状态: 不安全的服务器,不支持 FTP over TLS。
命令: USER administrator
响应: 331 Password required for administrator.
命令: PASS ********
响应: 530 User cannot log in, home directory inaccessible.
错误: 严重错误: 无法连接到服务器
状态: 已从服务器断开
状态: 正在连接 120.24.95.70:21...
状态: 连接建立,等待欢迎消息...
状态: 不安全的服务器,不支持 FTP over TLS。
命令: USER administrator
响应: 331 Password required for administrator.
命令: PASS ********
响应: 530 User cannot log in, home directory inaccessible.
错误: 严重错误: 无法连接到服务器
解决办法:
http://www.vsysad.com/2013/06/install-and-configure-ftp-over-ssl-ftps-in-iis-7-5/
This guide will show you how to install FTP Server in IIS 7.5 and also how to configure FTP Over SSL (FTPS).
FTP Over SSL (FTPS) allows FTP sessions to be encrypted. It is vitally important to secure FTP traffic as usernames and passwords, are by default, sent in plain text across the network when an FTP client is establishing a connection with the server.
Note: In this guide I am assuming that your server environment is Windows Server 2008 R2 and that you have IIS 7.5 already installed but not the FTP Server. I am also assuming that you want to add FTP publishing to an existing site – in the example below this will be the Default Web Site.
Installing the FTP Server
In Server 2008 R2 the FTP Server is a module that can be found under the Web Server role. To install it do the following:
1. Click Start > Run and then enter servermanager.msc in the Open dialogue box then click OK to load Server Manager:
C:\>servermanager.msc
2. Click on Roles in the left pane and the Roles section will appear in the right pane. Locate the Web Server (IIS) section and then then click on Add Role Services:
20130606224147
3. In the Select Role Services scroll down to the bottom and check FTP Server, FTP Service & FTP Extensibility then click Next and then Install:
20130508215249
4. Once the installation completes click Close. To install FTP Server, FTP Service & FTP Extensibility via the command line run the following:
C:\>CMD /C PKGMGR.EXE /iu:IIS-FTPServer;IIS-FTPSvc;IIS-FTPExtensibility
Configuring the FTP Server
5. Click Start > Run and then enter inetmgr in the dialogue box then click OK to load Internet Information Services (IIS) Manager.
6. Once IIS Manager is open select Default Web Site and then click on Add FTP Publishing under the Actions pane as highlighted below:
20130508215320
7. In the Bindings and SSL Settings section configure the settings per the screenshot below and click Next:
20130508215328
Note: If you want your FTP site to use a specific IP address, select it from the drop-down menu, otherwise leave the default setting which binds all FTP traffic to the site you are creating.
8. In the next section configure per the screenshot below. Under Authentication ensure that only Basic is checked. Under Authorization, ensure that your FTP user account is set under the Specified Users box, then click Finish:
20130508215338
At this point basic FTP publishing has been enabled on the Default Web Site.
9. Next, click on the Server object and then in the right pane double-click on the FTP Firewall Support icon:
20130520233612
10. I am configuring FTP connections to use Passive Transfers and the Data Channel Port Range will be set to 0-0 and the External IP Address of Firewall should be left blank (per below):
20130520221406
Note: The firewall in this environment is the built-in Windows software firewall. As it provides Stateful Packet Inspection (SPI) we do not need to state a port range for passive transfers as the firewall will detect which ports are dynamically required and allow the data transfers to go through..For more information about configuring firewalls for FTP see this link.
11. Next, click on the Default Web Site and then in the right pane double-click on the FTP Firewall Support icon. When this loads up input the FTP site’s public IP address and then click on Apply under the Actions pane on the right-hand side:
20130520224735
11. Within IIS Manager, click on the server object and in the centre pane open Server Certificates:
20130519224741
12. Then click on Create Self-Signed Certificate in the Actions pane in the right hand side:
20130519224830
13. Type a name for the certificate, I used FTP Site Certificate but any descriptive name will suffice, then click on OK:
20130519225034
14. You will now see the created certificate in the list:
20130519225141
15. Click on the server object again and open FTP SSL Settings:
20130522235958
16. Under SSL Certificate select the certificate we created earlier. Under SSL Policy select Custom and then click on the Advanced button:
20130519230643
17. Under Control Channel select Require only for credentials and under Data Channel select Require and then click on OK:
20130519230909
18. Now click on the Default Web Site and then open FTP SSL Settings and ensure you configure the same settings as for the server level as performed in steps 15 – 17. Failing to configure the FTP SSL Settings at BOTH the SERVER and SITE levels with result in FTP connection errors per the below:
Response: 534 Local policy on server does not allow TLS secure connections.
Error: Critical error
Error: Could not connect to server
19. Click on the Default Web Site and then click on Bindings in the Actions pane:
20130604214640
20. In the Site Bindings section click on the Add Button:
20130604215037
21. In the Add Site Binding section select the Type as ftp, leave the IP Address box as All Unassigned and then enter the hostname for the FTP Site and then click on OK:
20130604215232
22. Confirm that you can see the new FTP Site binding and then click Close:
20130604215431
23. While still in the Default Web Site context select Advanced Settings in the Actions pane to view the FTP Site’s home directory – it will be the physical path for the Default Web Site:
20130523222443
24. You will need to configure the ftp_user account to have write permissions to C:\inetpub\wwwroot in order for you to be able to upload files to this directory. NTFS permissions should be configured per below:
20130523223358
25. As mentioned earlier, my environment uses the Windows software firewall. The rules that need to be enabled to allow FTP and FTPs communication are:
Inbound Rules
FTP Server (FTP Traffic-In)
FTP Server Passive (FTP Passive Traffic-In)
FTP Server Secure (FTP SSL Traffic-In)
Outbound Rules
N/A – because the default setting for public traffic is that outbound connections that do not match a rule are allowed.
Connecting to the FTP Site
26. The only thing left to do is test the connection from your FTP client. Using FileZilla, you will need the connection information below, changing only the Host, User and Password fields according to your specific settings:
Host: ftp.vsysad.com
Protocol: FTP – File Transfer Protocol
Encryption: Require explicit FTP over TLS
Logon Type: Normal
User: ftp.vsysad.com|ftp_user
Password: **********
In FileZilla, I added a site called vSysad and then added the relevant connection info above:
20130608200123
Note: The user field must be VirtualHostName|User to allow successful authentication. The virtual host name is a requirement and the FTP Server is expecting that string, if it doesn’t see it then you will see the following error:
Status: Connecting to ftp.vsysad.com…
Status: Connection established, waiting for welcome message…
Response: 220 Microsoft FTP Service
Command: AUTH TLS
Response: 234 AUTH command ok. Expecting TLS Negotiation.
Status: Initializing TLS…
Status: Verifying certificate…
Command: USER ftp_user
Status: TLS/SSL connection established.
Response: 530 Valid hostname is expected.
Error: Could not connect to server
27. Once you have input the relevant connection info for the FTP Site, click Connect and assuming that the connection is successful you will see a pop-up box displaying an unknown certificate which we created earlier:
20130608193639 - Copy
28. Check the box Always trust certificate in future sessions and hit OK. After which you will be connected to the home directory:
20130608200420
And that’s all. Happy FTPing over SSL!
References:
Using FTP Virtual Host Names in IIS 7
Configuring FTP 7.5 with Host Header and SSL
Setup FTPS on IIS 7.5 Using Host Headers Tutorial
Local policy on server does not allow TLS secure connections
Configuring FTP Firewall Settings in IIS 7
Using FTP Over SSL in IIS 7
530 User cannot log in.
错误: 严重错误: 无法连接到服务器
https://www.zhihu.com/question/30428997/answer/49762574
分享到:
相关推荐
如果需要,可以考虑使用FTPS(FTP over TLS/SSL)或SFTP(SSH File Transfer Protocol)提供加密传输。此外,根据网络条件和服务器负载,适当调整QNetworkAccessManager的缓存策略和并发请求数量,以优化性能。 9. ...
6. **FTP 7.5增强**:在IIS7.5(与Windows Server 2008 R2一同发布)中,FTP服务进一步增强了,例如支持IPv6,提供FTP over SSL(FTPS)和FTP using Explicit TLS/SSL(FTPES)以确保数据传输的安全性。 在描述中...
1. FTP身份验证:IIS支持基本身份验证、集成Windows身份验证以及匿名访问。为了安全起见,通常使用基本身份验证或集成Windows身份验证,需要设置用户账户并指定权限。 2. FTP授权规则:在FTP站点的“FTP授权规则”...
考虑到安全性,推荐使用SSL/TLS加密的FTPS(FTP over SSL)或SFTP(SSH文件传输协议)来替代传统的FTP,以保护数据在传输过程中的安全。这需要额外的证书配置和客户端支持。 7. **日志和性能监控** IIS6.0提供了...
例如,使用FTP-S(FTP over SSL)或FTPS(FTP Secure)增强安全性,通过限制IP范围防止未经授权的访问,以及监控FTP服务器的性能和日志以确保服务稳定。 通过以上步骤,您可以成功配置并运行一个IIS FTP服务器,...
2. **SSL/TLS加密**:为了确保数据传输的安全性,FTP 7.5支持FTPS(FTP over SSL)和SFTP(Secure FTP),通过SSL/TLS协议进行数据加密,保护用户信息不被窃取。 3. **Web管理界面**:通过IIS Manager,管理员可以...
4. **安全增强**:除了基本的FTP协议,还有更安全的变体,如FTPS(FTP over SSL/TLS)和SFTP(SSH File Transfer Protocol),它们提供了数据加密,防止在传输过程中被窃取。 5. **自动同步**:FTP服务器可以配置为...
对于安全性的强化,还可以设置SSL证书,启用FTPS(FTP over SSL/TLS)以加密数据传输。 在局域网内部,用户可以通过FTP客户端(如FileZilla、WinSCP等)连接到FTP服务器,输入服务器的IP地址、端口、用户名和密码,...
5. SSL/TLS安全加密:为了保护数据传输的安全,可以启用FTP over SSL(FTPS)或FTP over TLS(FTPS)来加密连接。 FTP连接方式: FTP有两种模式:主动模式(PORT)和被动模式(PASV)。主动模式下,服务器主动发起...
在实际应用中,FTP可能与其他技术结合,如SFTP(SSH File Transfer Protocol)提供更强的安全性,或者FTPS(FTP over SSL/TLS)为传输过程加密。了解这些变体及其应用场景也是学习FTP的重要部分。 总结来说,这个...
6. **SSL/TLS加密**: 对于安全传输,可以使用FTPS(FTP over SSL/TLS)或SFTP(SSH File Transfer Protocol),提供数据传输的安全性。 **FTP服务器实例** 提供的“FTP编程:FTP服务器实例”很可能包含一个或多个...
4. **安全性**:现代FTP服务器通常支持FTPS(FTP over TLS/SSL)或SFTP(SSH File Transfer Protocol),以确保数据传输的安全性。 5. **性能优化**:服务器需要处理大量文件请求,因此可能需要优化如缓存、多线程...
为了提高安全性,可以启用FTPS(FTP over TLS/SSL),它使用SSL/TLS加密,保护数据传输过程中的隐私。在IIS中,可以在FTP站点属性中配置SSL证书并启用SSL连接。 7. **日志和监控**:为了跟踪FTP服务器的活动,可以...
为了防止密码被窃取,应启用FTP的SSL/TLS加密,或者使用FTP的更安全版本FTPS(FTP over SSL)或SFTP(SSH File Transfer Protocol)。 总的来说,Windows Server 2003的FTP服务是企业级文件共享的重要组成部分。...
6. **FTP协议版本**:FTP有FTP和FTP over TLS/SSL(FTPS)两种,确保客户端和服务器都支持所选的协议。 7. **日志分析**:查看服务器和客户端的日志信息,可以帮助定位问题所在。 为了解决上述问题,可以按照以下...
2. **安全性强化**:支持SSL/TLS加密,提供FTPS(FTP over SSL)和SFTP(SSH File Transfer Protocol)协议,以确保数据在传输过程中的安全,防止数据被窃取或篡改。 3. **用户管理**:可以创建多个用户账户,对每...
因此,现代FTP工具往往支持更安全的SFTP(SSH文件传输协议)或FTPS(FTP over SSL/TLS),以加密数据传输,保护用户信息不被窃取。 6. **用户界面**:FTP工具通常提供图形用户界面(GUI),使得操作更为直观,适合...
现代的FTP服务器如“ftpsever”可能支持FTPS(FTP over TLS/SSL)或SFTP(SSH File Transfer Protocol),这两种协议提供了数据加密,增强了安全性。 5. **日志记录与审计**:FTP服务器会记录用户的登录活动、文件...
为了提高安全性,可以使用FTPS(FTP over TLS/SSL)或SFTP(SSH File Transfer Protocol),它们提供加密传输,保护数据不被窃取。 7. FTP脚本与自动化: 对于频繁的文件传输任务,可以编写FTP脚本或利用FTP客户端...
- 如果需要,可以启用SSL/TLS加密或FTP over SSH(SFTP)以增强安全性。 3. FTP站点列表: 全国大学FTP站点列表可能包含各大学的FTP服务器地址,供学生和教师共享学术资源。这些站点通常包含课程材料、研究论文、...