2

I am using BitVise SSH Server. Normally I have it listening on 49000 for SSH/SFTP requests which works fine. I am trying to set it up to listen for FTP on 21. According to the logs the connection is established and terminates normally. However the client side is not connecting correctly.

Using WinSCP I see this in the logs and on screen

. 2019-09-11 11:10:31.735 Connecting to sftp.mysite.ca ...
. 2019-09-11 11:10:31.735 Connected with sftp.mysite.ca. Waiting for welcome message...
< 2019-09-11 11:10:31.735 220 Bitvise SSH Server 8.32
> 2019-09-11 11:10:31.735 USER scanner
< 2019-09-11 11:10:31.735 530 No security mechanism selected
. 2019-09-11 11:10:31.735 Connection failed.
* 2019-09-11 11:10:31.773 (EFatal) Connection failed.
* 2019-09-11 11:10:31.773 Authentication failed.
* 2019-09-11 11:10:31.773 Connection failed.
* 2019-09-11 11:10:31.773 No security mechanism selected

Surely I need to do something on the server side. All I did was add a listening port under Settings > Server > Bindings and UPnP > IPv4 for FTP on port 21.

So I am looking to either FTP was not setup correctly or what I need to do on the client side to offer the correct security mechanism. I am doing this as we have some old printers that do not support modern security protocols like SMBv2 so FTP is supposed to be an acceptable compromise and I am using Bitvise to broker the connection so that users can scan to folders but using FTP.

Matt
  • 740
  • 6
  • 28
  • Before you go too far, check if there are firmware updates for your MFPs that might add SMBv2+ support for the scan to fileserver functionality. – Michael Hampton Sep 11 '19 at 16:40
  • I found an article about ricoh printers and firmware updates in relation to those printers. Most of them are too old to support firmware for c2. For the ones that do we are going that route.... but it will take forever since they are leased. – Matt Sep 11 '19 at 20:29

1 Answers1

3

This is not supposed to work. Bitvise supports FTPS not plain FTP

Bitvise SSH Server also supports FTPS - FTP over TLS/SSL. The FTP protocol has a longer history than SSH and is originally rooted in an insecure, unencrypted design. FTPS clients vary greatly in the security measures they support for FTP. Therefore, Bitvise SSH Server is compatible with FTPS clients more selectively than in the case of SSH, SFTP and SCP clients.

To be compatible with Bitvise SSH Server, an FTPS client must:

  • Support explicit TLS started using AUTH TLS at the beginning of the FTP control connection.

  • Use FTP passive mode.

  • Support TLS for data connections, and use TLS resume functionality for data connections.

The in application help (for version 8.32 at least) explicitly states:

Only TLS-secured FTP connections are supported. Unencrypted, plaintext FTP is not supported.

Matt
  • 740
  • 6
  • 28