Pure-FPTD-Mysql TLS SFTP : permission denied

0

I've a working FTP service on my server, connected to a MySQL database to manage my users, using pure-ftpd-mysql.

I try to enable the FTP users to use SFTP. The FTP login works fine, but the SFTP login always answer : Permission denied, please try again.

My certificate, issued my letsencrypt seem to be working fine (it prompted well on filezilla the first time).

Here is the syslog when I restart the pure-ftpd-mysql service :

Aug  3 12:12:02 fidcar-ftp pure-ftpd-mysql[4822]: Starting ftp server: Running: /usr/sbin/pure-ftpd-mysql -l mysql:/etc/pure-ftpd/db/mysql.conf -E -p 30000:50000 -8 UTF-8 -j -P 212.47.231.168 -Y 1 -O clf:/var/log/pure-ftpd/transfer.log -u 2000 -J HIGH -A -B

As you can see, the -Y option is defined to 1, so the TLS seems to be activated.

On my var/log/auth logs, i can find those lines :

Aug  3 12:35:14 fidcar-ftp sshd[5006]: Failed password for invalid user <mysftpuser> from <myip> port 51776 ssh2
Aug  3 12:35:14 fidcar-ftp sshd[5006]: Connection closed by invalid user <mysftpuser> <myip> port 51776 [preauth]

Is Pure-FTPD is supposed to find the user and allow the connexion ?

Thank you for your help.

Thibault Henry

Posted 2018-08-03T11:17:53.733

Reputation: 113

Answers

0

SFTP is SSH-based. It is not related in any way to PureFTPd. You can also see on the log lines that they’re coming from sshd.

If you want encrypted FTP, you need to use FTPS. Depending on your configuration you’ll need to set up the FTP client to use either FTP Implicit SSL/TLS (different port) or FTP Explicit SSL/TLS (same port, uses STARTTLS command).

Be aware that encrypted FTP still uses multiple connections, but firewall helpers can no longer extract this information from the now-encrypted control connection. You may not be able to use encrypted FTP from behind restrictive firewalls.

Daniel B

Posted 2018-08-03T11:17:53.733

Reputation: 40 502

Asked: 2018-08-03T11:17:53.733

Viewed: 130 times

Active: 2018-08-03T11:26:19.613