i-MSCP panel ftp directories fail when using TLS Required On

  • @mrpink @Ninos


    For vsftpd, I think we can enforce TLS as per userconf file and default to opportunistic TLS or the reverse. I'll see. I even think that we can just disable TLS for panel with specific vsftpd conffile for the panel.


    To resusme: for vsftpd, we must also create specific userconf file for the panel user (vu2000) instead of putting that user info into main conffile. See http://vsftpd.beasts.org/vsftpd_conf.html


    Then here, to enforce TLS for all customer, we set force_local_logins_ssl to YES in main conffile and we set force_local_logins_ssl to NO in panel user conffile. Then, problem is solved.


    BTW:


    in 1.4.x (It is too later for 1.3.x because the branch is frozen), we should add new dialogs allowing the administrator to choose between two TLS modes (if SSL is enabled):


    Opportunistic: TLS is available but not mandatory.
    Enforced: TLS is always required.


    We should provide those modes for all services (Ftp, SMTP, POP, IMAP). What do you think about that?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Jip I like the idea.


    To resusme: for vsftpd, we must also create specific userconf file for the panel user (vu2000) instead of putting that user info into main conffile. See vsftpd.beasts.org/vsftpd_conf.html

    May it's easier and more secure (because permission requests) to ask vsftpd devs for such a feature?

  • @Ninos


    Which feature?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Opportunistic: TLS is available but not mandatory.
    Enforced: TLS is always required.


    We should provide those modes for all services (Ftp, SMTP, POP, IMAP). What do you think about that?

    I think that is a good idea. :thumbsup:


    Nowadays almost everyone wants encrypted connections.



    To resusme: for vsftpd, we must also create specific userconf file for the panel user (vu2000) instead of putting that user info into main conffile. See vsftpd.beasts.org/vsftpd_conf.html


    Such a solution I also had in mind yesterday, but was not sure if that will work that way, because I don't have any experience with vsftpd.