• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

FTP Login: Error 425

R

resper

New Pleskian
Hello,

when I try to upload a file with a ftp client or with the build in ftp solution from my editor, it look like this:

PORT 192,168,188,22,253,21
200 PORT command successful
STOR index.html.new
425 Unable to build data connection: Keine Berechtigung
Click to expand...

I found some article about this problem, the solution should be to use TLS/SSL
I changed my config file like used this instructions: http://kb.odin.com/en/2207

This is my Proftpd confog file:

Code: 
ServerName                      "ProFTPD"
#ServerType                     standalone
ServerType                      inetd
DefaultServer                   on

<Global>
DefaultRoot     ~               psacln
AllowOverwrite          on
<IfModule mod_tls.c>
        # common settings for all virtual hosts
        TLSEngine on
        TLSLog /var/log/plesk/ftp_tls.log
        TLSProtocol SSLv23

        TLSRequired off

        TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
        TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem

        # Authenticate clients that want to use FTP over TLS?
        TLSVerifyClient off

        # Allow SSL/TLS renegotiations when the client requests them, but
        # do not force the renegotations.  Some clients do not support
        # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
        # clients will close the data connection, or there will be a timeout
        # on an idle data connection.
        TLSRenegotiate required off

        # As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
        # that reuse the SSL session of the control connection, as a security measure.
        # Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
        #TLSOptions NoSessionReuseRequired
</IfModule>
</Global>

DefaultTransferMode     binary
UseFtpUsers                     on

TimesGMT                        off
SetEnv TZ :/etc/localtime
# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.

#Include directive should point to place where FTP Virtual Hosts configurations
#preserved

ScoreboardFile /var/run/proftpd.scoreboard

# Primary log file mest be outside of system logrotate province

TransferLog /var/log/plesk/xferlog

#Change default group for new files and directories in vhosts dir to psacln

<Directory /var/www/vhosts>
        GroupOwner      psacln
</Directory>

# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd

IdentLookups off
UseReverseDNS off

AuthGroupFile   /etc/group

Include /etc/proftpd.d/*.conf

I changed the Encryption option in my ftp client to: Explecit FTP using TLS

But I get the same error again.

but
 
Hello resper,

Please check that ports 20,21 and passive ports are opened and not filtered by firewall.
 
Code: 
 firewall-cmd --zone=public --list-ports
110/tcp 80/tcp 21/tcp 53/tcp 990/tcp 5432/tcp 8447/tcp 113/tcp 143/tcp 3306/tcp 5224/tcp 22/tcp 465/tcp 995/tcp 25/tcp 8443/tcp 993/tcp 443/tcp 8880/tcp 587/tcp 20/tcp 53/udp
 
Hello, this article is outdated, SSLv2 and 3 are not used anymore. The configuration should be default one and if it is not Plesk 12.5, these protocols should be added:

TLSProtocol TLSv1 TLSv1.1 TLSv1.2

In Plesk 12.5 it is added by default.
 
I think that ipilipenko pointed to the right Problem. If you use passive FTP you have to define the allowed passive Ports and open them in the Firewall. I added the following just above the </Global> Tag:

PassivePorts 60000 60200
Click to expand...

and than you have to open Ports 60000 to 60200 in the firewall
 
I go back to the installed config file:

Code: 
ServerName                      "ProFTPD"
#ServerType                     standalone
ServerType                      inetd
DefaultServer                   on

<Global>
DefaultRoot     ~               psacln
AllowOverwrite          on
<IfModule mod_tls.c>
        # common settings for all virtual hosts
        TLSEngine on
        TLSRequired off

        TLSLog /var/log/plesk/ftp_tls.log

        TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
        TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem

        # Authenticate clients that want to use FTP over TLS?
        TLSVerifyClient off

        # Allow SSL/TLS renegotiations when the client requests them, but
        # do not force the renegotations.  Some clients do not support
        # SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
        # clients will close the data connection, or there will be a timeout
        # on an idle data connection.
        TLSRenegotiate none

        # As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
        # that reuse the SSL session of the control connection, as a security measure.
        # Unfortunately, there are some clients (e.g. curl) which do not reuse SSL sessions.
        TLSOptions NoSessionReuseRequired
</IfModule>
</Global>


DefaultTransferMode     binary
UseFtpUsers                     on

TimesGMT                        off
SetEnv TZ :/etc/localtime
Port                            21
Umask                           022

MaxInstances                    30

ScoreboardFile /var/run/proftpd.scoreboard
TransferLog /var/log/plesk/xferlog
<Directory /var/www/vhosts>
        GroupOwner      psacln
</Directory>
AuthPAM on
AuthPAMConfig proftpd

IdentLookups off
UseReverseDNS off

AuthGroupFile   /etc/group

Include /etc/proftpd.d/*.conf

Also add PassivePorts 60000 60200 above </Global> has no effect.

Always:

Status: Resolving address of *****
Status: Connecting to *****
Status: Connection established, waiting for welcome message...
Response: 220 ProFTPD 1.3.5a Server (ProFTPD) [51.254.23.201]
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER ****
Status: TLS/SSL connection established.
Response: 331 Password required for *****
Command: PASS **********
Response: 230 User ***** logged in
Command: OPTS UTF8 ON
Response: 200 UTF8 set to on
Command: PBSZ 0
Response: 200 PBSZ 0 successful
Command: PROT P
Response: 200 Protection set to Private
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (51,254,23,201,213,71).
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing
Click to expand...
 
110/tcp 80/tcp 21/tcp 53/tcp 990/tcp 5432/tcp 60200/tcp 8447/tcp 113/tcp 143/tcp 3306/tcp 5224/tcp 22/tcp 465/tcp 995/tcp 25/tcp 8443/tcp 993/tcp 443/tcp 8880/tcp 587/tcp 20/tcp 60000/tcp 53/udp
Click to expand...
 
You must log in or register to reply here.

Similar threads

B
Resolved How do I enable FTPS?
Replies
10
Views
1K
Kaspar
K
A
Issue FTP - Insecure server, it does not support FTP over TLS.
Replies
3
Views
744
Alban Staehli
A
K
Resolved Plesk panel update fails with "certificate has expired"
Replies
3
Views
627
Sebahat.hadzhi
Sebahat.hadzhi
W
Resolved FTP error not working
Replies
2
Views
371
WilliamGm
W
C
Issue Transport error: unable to list directory: Curl error: (18) Transferred a partial file: Last FTP request
Replies
0
Views
1K
cgoguyer
C
Back
Top