sftp+passive connections = Access Violation

[ggiunta]

If I enable pasv mode for an ftps connection, I get this error:

A.V. at 01D6ADF. Read of 02FC40E4

bye
gaetano

[pirlouit]

I am not sure about how to configure Totalcmd for ftps connection...
Perhaps should it be indicated in the user interface.

[ghisler(Author)]

2ggiunta
Not confirmed. What server? Can you give me a test account with no write rights, please?

Could you try with ftps://www.ghisler.ch please? Use anonymous login. The server doesn't have a signed certificate, though.

[pirlouit]

Hello Christian,
when i use ftps://www.ghisler.ch as address for the new ftp entry in the GUI, it become www.ghisler.ch when i edit it.

There is nowhere an information giving me the assurance that i am in secured ftp.
Moreover, it seems that the secured way has not been choosen by TotalCmd.

Here is the log:

Code: Select all

----------
Connect to: (22/11/2006 17:30:33)
hostname=www.ghisler.ch
username=anonymous
startdir=
www.ghisler.ch=204.157.1.65
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 5 of 50 allowed.
220-Local time is now 11:30. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
USER anonymous
230 Anonymous user logged in
SYST
215 UNIX Type: L8
FEAT
211-Extensions supported:
 EPRT
 IDLE
 MDTM
 SIZE
 REST STREAM
 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
 MLSD
 ESTP
 PASV
 EPSV
 SPSV
 ESTA
 AUTH TLS
 PBSZ
 PROT
211 End.
Connect ok!
PWD
257 "/" is your current location
Lire le répertoire
TYPE A
200 TYPE is now ASCII
PORT 194,73,202,201,12,242
200 PORT command successful
LIST
150 Connecting to port 3314
Téléchargé(s)
En attente du serveur...
226-Options: -a -l 
226 3 matches total

For my understanding (and testing behaviour), is it enough to have a sshd daemon running on the server to have a ftps connection established?

[pirlouit]

Oops,
sorry, 'just saw on wikipedia the meaning of TLS:
http://fr.wikipedia.org/wiki/File_Transfer_Protocol_over_SSL#FTP_avec_chiffrement_TLS_explicite

I will test with ethereal to see if it is well ciphered (e.g.: verify that passwd is not in clear).

Result will come.
++
_Pirlouit

[pirlouit]

I do not understand.
You server is a ftp with TLS feature, meaning it use ssh to transparently cipher the traffic.
I tried to ftps://www.ghisler.ch/ using not anonymous user anymore, but guest and as password: riri.
(Yes, I expected to get a login failure )

But on ethereal, the password was sent by my workstation in clear:

Code: Select all

0000  00 11 0a 5d 60 d4 00 0f  20 fa 35 0e 08 00 45 00   ...]`...  .5...E.
0010  00 33 0d 73 40 00 80 06  00 00 c1 4a cd ca cc 9d   .3.s@... ...J....
0020  01 41 0d 47 00 15 93 3f  df c0 e4 e0 94 2b 50 18   .A.G...? .....+P.
0030  f9 fe 5d 19 00 00 50 41  53 53 20 72 69 72 69 0d   ..]...PA SS riri.
0040  0a                                                 .  

Could you explain that?
The only thing that should be very well ciphered is from my point of view the password, isn't it?
Or perhaps am i doing something wrong.
_Pirlouit

[Hacker]

pirlouit,

You server is a ftp with TLS feature, meaning it use ssh to transparently cipher the traffic.

SSH has nothing to do with that.

Roman

[ghisler(Author)]

when i use ftps://www.ghisler.ch as address for the new ftp entry in the GUI, it become www.ghisler.ch when i edit it.

Your log doesn't show an ftps connection. Are you sure that you entered ftps://www.ghisler.ch and not just www.ghisler.ch in Ctrl+N or Ctrl+F?

It should then look like this:

Code: Select all

Connect to: (23.11.2006 12:13:08)
hostname=www.ghisler.ch
username=anonymous
startdir=
www.ghisler.ch=204.157.1.65
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 9 of 50 allowed.
220-Local time is now 06:13. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
AUTH TLS
234 AUTH TLS OK.
Cert subject: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=gandalf.dewahost.net/emailAddress=ssl@cpanel.net
Cert issuer: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=gandalf.dewahost.net/emailAddress=ssl@cpanel.net
USER anonymous
...

[pirlouit]

yes, i am sure.
But i will re-test to be certain.
Problem is that i cannot verify that i have encoded ftps:// because it is not displayed in the ftp window. It is just mentioned: www.ghisler.ch

[ghisler(Author)]

You can see whether you have an encrypted connection by the locker icon to the left of the text "FTP". If there is no icon, the connection is unencrypted. If the locker is open, the connection is encrypted, but the server certificate is invalid or couldn't be verified. If the locker is closed, then the connection is secure and verified.

Btw, do you have the openssl dlls installed?

[pirlouit]

Here is a way to reproduce the bug:

• type CTRL-F
  click on "New URL" ("Nouvelle URL", because i use french language)
  paste your ftps address ("ftps://mysite.com")
  name the new entry "ffff"
  let us edit now this new entry: ffff

You should confirm that ftps prefix is not present before the "mysite.com" address. Then naturally, totalcmd use the not secured ftp connection.

I have tried with CTRL-N, and with that, it works. the ftps prefix is kept.

Cheers,

[ghisler(Author)]

Ah, thanks for the hint - indeed this way it isn't stored. If you use "New connection" instead of "new URL", it will be stored. I will correct that.

[ggiunta]

OK, original bug unconfirmed indeed.
I tested on ftps.ghisler.com and all was fine, with PASV both on and off.
I must have been messing up playing around with dlls...

Still out of luck tough, as on intranet we are only deploying ssh for administration of unix boxen, and thus I would need sftp instead of ftps...

[ghisler(Author)]

Just use the sftp plugin.