Connect Curl (git-ftp) and FileZilla to vsftpd – How to Guide

curlftpsvsftpd

Following this tutorial I managed to add FTPS connectivity to the server.

Following step 6 in the tutorial:

  • 6.1 generate certificate

    $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

  • 6.2 add certificate to /etc/vsftpd.conf

    rsa_cert_file=/etc/ssl/private/vsftpd.pem

    rsa_private_key_file=/etc/ssl/private/vsftpd.pem

It works for FileZilla but with curl it seems I can't re-use the same certificate, I downloaded the certificate file from the server and am useing it like so

$ curl -v --cert ~/.ssh/vsftpd.pem --user MYUSER:PASSWORD ftp://SERVER-IP
*   Trying SERVER-IP...
* TCP_NODELAY set
* Connected to SERVER-IP (SERVER-IP) port 21 (#0)
< 220 (vsFTPd 3.0.3)
> USER MYUSER
< 530 Non-anonymous sessions must use encryption.
* Access denied: 530
* Closing connection 0
curl: (67) Access denied: 530

With FTPS

$ curl -v --cert ~/.ssh/vsftpd.pem --user MYUSER:PASSWORD ftps://SERVER-IP
*   Trying SERVER-IP...
* TCP_NODELAY set
* Connection failed
* connect to SERVER-IP port 990 failed: Connection refused
* Failed to connect to SERVER-IP port 990: Connection refused
* Closing connection 0
curl: (7) Failed to connect to SERVER-IP port 990: Connection refused

How can I use the same certificate for both FileZilla and curl (since git-ftp uses curl) to upload files via FTPS?

Update

Adding the parameter --ftp-ssl:

*   Trying SERVER-IP...
* TCP_NODELAY set
* Connected to SERVER-IP (SERVER-IP) port 21 (#0)
< 220 (vsFTPd 3.0.3)
> AUTH SSL
< 234 Proceed with negotiation.
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/etc/openssl/cert.pem
  CApath: /usr/local/etc/openssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Best Answer

curls parameter --cert is used to provide the client authentication certificate. As long as you are not authenticating with client certificates you don't need it.

To use ftps use the --ftp-ssl parameter.

Related Topic