Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Checking if a product is using SFTP or FTPS?

  • 06-09-2012 8:56am
    #1
    BrokenArrows
    Registered Users, Registered Users 2 Posts: 7,515 ✭✭✭


    Alot of confusion out there with some products claiming to be SFTP when they are actually FTPS.

    I need a SFTP server but i want to be sure that is what im getting.

    How can i test to see if the server is actually communicating using SFTP and not FTPS?

    I already have a list of both free and commerical servers. I just want to trial them and eventually decide what to use.


Comments

  • #2
    BaconZombie
    Registered Users, Registered Users 2 Posts: 8,814 ✭✭✭BaconZombie


    TCPDUMP / TSHARK / WIRESHARK are your friends.
    BrokenArrows wrote: »
    Alot of confusion out there with some products claiming to be SFTP when they are actually FTPS.

    I need a SFTP server but i want to be sure that is what im getting.

    How can i test to see if the server is actually communicating using SFTP and not FTPS?

    I already have a list of both free and commerical servers. I just want to trial them and eventually decide what to use.


  • #3
    h57xiucj2z946q
    Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Connect to the port, if its SFTP, you should get something like:

    sles@sles:/> telnet localhost 22
    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_5.1
    ^]
    telnet> quit
    Connection closed.
    sles@sles:/>


  • #4
    BrokenArrows
    Registered Users, Registered Users 2 Posts: 7,515 ✭✭✭BrokenArrows


    BaconZombie wrote: »
    TCPDUMP / TSHARK / WIRESHARK are your friends.

    Ok.

    Do you have any information on what exactly i am on the lookout for when scanning though the packets?


  • #5
    BrokenArrows
    Registered Users, Registered Users 2 Posts: 7,515 ✭✭✭BrokenArrows


    Ameer Rich Magenta wrote: »
    Connect to the port, if its SFTP, you should get something like:

    sles@sles:/> telnet localhost 22
    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_5.1
    ^]
    telnet> quit
    Connection closed.
    sles@sles:/>

    Not really because the description that you get back after connecting is just what they have coded into the server.
    A standard FTP server could do exactly what you have written.


  • #6
    h57xiucj2z946q
    Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    BrokenArrows wrote: »
    Not really because the description that you get back after connecting is just what they have coded into the server.
    A standard FTP server could do exactly what you have written.

    Why would they do that?


  • Advertisement
  • #7
    BrokenArrows
    Registered Users, Registered Users 2 Posts: 7,515 ✭✭✭BrokenArrows


    Ameer Rich Magenta wrote: »
    Why would they do that?

    Thats my point. Some people are producing FTPS software but labeling it as SFTP.


  • #8
    h57xiucj2z946q
    Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    BrokenArrows wrote: »
    Thats my point. Some people are producing FTPS software but labeling it as SFTP.

    I'd say if you try connect to the server regardless of the "version label" if its not really SSH/SFTP, the protocol handshake will fail, you won't get as far as been asked for credentials.


  • #9
    BrokenArrows
    Registered Users, Registered Users 2 Posts: 7,515 ✭✭✭BrokenArrows


    Ameer Rich Magenta wrote: »
    I'd say if you try connect to the server regardless of the "version label" if its not really SSH/SFTP, the protocol handshake will fail, you won't get as far as been asked for credentials.

    You are correct.

    That makes life easier. :)

    I was using filezillas quick connect tab. So it was connecting using the appropiate method but if i force it to use SFTP it will fail unless it is a sftp server.


  • #10
    schrodinger
    Registered Users, Registered Users 2 Posts: 326 ✭✭schrodinger


    You can test SSL connections "like telnet"

    I don't have an SSL enabled FTP server to hand but the principle is the same.
    $ openssl s_client -connect www.boards.ie:443
CONNECTED(00000003)
depth=0 /serialNumber=lbiJi9orTvkz0RFnWzSC3zwkXc0-93jd/C=IE/O=*.boards.ie/OU=GT26090247/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.boards.ie
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /serialNumber=lbiJi9orTvkz0RFnWzSC3zwkXc0-93jd/C=IE/O=*.boards.ie/OU=GT26090247/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.boards.ie
verify error:num=27:certificate not trusted
verify return:1
depth=0 /serialNumber=lbiJi9orTvkz0RFnWzSC3zwkXc0-93jd/C=IE/O=*.boards.ie/OU=GT26090247/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.boards.ie
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/serialNumber=lbiJi9orTvkz0RFnWzSC3zwkXc0-93jd/C=IE/O=*.boards.ie/OU=GT26090247/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.boards.ie
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDdjCCAt+gAwIBAgIDEuDmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTAwNTE2MTA1NTQ4WhcNMTMwNTE4MDIxNjA5
WjCB3TEpMCcGA1UEBRMgbGJpSmk5b3JUdmt6MFJGbld6U0MzendrWGMwLTkzamQx
CzAJBgNVBAYTAklFMRQwEgYDVQQKDAsqLmJvYXJkcy5pZTETMBEGA1UECxMKR1Qy
NjA5MDI0NzExMC8GA1UECxMoU2VlIHd3dy5yYXBpZHNzbC5jb20vcmVzb3VyY2Vz
L2NwcyAoYykxMDEvMC0GA1UECxMmRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkIC0g
UmFwaWRTU0woUikxFDASBgNVBAMMCyouYm9hcmRzLmllMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC9NhCe8MI79gjVohKy6WZjZjrTKsfNjGw3IWYu3x/lLsaM
GoTdnVuYDjENVi7XOlhm67nJ16yy5jAo4cV3iFteetvvW/z46EZjlVoxxc5GYm5Q
HIsby79t5vbqrafrxg/zFjcV5iy40jnTBajTiTy8QX9ulqC9i/he76UbSEe63QID
AQABo4HRMIHOMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/UMA4GA1Ud
DwEB/wQEAwIE8DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIQYDVR0R
BBowGIILKi5ib2FyZHMuaWWCCWJvYXJkcy5pZTA6BgNVHR8EMzAxMC+gLaArhilo
dHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAdBgNVHQ4E
FgQUz4GMlPghxxE3IrKN8JIdPsZcfdMwDQYJKoZIhvcNAQEFBQADgYEAOoG5oIFo
T9SYSw5jwux0x2CVHgY2iqZbCTcUn7Fo97ZAUqFufj3uoUmYmNNJY7Zr0Kj7Pp9y
LQw4k6NrDaabMoNa3gXdy8jGnGBhqwfUw1JBFrJS68wdT4ewJwZY5H4iIeNpBW28
vOQSAKfts7+lwYJt/7R2NueWHe1w2TzAH5U=
-----END CERTIFICATE-----
subject=/serialNumber=lbiJi9orTvkz0RFnWzSC3zwkXc0-93jd/C=IE/O=*.boards.ie/OU=GT26090247/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.boards.ie
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 1461 bytes and written 337 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: C23B1666D698D71CC794BC1F182C1EEC93E053D9311E62C53046ABCECE7D78D5
    Session-ID-ctx: 
    Master-Key: 97E12557ECF74ADEDDA0B06CCACADDCDE7D28B202B6E991C16B686B944CE596FC356D479DC1C1E7C38D19A50D28B41B4
    Key-Arg   : None
    Start Time: 1347011979
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
HEAD / HTTP/1.1
Host: www.boards.ie

HTTP/1.1 200 OK
Set-Cookie: bbsessionhash=c47ab1ae9d096200d5d16a5ed65794b3; path=/; domain=.boards.ie; HttpOnly
Set-Cookie: bblastvisit=1347011882; expires=Sat, 07-Sep-2013 09:58:02 GMT; path=/; domain=.boards.ie
Set-Cookie: bblastactivity=0; expires=Sat, 07-Sep-2013 09:58:02 GMT; path=/; domain=.boards.ie
Set-Cookie: bbcascade_options=218; expires=Sat, 07-Sep-2013 09:58:02 GMT; path=/; domain=.boards.ie
Content-Type: text/html; charset=ISO-8859-1
Server: Lighthttpd
X-Powered-By: PHP
X-Varnish-Cacheable: Yes
Content-Length: 43346
Date: Fri, 07 Sep 2012 09:59:47 GMT
X-Varnish: 1054637553 1054599696
Age: 105
Via: 1.1 varnish
Connection: keep-alive
X-Varnish-Cache-Result: Hit


Advertisement