Firewall 1.11.2019 Comments Off on FTP Issues

FTP : File Transfer Protocol

FTP clients : Filezilla

FTP connection settings as

Host : Domain name or server IP
Port: 21
Protocol : FTP or SFTP
Encryption : Plain FTP or FTPES(Explicit FTP over TLS) depends on server settings
Location Type: Normal
User : complete username
Password : password
Enable the passive port range for Pure-FTPd in server Firewall (PassivePortRange 30000 65000 )
FTP Logs : /var/log/messages ======================================================================== Error: 421 Sorry, cleartext sessions are not accepted on this server

The error reports because the FTP SSL encryption settings are incorrect while connection.

Please use following settings into your FTP client as (Options in Filezilla)

Main >> Service Configuration >> FTP Server Configuration TLS Encryption Support >> “optional”

Settings:
Host: domain name or server Ip
Port : 21
Server Type : FTPES -FTP over explicit TLS/SSL
Enable the passive port range for Pure-FTPd
For that you need to modify FTP configuration file vim /etc/pure-ftpd.conf configuration file
Enable the passive port range as PassivePortRange 30000 65000 then Save the pure-ftpd.conf file and restart FTP service. Also enable the passive port range into server firewall

========================================================================

Error: 530 Login authentication failed

You can receive this error even if you are using correct FTP login details.

Cause : The ftp passwords and cpanel passwords are stored in separate locations and sometimes the ftp passwords wont get updated when you update cpanel passwords.

Resolution: You can resolve this issue by following steps in WHM as

1. Switch FTP from Pure-ftpd to Proftpd in WHM => WHM > FTP Configuration and switch it back to Pure-ftpd.

2. Synchronize FTP passwords in WHM => Main >> cPanel >> Synchronize FTP Passwords option in WHM.

3. Restart FTP server using Main >> Restart Services >> FTP Server (ProFTPd/PureFTPd) option.

Please make sure that the local machine IP address isn’t blocked in server firewall.

(From shell access)
Or fire following commands on shell prompt as /scripts/ftpupdate /etc/init.d/pure-ftp restart ========================================================================

Change the FTP user path in cPanel :

cPnel does not allow you to change the FTP path for main account or sub accounts, but you can change it from the FTP user configuration file.

By default, the cPanel user has a file in /etc/proftpd (even if you use pure-ftp the location is same) /etc/proftpd contains a file for each of the accounts on the server as below

# cat /etc/proftpd/user

user:$1$vAYD1RiQ$U7pJmHJvT5dFL.kzoJ8f6/:519:518::/home/user:/bin/ftpsh user_logs:$1$vAYD1RiQ$U7pJmHJvT5dFL.kzoJ8f6/:519:518:user:/home/.domlogs/user:/bin/ftpsh

You can edit the file for the domain and change the home directory as user:$1$vAYD1RiQ$U7pJmHJvT5dFL.kzoJ8f6/:519:518::/home/user/myfiles:/bin/ftpsh

Once you made changes, save the file and then restart your pure-ftpd service ========================================================================

Limit the FTP connections from the IP address? (pure-FTP)

In case you need to restrict FTP connections from any IP, you can do that but the default the limit is 8. It is not recommended to increase the limit of 8, for security reasons.

Follow steps as

# Maximum number of sim clients with the same IP address MaxClientsPerIP 8

1.Open pure-FTP configuration file using vim /etc/pure-ftpd.conf
2. Search for the line “MaxClientsPerIP” and change the value
3. Restart FTP service .

You can use command given below to restart FTP service /etc/init.d/pure-ftpd restart ========================================================================

Comments are closed.