SFTP connection issue

Question

I am getting an exception when I try to connect to an SFTP server. I believe that it is a non-secure server, but the connection failed with FTP, as well. I confirmed with the admin that the server is, in fact, secured and should use SFTP. The code runs fine on my local machine, as a stand alone java program, but not when running on a Websphere commerce server on my local machine.

Code:

FTPSClient client = new FTPSClient();
//FTPClient  client = new FTPClient();
//client.setKeyManager(km);
System.setProperty("javax.net.debug", "all");
//client.setSocketFactory(SSLSocketFactory.getDefault()); 
client.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out)));
client.setTrustManager(ACCEPT_ALL);
client.enterLocalPassiveMode();
client.setWantClientAuth(false);
client.setNeedClientAuth(false);
//client.setEnabledCipherSuites(null);
System.out.println("using 990'");
client.connect("obuftp.sears.com",21);

Exception (When running inside WCS env)

SystemOut     O   220-| Welcome to obuftp401p FTP over SSL (FTPS) Server |
220-| We allow TLS connections on ports 21 and 990.    |
220-| If you see "503 Login with USER first." use SSL. |
220 

SystemOut     O   AUTH TLS

SystemOut     O   234 Proceed with negotiation.

SystemErr     R   javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
SystemErr     R      at com.ibm.jsse2.b.c(b.java:169)
SystemErr     R      at com.ibm.jsse2.b.a(b.java:228)
SystemErr     R      at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:242)
SystemErr     R      at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:437)
SystemErr     R      at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:142)
SystemErr     R      at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:686)
SystemErr     R      at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:240)
SystemErr     R      at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:171)

I like the println that says "using 990" even though the code proceeds to use 21. Very good. — Boris the Spider, Apr 11 '13 at 15:52
As pointed by Mike in his answer, "SFTP" is "SSH File Transfer Protocol" which has nothing to do with FTP/FTPS. It can be that you need SFTP client and not FTPS. — Eugene Mayevski 'Callback, Apr 11 '13 at 16:40

Mike · Answer 1 · 2013-04-11T17:25:52.150

Please note that secure FTP is quite ambiguous thing.

SFTP is part of SSH protocol
FTPS is a real "FTP secure" as extension of FTP protocol

Now there are 2 kinds of FTPS: implicit (FTPS) and explicit (FTP/ES).

FTPS is encrypted as default and usually works on port 990.
FTP/ES connection begins as regular FTP (default port 21) and is explicitly turned on by "START TLS" or "START SSL" FTP command.

There are a lot of issues resulting from confusion between all these protocols. I guess this is also the case here - you probably send "AUTH TLS" to the server which expects SSL data or you send SSL data to the server which expects "AUTH TLS".

May be client.connect("obuftp.sears.com",990); will be just fine...

You can read more at https://en.wikipedia.org/wiki/FTPS

SFTP connection issue

1 Answers1