0 votes
by (200 points)
edited

After 2 days of trying various things, I'm in need of some assistance. I'm trying to setup an FTP/SSL connection in passive mode, with implicit security. I am using a Verifier.vb class to handle verification of the certificate, which seems to be working ok. I just can't get past the .login call. I've verified the credentials, they are correct. To test the connection outside of Rebex, I used Adobe Dreamweaver's FTP, and it does connect just fine. However, there is an additional option on Dreamweaver called Authentication which is set up "None (encryption only)". I couldn't find anything related to this in Rebex, but I could have missed it.

Anyway, any help is greatly appreciated. :)

Here is the code:

        'create client, connect and log in 
        Dim ftpClient As New Ftp
        ftpClient.LogWriter = New Rebex.FileLogWriter("E:\connection.log", Rebex.LogLevel.Debug)

        If ftpServer.IsPassiveMode = False Then ftpClient.Passive = False

        ' // VALIDATE CERTIFICATE AND CONNECT
        AddHandler ftpClient.ValidatingCertificate, AddressOf Verifier.ValidatingCertificate
        ftpClient.Connect(ftpServer.Address, 990, FtpSecurity.Implicit)

        ' // LOGIN
        ftpClient.Login(ftpServer.Username, ftpServer.Password)

        ftpClient.SecureTransfers = True

        'change to the subdirectory if applicable
        If ftpServer.FtpDirectory <> "" Then ftpClient.ChangeDirectory("/" & ftpServer.FtpDirectory)

        Dim shortFileName As String = Path.GetFileName(fileName)
        ftpClient.PutFile(fileName, shortFileName)

        ftpClient.Disconnect()

The program fails on ftpClient.Login call.

Here is the log:

2013-02-14 11:15:06.460 Opening log file
2013-02-14 11:15:06.499 INFO Ftp(1)[1] Info: Connecting to youearnedit-ftp.cloudapp.net:990 using Ftp 4.0.4700.0.
2013-02-14 11:15:06.501 INFO Ftp(1)[1] Info: Using proxy none.
2013-02-14 11:15:06.661 DEBUG Ftp(1)[1] Info: Connection succeeded.
2013-02-14 11:15:06.668 DEBUG Ftp(1)[1] Info: Upgrading control connection to TLS/SSL.
2013-02-14 11:15:06.721 INFO Ftp(1)[1] TLS: State StateChange:Negotiating
2013-02-14 11:15:06.722 DEBUG Ftp(1)[1] TLS: HandshakeMessage:ClientHello was sent.
2013-02-14 11:15:06.809 DEBUG Ftp(1)[1] TLS: HandshakeMessage:ServerHello was received.
2013-02-14 11:15:06.815 DEBUG Ftp(1)[1] TLS: HandshakeMessage:Certificate was received.
2013-02-14 11:15:06.815 DEBUG Ftp(1)[1] TLS: HandshakeMessage:ServerHelloDone was received.
2013-02-14 11:15:06.820 DEBUG Ftp(1)[1] TLS: Verifying server certificate ('CN=YouEarnedIt.FTP').
2013-02-14 11:15:06.828 DEBUG Ftp(1)[1] TLS: Certificate verification result: Accept
2013-02-14 11:15:06.893 DEBUG Ftp(1)[1] TLS: HandshakeMessage:ClientKeyExchange was sent.
2013-02-14 11:15:06.922 DEBUG Ftp(1)[1] TLS: CipherSpec:ChangeCipherSpec was sent.
2013-02-14 11:15:06.927 DEBUG Ftp(1)[1] TLS: HandshakeMessage:Finished was sent.
2013-02-14 11:15:06.984 DEBUG Ftp(1)[1] TLS: CipherSpec:ChangeCipherSpec was received.
2013-02-14 11:15:06.987 DEBUG Ftp(1)[1] TLS: HandshakeMessage:Finished was received.
2013-02-14 11:15:06.989 INFO Ftp(1)[1] TLS: State StateChange:Secured
2013-02-14 11:15:06.991 INFO Ftp(1)[1] TLS: Connection secured using cipher: TLS 1.0, RSA, 128bit AES in CBC mode, SHA1
2013-02-14 11:15:06.996 DEBUG Ftp(1)[1] TLS: Session ID:
0000 |21-39-00-00-07-B6-2D-CB E9-49-26-E3-C9-66-EF-38| !9....-..I&..f.8
0010 |96-53-CE-6F-57-82-E6-33 D3-B8-D4-2C-00-33-FD-27| .S.oW..3...,.3.'
2013-02-14 11:15:06.996 DEBUG Ftp(1)[1] Info: Control connection upgraded to TLS/SSL.
2013-02-14 11:15:07.237 INFO Ftp(1)[1] Response: 220 FTP to Windows Azure Blob Storage Bridge Ready
2013-02-14 11:15:07.259 INFO Ftp(1)[1] Command: USER ftp-xxxxx
2013-02-14 11:15:07.309 INFO Ftp(1)[1] Response: 331 User ftp-xxxxx logged in, needs password
2013-02-14 11:15:07.311 INFO Ftp(1)[1] Command: PASS *****************
2013-02-14 11:15:07.362 INFO Ftp(1)[1] Response: 530 Username or password incorrect ##.###.###.###
2013-02-14 11:15:07.369 ERROR Ftp(1)[1] Info: Rebex.Net.FtpException: Username or password incorrect ##.###.###.### (530).
at Rebex.Net.Ftp.21klJqZ(String , String , String )

And lastly, here is a screen shot of the Dreamweaver ftp that does connect: Dreamweaver ftp example

Applies to: Rebex FTP/SSL

5 Answers

0 votes
by (58.9k points)
edited

Could you please try to connect with FileZilla? If it works for you please send us log of the communication from FileZilla, that should help us in resolving this issue. You can post the log here, or send to support@rebex.net.

by (200 points)
edited

Thanks Tomas. Here is the log. Received errors at the bottom, but it does look like it logs in.

Status: Resolving address of youearnedit-ftp.cloudapp.net
Status: Connecting to 70.37.81.234:990...
Status: Connection established, initializing TLS...
Status: Verifying certificate...
Status: TLS/SSL connection established, waiting for welcome message...
Response:   220 FTP to Windows Azure Blob Storage Bridge Ready
Command:    USER ftp-xxxxx
Response:   331 User ftp-xxxxx logged in, needs password
Command:    PASS *****************
Response:   220 Password ok, FTP server ready
Status: Server does not support non-ASCII characters.
Command:    PBSZ 0
Response:   200 PBSZ=0
Command:    PROT P
Response:   200 Data channel protection level set to P
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" PWD Successful
Command:    TYPE I
Response:   200 TYPE command succeeded, data type is Image (Binary)
Command:    PASV
Response:   227 Entering Passive Mode (70,37,81,234,233,212)
Command:    MLSD
Response:   150 Opening data connection for MLSD
Error:  GnuTLS error -110 in gnutls_record_recv: The TLS connection was non-properly terminated.
Error:  Could not read from transfer socket: ECONNABORTED - Connection aborted
Response:   226 MLSD successful
Error:  Failed to retrieve directory listing
0 votes
by (58.9k points)
edited

Do you have any non-ASCII characters in your password? This might be the cause of the problem.

If yes, try setting the property Encoding to UTF8 or Windows-1252 encodings like this:

        ftp.Encoding = Encoding.UTF8;

or

        ftp.Encoding = Encoding.GetEncoding("windows-1252");

before calling the Login method. Does it make any difference?

0 votes
by (200 points)
edited

I get the same results using either encoding. Also, the password contains only ASCII characters. The log file I recorded is identical to my original post, except for the session keys.

Could the issue be the certificate itself? If I remove the verifier handler on the certificates, I get a "Server certificate was issued by an unknown authority" error. I added the certificate to the trustedcastore, but perhaps the certificate just doesn't work? But the login clearly worked in both Dreamweaver and Filezilla. Strange.

0 votes
by (58.9k points)
edited

This is really strange. Are you able to login using our FtpWinformClient.exe sample which is distributed along the installation package?

If not, then please make a Verbose log (either from your program or from Rebex FtpWinformClient) and check that the password we are sending is correct.

0 votes
by (200 points)
edited

The FtpWinformClient.exe works well on my local machine. I do get a certificate popup with the following warnings: Server Certificate was issued by an untrusted authority. As well as Server hostname does not match the certificate. Clicking "Accept" button the popup goes away and it logs in just fine. "10:08:15.636 Info Response: 220 Password ok, FTP server ready".

When I test the FtpWinformClient.exe program on my production server, however, I get the (530) username or password incorrect error. I get the same popup, and clicked the "Accept" button.

I checked my firewall, and all seems ok there. My local system is Windows 8 Pro 64-Bit. The product server is Windows 2008 Server Standard 64-Bit. I've had no issues running Rebex on my production server, but this is my first TLS/SSL implementation. Perhaps Windows 2008 is treating certificates differently.

by (148k points)
edited

Actually, server certificate check is very unlikely to have anything to do with the "password incorrect" issue. Once a certificate is accepted, a TLS/SSL session is established and the exact way the certificate was accepted doesn't make a difference at all - the FTP server doesn't even know whether it was accepted automatically or manually, so it can't take that into account when deciding whether to accept or reject a login attempt. If the "untrusted certificate" issue is a problem, please create a new question where we can concentrate on that issue.

by (148k points)
edited

Now, regarding the "password incorrect" issue - the same combination of username/password is accepted when connecting from your local machine, but rejected when connecting from your production server? First, make sure the passwords sent from the client are really identical - create logs at Verbose level (either from FtpWinFormClient.exe or your application) at both the local machine and the server, look for "USER" and "PASS" commands and compare the corresponding verbose data - are they 100% identical?

...