Re: FTP partially blocked-- how to trace?



On Aug 19, 7:23 am, Mike
<turnpike_user@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
In message <slrnfcg1c5.64g.t...@xxxxxxxxxxxxxxxxxxxx>
at 10:55:33 on Sun, 19 Aug 2007, Theo v. Werkhoven
<t...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote>The carbonbased lifeform red inspired comp.security.firewalls with:
Hello,

I use various programs to such as Ultraedit to upload files via FTP.
On one site, all of a sudden I began having a mysterious problem. I
can log onto the site, but I cannot do anything alse. I am able to get
the name of the directory I am in but I can't get any other directory
information, change directories or access any files.

Sounds like a (Unix) permission problem.
Try 'ls -al' in that directory and see if this and other directories
have the 'x' (search bit) and 'r' (read bit) set for the user and group.

Theo

>
The OP probably won't know what user and group are. Permissions could
be something like rwxrwxrwx or r--r--r-- for example
The first 3 characters refer to user, the next 3 the group and the final
3 "other users"

Doesn't he want to be looking at the permissions on the directory
itself, so he needs to go up to the parent directory - possibly won't be
able to do that unless he has access to the full directory structure

Anyway, I had similar experiences to the OP when I started using
Kapersky, and I've never got to the bottom of it.
--
Mike News

I figured it out. Once I realized that WinSCP works because it uses a
secure protocol, it was obvious that someone must have changed
something on the server to only allow secure FTP. When I changed the
protocol in Ultraedit from SCP to SFTP -SSH2 it fixed the problem.

As a test, I changed the protocol in WinSCP from SFTP to SCP and it
still worked. So the permission denials were not based on using SCP as
an FTP protocol - they were based on SSH

Then I changed the SSH to SSH1 and it didn't work anymore.

I'm not sure this has anything to do with SSH but the permissions of
the root folder are
rwxr-xr-x

There's one thing that still doesn't make sense though:

Other servers that I FTP to also require SSH2. If I try to log onto
them using WinSCP with SSH1, I can't even log on. But if I uncheck
SFTP -SSH2 in UltraEdit, it still works fine. I'm not sure what's
going on there.

Why does not having SFTP -SSH2 checked work fine on one server that
requires SSH2 but not another server that also requires SSH2. I would
think the difference would be in the FTP protocol(SFTP vs SCP) but as
I said SFTP doesn't seem to be required on the same server that
requires that SFTP -SSH2 be checked.

It works well enough that I can get back to work, but its little
things like that that bug me no end.

.



Relevant Pages

  • Re: SPAM sudden increase
    ... > Dude was on a tech call with f-secure and the tech asked, "So, ... dude is trying to FTP to their server using WSFTP. ... but I think he is talking about sftp protocol - FTP via ...
    (alt.2600)
  • Re: Does IIS support SFTP?
    ... There are several excellent SFTP server out there for Windows. ... use Cerberus FTP Server for FTP, ... Here's a guide for using SSH to set up SFTP on Windows. ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Confusing! ssh, ssh1, ssh2, etc.
    ... > SSH Comm Corp's ssh2 uses a completely different protocol than OpenSSH's ... "The solution is to install either the OpenSSH or SSH1 version of scp on ... the server under the name "scp1," somewhere in the sshd2's PATH." ... The "sftp" program uses the sftp protocol and expects an sftp server ...
    (comp.security.ssh)
  • Re: SFTP Solution
    ... because either their FTP Client can't do SFTP or the Firewall or Proxy ... Server doesn't have the Application Filters to decrypt/encrypt the SFTP ... packets in order to maintain the FTP port complexities of the connection. ... The Firewall product in these articles is MS ISA Server, ...
    (microsoft.public.windows.server.general)
  • Re: SFTP and SCP
    ... > Both scp and sftp use insecure protocols which derive their security from ... In what way do you see sftp as having "improved ... with wildcard expansion. ... matching rules chosen by the server. ...
    (comp.security.ssh)