[9fans] ftpd on 9front

[9fans] ftpd on 9front

[Garry]

[-- Attachment #1: Type: text/plain, Size: 693 bytes --]

OK, so I am running ftpd on 9front, but on connecting I get:

Connected to 192.168.1.108.
220 Plan 9 FTP server ready.
200 UTF8 always on
User (192.168.1.108:(none)): glenda
331 Need password
Password:

534 Command requires tls
Login failed.

Any ideas of how to get this work? I am indifferent to whether I either get TLS working or disable it, but I suppose getting TLS working is at least a learning experience.

Any help much appreciated.

Garry
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Td09db527ec1fde98-M416e6cc6e776d58a76102b9c
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

[-- Attachment #2: Type: text/html, Size: 1526 bytes --]

Re: [9fans] ftpd on 9front

[ori]

Quoth Garry <taylor.garry@gmail.com>:
> OK, so I am running ftpd on 9front, but on connecting I get:
> 
> Connected to 192.168.1.108.
> 220 Plan 9 FTP server ready.
> 200 UTF8 always on
> User (192.168.1.108:(none)): glenda
> 331 Need password
> Password:
> 
> 534 Command requires tls
> Login failed.
> 
> Any ideas of how to get this work? I am indifferent to whether I either get TLS working or disable it, but I suppose getting TLS working is at least a learning experience.
> 
> Any help much appreciated.
> 
> Garry

To set up TLS, you can easily generate a self-signed cert; the manpage rsa(8)
has examples for httpd, it should be more or less the same for ftp. Note that
the private key needs to end up in a factotum that runs in the same namespace
as the daemon.

If you want a cert with a complete cert chain, you can also use auth/acmed
to generate a cert with letsencrypt; see man 8 acmed for details and examples.

There are no options to allow accepting your password in plain text, and I
would rather not add them.  that said, it looks to be a one line patch to
disable all checking for that (see below, do *not* recommend).

--- a/sys/src/cmd/ip/ftpd.c
+++ b/sys/src/cmd/ip/ftpd.c
@@ -1089,7 +1089,7 @@
                        if(cistrcmp(cmd, t->name) == 0) {
                                if(t->needlogin && !ftpd.user.loggedin) {
                                        reply(ftpd.out, "530 Command requires login");
-                               } else if(t->needtls && !ftpd.conn.tlson) {
+                               } else if(0 && t->needtls && !ftpd.conn.tlson) {
                                        reply(ftpd.out, "534 Command requires tls");
                                } else {
                                        if(t->fn != passcmd)


------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Td09db527ec1fde98-M72362e1da3f5d6fa01429103
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

Re: [9fans] ftpd on 9front

[ori]

Also, if sending plain text passowrds doesn't bother you,
I'd also consider just using anonymous/passwordless FTP.
It's not particularly less secure.

Quoth ori@eigenstate.org:
> Quoth Garry <taylor.garry@gmail.com>:
> > OK, so I am running ftpd on 9front, but on connecting I get:
> > 
> > Connected to 192.168.1.108.
> > 220 Plan 9 FTP server ready.
> > 200 UTF8 always on
> > User (192.168.1.108:(none)): glenda
> > 331 Need password
> > Password:
> > 
> > 534 Command requires tls
> > Login failed.
> > 
> > Any ideas of how to get this work? I am indifferent to whether I either get TLS working or disable it, but I suppose getting TLS working is at least a learning experience.
> > 
> > Any help much appreciated.
> > 
> > Garry
> 
> To set up TLS, you can easily generate a self-signed cert; the manpage rsa(8)
> has examples for httpd, it should be more or less the same for ftp. Note that
> the private key needs to end up in a factotum that runs in the same namespace
> as the daemon.
> 
> If you want a cert with a complete cert chain, you can also use auth/acmed
> to generate a cert with letsencrypt; see man 8 acmed for details and examples.
> 
> There are no options to allow accepting your password in plain text, and I
> would rather not add them.  that said, it looks to be a one line patch to
> disable all checking for that (see below, do *not* recommend).
> 
> --- a/sys/src/cmd/ip/ftpd.c
> +++ b/sys/src/cmd/ip/ftpd.c
> @@ -1089,7 +1089,7 @@
>                         if(cistrcmp(cmd, t->name) == 0) {
>                                 if(t->needlogin && !ftpd.user.loggedin) {
>                                         reply(ftpd.out, "530 Command requires login");
> -                               } else if(t->needtls && !ftpd.conn.tlson) {
> +                               } else if(0 && t->needtls && !ftpd.conn.tlson) {
>                                         reply(ftpd.out, "534 Command requires tls");
>                                 } else {
>                                         if(t->fn != passcmd)
> 

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Td09db527ec1fde98-M82a076647fc1bf29e0b0dacf
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

Re: [9fans] ftpd on 9front

[Garry]

[-- Attachment #1: Type: text/plain, Size: 390 bytes --]

I think I will persevere for a bit in trying to get a self-signed certificate working, I tried following the man page but I think I messed something up somewhere.
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Td09db527ec1fde98-M4f4536321675db57624964d0
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

[-- Attachment #2: Type: text/html, Size: 878 bytes --]