Article delegate-en/3127 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] FTP/TLS Proxy
07 Feb 2006 12:55:04 GMT <pg4gabdyi-c2jtqbdaqbvr.ml@ml.delegate.org>


Hi,

I'm trying to set up an FTP/TLS proxy on SuSE Linux 9.3 and Delegate 8.11.5. I have compiled and installed delegate and everything appears to be running fine but I am having trouble authenticating with the remote server. I've checked the connection to the remote ftps server without the proxy using the ftp-tls client from http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html:

ftp -z key=key.pem -z cert=cert.pem -z CAFile=CA.pem remote.host.com

This connects fine. However, when I try to connect using delegate, run with the command:

delegated -v STLS=fsv FSV="sslway -cert cert.pem -key key.pem -pass pass:password -CAFile=CA.pem -St:FSV:ftp" -P21 PERMIT="*:*:2.0.0.0/8" SERVER=ftp MOUNT="remote.host.com"

The connection does not seem to authenticate and I get:

02/07 12:06:54.47 [11367] 1+0: FTP server ftp://-:21/
02/07 12:06:54.47 [11367] 1+0: bind_insock(14,zzz.zzz.zzz.zzz,0) = 0, errno=0
02/07 12:06:54.47 [11367] 1+0: ## connect[14] TIMEOUT(1000)
02/07 12:06:54.47 [11367] 1+0: ### IDENT CONNECT(xxx.xxx.xxx.xxx:113) TIMEOUT(1000ms) (110)
02/07 12:06:54.47 [11367] 1+0: #### no authorization required
02/07 12:06:54.50 [11367] 1+0: gethostbyname(-) unknown[0.00s]
02/07 12:06:54.50 [11367] 1+0: default netmask zzz.zzz.zzz.zzz/. = FFFFFF00
02/07 12:06:54.50 [11367] 1+0: default netmask xxx.xxx.xxx.xxx/. = FFFFFF00
02/07 12:06:54.50 [11367] 1+0: ## hostIFto xxx.xxx.xxx.xxx < zzz.zzz.zzz.zzz (ffffff00)
02/07 12:06:54.50 [11367] 1+0: default netmask zzz.zzz.zzz.zzz/. = FFFFFF00
02/07 12:06:54.50 [11367] 1+0: default netmask xxx.xxx.xxx.xxx/. = FFFFFF00
02/07 12:06:54.50 [11367] 1+0: FTP LOGIN FROM xxx.xxx.xxx.xxx TO GBX10000.GBZ39452@host..
02/07 12:06:54.50 [11367] 1+0: PATH: ftp://remote.host.com:21!sftpproxy.mydomain:21!xxx.xxx.xxx.xxx:2850!anonymous@xxx.xxx.xxx.xxx;1139314014
02/07 12:06:54.52 [11367] 1+0: FTP server ftp://remote.host.com:21/
02/07 12:06:54.52 [11367] 1+0: FTPHOPS: 1 [8/46 - -1/-1]
02/07 12:06:54.52 [11367] 1+0: default netmask zzz.zzz.zzz.zzz/. = FFFFFF00
02/07 12:06:54.52 [11367] 1+0: default netmask xxx.xxx.xxx.xxx/. = FFFFFF00
02/07 12:06:54.52 [11367] 1+0: ConnectToServer: DFLT=ftp://remote.host.com:21 REAL=://:0
02/07 12:06:54.55 [11367] 1+0: ConnectToServer connected [15] {yyy.yyy.yyy.yyy:21 <- zzz.zzz.zzz.zzz:2215} [0.028s]
02/07 12:06:54.55 [11368] 1+0: -- Fork(FSV): 11367 -> 11368
02/07 12:06:54.55 [11368] 1+0: #### execFilter[FSV] sslway -cert cert.pem -key key.pem -pass pass:password -CAFile=CA.pem -St:FSV:ftp
02/07 12:06:54.59 [11367] 1+0: willSTLS_SV: ServerFlags=30
## SSLway[11368](xxx.xxx.xxx.xxx) STARTTLS to server -- FTP
## SSLway[11368](xxx.xxx.xxx.xxx) STARTTLS to server -- 234 AUTH command accepted - proceed with Negotiation.
## SSLway[11368](xxx.xxx.xxx.xxx) server's cert. = **subject<</C=XX/O=XXX/OU=XXXXX/CN=remote.host.com>> **issuer<</C=XX/O=XX/OU=XXXXX/CN=PKI Services Root CA>>
## SSLway[11368](xxx.xxx.xxx.xxx) STARTTLS/FTP PBSZ 0 -> 200 Protection buffer size successfully set.
## SSLway[11368](xxx.xxx.xxx.xxx) STARTTLS/FTP PROT P -> 200 Data protection level now set to 'P' (Protected).
02/07 12:06:57.16 [11367] 1+0: proxyFTP got EOF from the client.
02/07 12:06:57.16 [11367] 1+0: disconnected [46] -@[xxx.xxx.xxx.xxx]xxx.xxx.xxx.xxx:2850 (2.709s)(0)
02/07 12:06:57.16 [11369] 2+0: -- Fork(OnetimeServer): 11366 -> 11369

The local ftp client gives the error message:

~ Connecting...
~ Connected to proxy server, waiting for response...
< 220- sftpproxy.mydomain PROXY-FTP server (DeleGate/8.11.5) ready.
< 220-   @ @
< 220-  ( - ) { DeleGate/8.11.5 (July 7, 2005) }
< 220- AIST-Product-ID: 2000-ETL-198715-01, H14PRO-049, H15PRO-165
< 220- Copyright (c) 1994-2000 Yutaka Sato and ETL,AIST,MITI
< 220- Copyright (c) 2001-2005 National Institute of Advanced Industrial Science and Technology (AIST)
< 220- WWW: http://www.delegate.org/delegate/
< 220- --
< 220- You can connect to a SERVER by `user' command:
< 220-    ftp> user username@SERVER
< 220- or by `cd' command (after logged in as an anonymous user):
< 220-    ftp> cd //SERVER
< 220- Cache is enabled by default and can be disabled by `cd .' (toggle)
< 220- This (proxy) service is maintained by 'mike.peters@misys..uk'
< 220-extended FTP [MODE XDC][XDC/BASE64]
< 220  
> USER user@host..
< 421 failed starting TLS with the server
!  Invalid username or password for remote.host.com
~ Could not login to remote.host.com

Is there something I am doing wrong initialising delegate, (or elsewhere), which is causing authentication to fail? Or is there anything else I should try to get this working?

Thanks in advance.

Mike Peters
Linux System and Website Administrator
Misys Financial Systems
Tel: 00000 00000X  Ext. 2242 
www.misysgi.co.uk
This message is intended for the named recipient only and may be privileged and/or confidential.  If you are not the intended or named recipient or have received this email in error then you should not copy forward or disclose it to any other persons.  If you have received this email in error you should destroy it and contact the sender so that we may take appropriate action.   The views and opinions expressed in this email may not represent the views and opinions of Misys plc or any of its subsidiaries and are made without prejudice and subject to contract.  The Company Reserves the right to intercept and review all email communications.




  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V