"Require secure connection before login"
216 views
Skip to first unread message
Sparky
Feb 14, 2010, 7:23:24 PM2/14/10
to RhinoSoft.com User Group
I've set "require secure connection before login" for my windows
users. However, from a command line ftp session, it doesn't give the
"530 Not logged in, need secure connection" until after entering a
password and hitting enter. So is the password still sent over the
network (unsecured), or does this failure happen before the password
is actually sent?
users. However, from a command line ftp session, it doesn't give the
"530 Not logged in, need secure connection" until after entering a
password and hitting enter. So is the password still sent over the
network (unsecured), or does this failure happen before the password
is actually sent?
If someone could save me the trouble of sniffing the traffic I would
be most appreciative.
-Michael
FTPServerTools
Feb 15, 2010, 6:51:35 PM2/15/10
to RhinoSoft.com User Group
Basically your commandline ftp client is very basic (assuming you use
the winfows ftp). It does not handle extra features and not even ssl/
tls. I dont know which servu you are running. But this setting
suggests in the helpfile (I found it for example in the Limits &
Settings of a user,group and domain) that there will be no transfer
done (after login) that is not ssl.
Your standard commandline client logs in, then tries the list and
fails in it since it cant do ssl and thus doesnt get the listing. Your
gui client sends different commands during login. It does depend on
the client you use tho..
Since you havent give the complete info I guess that your gui client
tries to make a connection via the ssl command listener. If you want
to go fully secure you can simply use a listener that only uses
encryption. Standard ftp uses non encrypted login/password.
the winfows ftp). It does not handle extra features and not even ssl/
tls. I dont know which servu you are running. But this setting
suggests in the helpfile (I found it for example in the Limits &
Settings of a user,group and domain) that there will be no transfer
done (after login) that is not ssl.
Your standard commandline client logs in, then tries the list and
fails in it since it cant do ssl and thus doesnt get the listing. Your
gui client sends different commands during login. It does depend on
the client you use tho..
Since you havent give the complete info I guess that your gui client
tries to make a connection via the ssl command listener. If you want
to go fully secure you can simply use a listener that only uses
encryption. Standard ftp uses non encrypted login/password.
Reply all
Reply to author
Forward
0 new messages