状态: 不安全的服务器,不支持 FTP over TLS。
命令: USER administrator
响应: 331 Password required for administrator.
命令: PASS ********
响应: 530 User cannot log in, home directory inaccessible.
错误: 严重错误: 无法连接到服务器
状态: 已从服务器断开
状态: 正在连接 120.24.95.70:21...
状态: 连接建立,等待欢迎消息...
状态: 不安全的服务器,不支持 FTP over TLS。
命令: USER administrator
响应: 331 Password required for administrator.
命令: PASS ********
响应: 530 User cannot log in, home directory inaccessible.
错误: 严重错误: 无法连接到服务器
解决办法:
http://www.vsysad.com/2013/06/install-and-configure-ftp-over-ssl-ftps-in-iis-7-5/
This guide will show you how to install FTP Server in IIS 7.5 and also how to configure FTP Over SSL (FTPS).
FTP Over SSL (FTPS) allows FTP sessions to be encrypted. It is vitally important to secure FTP traffic as usernames and passwords, are by default, sent in plain text across the network when an FTP client is establishing a connection with the server.
Note: In this guide I am assuming that your server environment is Windows Server 2008 R2 and that you have IIS 7.5 already installed but not the FTP Server. I am also assuming that you want to add FTP publishing to an existing site – in the example below this will be the Default Web Site.
Installing the FTP Server
In Server 2008 R2 the FTP Server is a module that can be found under the Web Server role. To install it do the following:
1. Click Start > Run and then enter servermanager.msc in the Open dialogue box then click OK to load Server Manager:
C:\>servermanager.msc
2. Click on Roles in the left pane and the Roles section will appear in the right pane. Locate the Web Server (IIS) section and then then click on Add Role Services:
20130606224147
3. In the Select Role Services scroll down to the bottom and check FTP Server, FTP Service & FTP Extensibility then click Next and then Install:
20130508215249
4. Once the installation completes click Close. To install FTP Server, FTP Service & FTP Extensibility via the command line run the following:
C:\>CMD /C PKGMGR.EXE /iu:IIS-FTPServer;IIS-FTPSvc;IIS-FTPExtensibility
Configuring the FTP Server
5. Click Start > Run and then enter inetmgr in the dialogue box then click OK to load Internet Information Services (IIS) Manager.
6. Once IIS Manager is open select Default Web Site and then click on Add FTP Publishing under the Actions pane as highlighted below:
20130508215320
7. In the Bindings and SSL Settings section configure the settings per the screenshot below and click Next:
20130508215328
Note: If you want your FTP site to use a specific IP address, select it from the drop-down menu, otherwise leave the default setting which binds all FTP traffic to the site you are creating.
8. In the next section configure per the screenshot below. Under Authentication ensure that only Basic is checked. Under Authorization, ensure that your FTP user account is set under the Specified Users box, then click Finish:
20130508215338
At this point basic FTP publishing has been enabled on the Default Web Site.
9. Next, click on the Server object and then in the right pane double-click on the FTP Firewall Support icon:
20130520233612
10. I am configuring FTP connections to use Passive Transfers and the Data Channel Port Range will be set to 0-0 and the External IP Address of Firewall should be left blank (per below):
20130520221406
Note: The firewall in this environment is the built-in Windows software firewall. As it provides Stateful Packet Inspection (SPI) we do not need to state a port range for passive transfers as the firewall will detect which ports are dynamically required and allow the data transfers to go through..For more information about configuring firewalls for FTP see this link.
11. Next, click on the Default Web Site and then in the right pane double-click on the FTP Firewall Support icon. When this loads up input the FTP site’s public IP address and then click on Apply under the Actions pane on the right-hand side:
20130520224735
11. Within IIS Manager, click on the server object and in the centre pane open Server Certificates:
20130519224741
12. Then click on Create Self-Signed Certificate in the Actions pane in the right hand side:
20130519224830
13. Type a name for the certificate, I used FTP Site Certificate but any descriptive name will suffice, then click on OK:
20130519225034
14. You will now see the created certificate in the list:
20130519225141
15. Click on the server object again and open FTP SSL Settings:
20130522235958
16. Under SSL Certificate select the certificate we created earlier. Under SSL Policy select Custom and then click on the Advanced button:
20130519230643
17. Under Control Channel select Require only for credentials and under Data Channel select Require and then click on OK:
20130519230909
18. Now click on the Default Web Site and then open FTP SSL Settings and ensure you configure the same settings as for the server level as performed in steps 15 – 17. Failing to configure the FTP SSL Settings at BOTH the SERVER and SITE levels with result in FTP connection errors per the below:
Response: 534 Local policy on server does not allow TLS secure connections.
Error: Critical error
Error: Could not connect to server
19. Click on the Default Web Site and then click on Bindings in the Actions pane:
20130604214640
20. In the Site Bindings section click on the Add Button:
20130604215037
21. In the Add Site Binding section select the Type as ftp, leave the IP Address box as All Unassigned and then enter the hostname for the FTP Site and then click on OK:
20130604215232
22. Confirm that you can see the new FTP Site binding and then click Close:
20130604215431
23. While still in the Default Web Site context select Advanced Settings in the Actions pane to view the FTP Site’s home directory – it will be the physical path for the Default Web Site:
20130523222443
24. You will need to configure the ftp_user account to have write permissions to C:\inetpub\wwwroot in order for you to be able to upload files to this directory. NTFS permissions should be configured per below:
20130523223358
25. As mentioned earlier, my environment uses the Windows software firewall. The rules that need to be enabled to allow FTP and FTPs communication are:
Inbound Rules
FTP Server (FTP Traffic-In)
FTP Server Passive (FTP Passive Traffic-In)
FTP Server Secure (FTP SSL Traffic-In)
Outbound Rules
N/A – because the default setting for public traffic is that outbound connections that do not match a rule are allowed.
Connecting to the FTP Site
26. The only thing left to do is test the connection from your FTP client. Using FileZilla, you will need the connection information below, changing only the Host, User and Password fields according to your specific settings:
Host: ftp.vsysad.com
Protocol: FTP – File Transfer Protocol
Encryption: Require explicit FTP over TLS
Logon Type: Normal
User: ftp.vsysad.com|ftp_user
Password: **********
In FileZilla, I added a site called vSysad and then added the relevant connection info above:
20130608200123
Note: The user field must be VirtualHostName|User to allow successful authentication. The virtual host name is a requirement and the FTP Server is expecting that string, if it doesn’t see it then you will see the following error:
Status: Connecting to ftp.vsysad.com…
Status: Connection established, waiting for welcome message…
Response: 220 Microsoft FTP Service
Command: AUTH TLS
Response: 234 AUTH command ok. Expecting TLS Negotiation.
Status: Initializing TLS…
Status: Verifying certificate…
Command: USER ftp_user
Status: TLS/SSL connection established.
Response: 530 Valid hostname is expected.
Error: Could not connect to server
27. Once you have input the relevant connection info for the FTP Site, click Connect and assuming that the connection is successful you will see a pop-up box displaying an unknown certificate which we created earlier:
20130608193639 - Copy
28. Check the box Always trust certificate in future sessions and hit OK. After which you will be connected to the home directory:
20130608200420
And that’s all. Happy FTPing over SSL!
References:
Using FTP Virtual Host Names in IIS 7
Configuring FTP 7.5 with Host Header and SSL
Setup FTPS on IIS 7.5 Using Host Headers Tutorial
Local policy on server does not allow TLS secure connections
Configuring FTP Firewall Settings in IIS 7
Using FTP Over SSL in IIS 7
530 User cannot log in.
错误: 严重错误: 无法连接到服务器
https://www.zhihu.com/question/30428997/answer/49762574
分享到:
相关推荐
支持FTP加密上传,1.4到1.7版本的包 Security Basic FTP authentication. FTPS (FTP over implicit TLS/SSL). FTPES (FTP over explicit TLS/SSL).
小程序 Windows 2008 r2设置IIS中开启TLS1.2,IISCrypto下载
本程序基于SSL/TLS协议的三元组认证的安全文件传输系统的设计和实现。采用java实现,java对SSL/TLS协议和加密技术封装的比较好,有兴趣可以下下来看一下
php不支持TLS1.2解决方法php不支持TLS1.2解决方法php不支持TLS1.2解决方法
XP的IE8增加TLS1.1 1.2支持 将XP识别成POSReady 2009 。打上对应的补丁。最后更新证书就实现了。
用户可以通过软件对服务进行各类密码以及相关协议的重置,帮助用户轻松管理IIS安全,使用更加方便,它还允许您重新排序IIS提供的SSL/TLS密码套件!设置完成后,使用这个工具,可以在线检测网站的SSL证书是否安全,...
NULL 博文链接:https://ligaosong.iteye.com/blog/2356346
RFC 7858 - DNS over TLS 英文版 This document is subject to BCP 78 and the IETF Trust’s Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of ...
尽可能尝试使用FTPS(基于TLS的FTP),仅FTP不能提供任何安全性。依存关系节点8.0或更高版本是唯一的依赖项。介绍第一个示例将使用TLS连接到FTP服务器,获取目录列表,上传文件并将其下载为副本。 请注意,FTP协议...
通过FTP,FTPS的(SSL / TLS的)和SFTP(SSH)连接 高度调整加速转移,多连接FTP引擎超快速传输 自动故障恢复 可直接拖放上传到服务器 定义本地文件夹自动上传到指定的服务器 丰富的远程编辑支持 能编辑任何...
FTP客户端,FlashFXP_主机阵线支持TLS SSL加密传输
解决XP系统默认不支持TLS1.1和TLS1.2,导致有些https服务无法正常打开的问题。 按照压缩包内文件序号1-3的顺序执行,执行完后重启系统。
补丁安装完之后还要重启系统修改注册表等操作,注意看文档
让Win7的WinHTTP支持TLS1.2,修复WinHttp.WinHttpRequest或msxml3.dll出现安全频道支持出错问题
libeay32.dll ssleay32.dll Delphi2010 indy10 支持 TLS1.2
DNS是指域名系统(英文:Domain Name System,缩写:DNS)是互联网的一项服务。...本程序就是一个实现了DNS UDP协议转DNS-over-TLS协议的DNS服务器,通过向本地的UDP DNS协议发送数据包,经本程序转DNS-over-TLS协议!
本文详细讲解了FileZilla Server搭建FTP服务器配置以及425 Can't open data,You appear to be behind a NAT router,FTP over TLS is not enabled等相关问题的解决方法
IIS Crypto最新版,支持windows服务器上启用或禁用TLS,SSL协议,免费
★支持TLS / SSL(FTPS)上的FTP ★可配置的匿名访问 ★可配置的主文件夹(挂载点) ★可配置的用户名/密码 ★避免使用USB电缆通过Wifi进行文件传输和复制/备份文件 ★通过Wifi和Wifi共享模式(热点模式)工作
主要给大家介绍了如何让Nginx快速支持TLS1.3协议的相关资料,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧。