FTPS Backup Einstellungen funktionieren nicht - Failure when receiving data from the peer

lyze237 · Dec 13th 2018

Hallo!

Ich habe gerade FTP Backups von meinen webhosting plan eingerichtet. Dann wollte ich das ganze noch ein bisschen sicherer machen mithilfe von tls / ftps.

Somit habe ich TLS auf dem FTP Server aktiviert und das Häkchen in den FTP Backup Einstellungen gesetzt.

Nun meldet Plesk da aber eine Fehlermeldung welche ich nicht nachvollziehen kann und somit kann ich das Ganze nicht übernehmen:

Code

Fehler: Unable to operate the storage: Transport error: unable to delete file: Curl error: (56) Failure when receiving data from the peer: Last FTP request: NLST Last FTP response: 150 Accepted data connection

Check that you have permissions to delete files from the storage. You can check it independently with the commands:

echo 123 | curl -T - --ftp-create-dirs -v -P - --ssl -k -u lyze 'ftp://<domain>//backups/webhosting/test-dir/test-file.txt'

curl -v -P - --ssl -k -u lyze 'ftp://<domain>//backups/webhosting/test-dir/test-file.txt' -Q '-DELE test-file.txt'

Wenn ich die beiden Befehle selbst in einer Shell eingebe funktioniert alles:

Code

$ curl -T - --ftp-create-dirs -v -P - --ssl -k -u lyze 'ftp://<url>//backups/webhosting/test-dir/test-file.txt'
Enter host password for user 'lyze':  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                 Dload  Upload   Total   Spent    Left  Speed  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying <ip>...
* TCP_NODELAY set
* Connected to <url> (<ip>) port 21 (#0)
< 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
< 220-You are user number 1 of 5 allowed.
< 220-Local time is now 13:37. Server port: 21.
< 220-This is a private system - No anonymous login
< 220 You will be disconnected after 15 minutes of inactivity.
> AUTH SSL
< 500 This security scheme is not implemented
> AUTH TLS
< 234 AUTH TLS OK.
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
...
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: CN=AT; O=AT; C=AT
*  start date: Dec 13 13:31:27 2018 GMT
*  expire date: Dec 13 13:31:27 2023 GMT
*  issuer: CN=AT; O=AT; C=AT
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
} [5 bytes data]
> USER lyze
{ [5 bytes data]
< 331 User lyze OK. Password required
} [5 bytes data]
> PASS <pass>
{ [5 bytes data]
< 230 OK. Current directory is /
} [5 bytes data]
> PBSZ 0
{ [5 bytes data]
< 200 PBSZ=0
} [5 bytes data]
> PROT P
{ [5 bytes data]
< 200 Data protection level set to "private"
} [5 bytes data]
> PWD
{ [5 bytes data]
< 257 "/" is your current location
* Entry path is '/'
} [5 bytes data]
> CWD /
* ftp_perform ends with SECONDARY: 0
{ [5 bytes data]
...
< 250 OK. Current directory is /backups/webhosting/test-dir
} [5 bytes data]
> EPRT |1|<ip>|39117|
{ [5 bytes data]
< 200 PORT command successful
* Connect data stream actively
} [5 bytes data]
> TYPE I
{ [5 bytes data]
< 200 TYPE is now 8-bit binary
} [5 bytes data]
> STOR test-file.txt
{ [5 bytes data]
< 150 Connecting to port 39117
* Preparing for accepting server on data port
* Checking for server connect
* Ready to accept data connection from server
* Connection accepted from server
* Doing the SSL/TLS handshake on the data stream
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt  CApath: /etc/ssl/certs
* SSL re-using session ID
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [89 bytes data]
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: CN=AT; O=AT; C=AT
*  start date: Dec 13 13:31:27 2018 GMT
*  expire date: Dec 13 13:31:27 2023 GMT
*  issuer: CN=AT; O=AT; C=AT
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
This is a test
} [5 bytes data]
100    15    0     0    0    15      0      0 --:--:--  0:00:26 --:--:--     0123
100    19    0     0    0    19      0      0 --:--:--  0:00:29 --:--:--     0

100    21    0     0    0    21      0      0 --:--:--  0:00:32 --:--:--     0* Remembering we are in dir "/backups/webhosting/test-dir/"
} [5 bytes data]
* TLSv1.2 (OUT), TLS alert, Client hello (1):
} [2 bytes data]
< 226-File successfully transferred
{ [5 bytes data]
< 226 32.488 seconds (measured here), 0.65 bytes per second
100    21    0     0    0    21      0      0 --:--:--  0:00:32 --:--:--     0
* Connection #0 to host <url> left intact


$ sudo cat volumes/data/backups/webhosting/test-dir/test-file.txt
This is a test
123

Display More

Und der Delete Befehl:

Code

$ curl -v -P - --ssl -k -u lyze 'ftp://<url>//backups/webhosting/test-dir/test-file.txt' -Q '-DELE test-file.txt'
Enter host password for user 'lyze':
*   Trying <ip>...
* TCP_NODELAY set
* Connected to <url> (<ip>) port 21 (#0)
< 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
< 220-You are user number 1 of 5 allowed.
< 220-Local time is now 13:39. Server port: 21.
< 220-This is a private system - No anonymous login
< 220 You will be disconnected after 15 minutes of inactivity.
> AUTH SSL
< 500 This security scheme is not implemented
> AUTH TLS
< 234 AUTH TLS OK.
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
...
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: CN=AT; O=AT; C=AT
*  start date: Dec 13 13:31:27 2018 GMT
*  expire date: Dec 13 13:31:27 2023 GMT
*  issuer: CN=AT; O=AT; C=AT
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
> USER lyze
< 331 User lyze OK. Password required
> PASS <password>
< 230 OK. Current directory is /
> PBSZ 0
< 200 PBSZ=0
> PROT P
< 200 Data protection level set to "private"
...
< 250 OK. Current directory is /backups/webhosting/test-dir
> EPRT |1|<ip>|60903|
< 200 PORT command successful
* Connect data stream actively
> TYPE I
< 200 TYPE is now 8-bit binary
> SIZE test-file.txt
< 213 21
> RETR test-file.txt
< 150 Connecting to port 60903
* Maxdownload = -1
* Getting file with size: 21
* Preparing for accepting server on data port
* Checking for server connect
* Ready to accept data connection from server
* Connection accepted from server
* Doing the SSL/TLS handshake on the data stream
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt  CApath: /etc/ssl/certs
* SSL re-using session ID
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*  subject: CN=AT; O=AT; C=AT
*  start date: Dec 13 13:31:27 2018 GMT
*  expire date: Dec 13 13:31:27 2023 GMT
*  issuer: CN=AT; O=AT; C=AT
*  SSL certificate verify result: self signed certificate (18), continuing anyway.
This is a test
123


* Remembering we are in dir "/backups/webhosting/test-dir/"
* TLSv1.2 (OUT), TLS alert, Client hello (1):
< 226-File successfully transferred
< 226 0.000 seconds (measured here), 64.29 Kbytes per second
> DELE test-file.txt
< 250 Deleted test-file.txt
* Connection #0 to host <url> left intact


$ sudo cat volumes/data/backups/webhosting/test-dir/test-file.txt
cat: volumes/data/backups/webhosting/test-dir/test-file.txt: No such file or directory

Display More

Ich habe den FTP Server mithilfe von https://github.com/stilliard/docker-pure-ftpd erstellt:

Code

version: '2'

services:
  ftpd_server:
    image: stilliard/pure-ftpd:hardened
    container_name: pure-ftpd
    ports:
      - "21:21"
      - "30000-30009:30000-30009"
    volumes: # remember to replace /folder_on_disk/ with the path to where you want to store the files on the host machine
      - "./volumes/data:/home/lyze/"
      - "./volumes/passwd:/etc/pure-ftpd/passwd"
      - "./volumes/ssl:/etc/ssl/private/"
    environment:
      PUBLICHOST: "<url>"
      FTP_USER_NAME: lyze
      FTP_USER_PASS: <password>
      FTP_USER_HOME: /home/lyze
      ADDED_FLAGS: "--tls=2"
      TLS_CN: AT
      TLS_ORG: AT
      TLS_C: AT
    restart: always

Display More

Könnte mir evtl. Jemand helfen?

lyze237 · Dec 15th 2018

Habe es herausgefunden.

ftpd muss mit -b anscheinend gesterartet werden.

Tags