
"users_base_dir": "/srv/sftpgo/data",
"actions": {
"execute_on": [],
"execute_for": [],
"hook": ""
},
"external_auth_hook": "",
"external_auth_scope": 0,
"pre_login_hook": "",
"post_login_hook": "",
"post_login_scope": 0,
"check_password_hook": "",
"check_password_scope": 0,
"password_hashing": {
"bcrypt_options": {
"cost": 10
},
"argon2_options": {
"memory": 65536,
"iterations": 1,
"parallelism": 2
},
"algo": "bcrypt"
},
"password_validation": {
"admins": {
"min_entropy": 0
},
"users": {
"min_entropy": 0
}
},
"password_caching": true,
"update_mode": 0,
"create_default_admin": false,
"naming_rules": 5,
"is_shared": 0,
"node": {
"host": "",
"port": 0,
"proto": "http"
},
"backups_path": "/srv/sftpgo/backups"
},
"httpd": {
"bindings": [
{
"port": 8080,
"address": "",
"enable_web_admin": true,
"enable_web_client": true,
"enable_rest_api": true,
"enabled_login_methods": 0,
"enable_https": false,
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"client_auth_type": 0,
"tls_cipher_suites": [],
"tls_protocols": [],
"proxy_allowed": [],
"client_ip_proxy_header": "",
"client_ip_header_depth": 0,
"hide_login_url": 0,
"render_openapi": true,
"oidc": {
"client_id": "",
"client_secret": "",
"client_secret_file": "",
"config_url": "",
"redirect_base_url": "",
"scopes": [
"openid",
"profile",
"email"
],
"username_field": "",
"role_field": "",
"implicit_roles": false,
"custom_fields": [],
"insecure_skip_signature_check": false,
"debug": false
},
"security": {
"enabled": false,
"allowed_hosts": [],
"allowed_hosts_are_regex": false,
"hosts_proxy_headers": [],
"https_redirect": false,
"https_host": "",
"https_proxy_headers": [],
"sts_seconds": 0,
"sts_include_subdomains": false,
"sts_preload": false,
"content_type_nosniff": false,
"content_security_policy": "",
"permissions_policy": "",
"cross_origin_opener_policy": ""
},
"branding": {
"web_admin": {
"name": "",
"short_name": "",
"favicon_path": "",
"logo_path": "",
"disclaimer_name": "",
"disclaimer_path": "",
"default_css": [],
"extra_css": []
},
"web_client": {
"name": "",
"short_name": "",
"favicon_path": "",
"logo_path": "",
"disclaimer_name": "",
"disclaimer_path": "",
"default_css": [],
"extra_css": []
}
}
}
],
"templates_path": "templates",
"static_files_path": "static",
"openapi_path": "openapi",
"web_root": "",
"certificate_file": "",
"certificate_key_file": "",
"ca_certificates": [],
"ca_revocation_lists": [],
"signing_passphrase": "",
"signing_passphrase_file": "",
"token_validation": 0,
"max_upload_file_size": 0,
"cors": {
"enabled": false,
"allowed_origins": [],
"allowed_methods": [],
"allowed_headers": [],
"exposed_headers": [],
"allow_credentials": false,
"max_age": 0,
"options_passthrough": false,
"options_success_status": 0,
"allow_private_network": false
},
"setup": {
"installation_code": "",
"installation_code_hint": "Installation code"
},
"hide_support_link": false
},
"telemetry": {
"bind_port": 0,
"bind_address": "127.0.0.1",
"enable_profiler": false,
"auth_user_file": "",
"certificate_file": "",
"certificate_key_file": "",
"min_tls_version": 12,
"tls_cipher_suites": [],
"tls_protocols": []
},
"http": {
"timeout": 20,
"retry_wait_min": 2,
"retry_wait_max": 30,
"retry_max": 3,
"ca_certificates": [],
"certificates": [],
"skip_tls_verify": false,
"headers": []
},
"command": {
"timeout": 30,
"env": [],
"commands": []
},
"kms": {
"secrets": {
"url": "",
"master_key": "",
"master_key_path": ""
}
},
"mfa": {
"totp": [
{
"name": "Default",
"issuer": "SFTPGo",
"algo": "sha1"
}
]
},
"smtp": {
"host": "",
"port": 587,
"from": "",
"user": "",
"password": "",
"auth_type": 0,
"encryption": 0,
"domain": "",
"templates_path": "templates",
"debug": 0,
"oauth2": {
"provider": 0,
"tenant": "",
"client_id": "",
"client_secret": "",
"refresh_token": ""
}
},
"plugins": []
}

Relevant log output

Error log - IPs ommited

2024-10-17T15:29:53.621 DBG Client connected | sender=ftpserverlib server_id=FTP_0 clientId=1 clientIp=1x.yy.yy.6:63261 
2024-10-17T15:29:53.623 DBG connection added, local address "1xx.1x.0.2:2121", remote address "1x.yy.yy.6:63261", num open connections: 1 | sender=FTP connection_id=FTP_0_1 
2024-10-17T15:29:53.652 ERR Read error | sender=ftpserverlib server_id=FTP_0 clientId=1 err=tls: client offered only unsupported versions: [302 301] 
2024-10-17T15:29:53.652 DBG connection removed, local address "1xx.1x.0.2:2121", remote address "1x.yy.yy.6:63261" close fs error: <nil>, num open connections: 0 | sender=FTP connection_id=FTP_0_1 
2024-10-17T15:29:53.652 DBG | sender=connection_failed client_ip=1x.yy.yy.6 username= login_type=no_auth_tried protocol=FTP error=no auth tried 
2024-10-17T15:29:53.652 DBG Client disconnected | sender=ftpserverlib server_id=FTP_0 clientId=1 clientIp=1x.yy.yy.6:63261

What are you using SFTPGo for?

Private user, home usecase (home backup/VPS)

Additional info

No response

@pedroponte pedroponte added the bug Something isn't working label Oct 17, 2024
@pedroponte
Copy link
Author

@drakkan FYA please, TIA!

@drakkan drakkan added support request request for free support. Check out our support policy and removed bug Something isn't working labels Oct 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
support request request for free support. Check out our support policy
Projects
None yet
Development

No branches or pull requests

3 participants
@drakkan @pedroponte and others