Can the same sever accept both Explicit and Implicit FTPS?

Hooman Bahreini

4/6/23, 11:00 PM

I am using VSFTPD on an Ubuntu server.

I have 2 clients who want to connect to this FTP server, one of them uses FTPS with Explicit Authentication and the other client uses FTPS with implicit authentication.

Is there anyway that could configure VSFTPD, to accept both Implicit and Explicit authentications?

Here is my /etc/vsftpd.conf:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=NO
# pasv_address=13.55.13.221 
idle_session_timeout=1200
data_connection_timeout=3600
accept_timeout=500
connect_timeout=5000
allow_writeable_chroot=YES
chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER/uploads
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
utf8_filesystem=YES

117

0 + 0

ftp

ftps

vsftpd

Moshe Katz

4/6/23, 11:57 PM

You will probably need to have two instances of VSFTPD that list in on two different ports with different configurations.

Hooman Bahreini

4/7/23, 12:24 AM

@MosheKatz: thanks, so does it mean I need 2 physical servers?

Moshe Katz

4/7/23, 12:28 AM

No, you should be able to run two instances of the software on the same server. You just need to set them to use different ports.

Hooman Bahreini

4/7/23, 12:31 AM

Thanks, but how can I do it?

Score:2

Server

Martin Prikryl

4/7/23, 7:04 AM

As the documentation for implicit_ssl says:

To support explicit SSL and/or plain text too, a separate vsftpd listener process should be run.

For that see:
How do you setup multiple instances of vsftpd to run on different listen ports?

Though note that the implicit TLS/SSL is a legacy hack introduced decades ago to ease transitioning to encrypted FTP, at the times, when FTP clients did not have a built-in support for TLS/SSL. It shall not be used today. So the requirements of one of your client to use it, seems strange. I know of no FTP client that would support only implicit TLS and not explicit TLS.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can the same sever accept both Explicit and Implicit FTPS?

TH: เซิร์ฟเวอร์เดียวกันสามารถรับทั้ง FTPS ที่ชัดเจนและโดยนัยได้หรือไม่

RO: Poate același server să accepte atât FTPS explicit, cât și implicit?

RU: Может ли один и тот же сервер принимать как явный, так и неявный FTPS?

VI: Liệu cùng một máy chủ có thể chấp nhận cả FTPS rõ ràng và ngầm định không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.