Question: FTP upload Filezilla TLS error
1
gravatar for odhardy
12 months ago by
odhardy10
odhardy10 wrote:

Hi, having issue uploading via Filezilla 3.27.0.1 windows: I receive the errors below after "retrieving directory listing..." GnuTLS error -110: The TLS connection was non-properly terminated. Status: Server did not properly shut down TLS connection Error: Transfer connection interrupted: ECONNABORTED - Connection aborted

I verified settings related to new changes from July 19. I am using FTP + require FTP over TLS, i accepted the certificate that came up when first connecting, but I cannot connect. thanks for any assistance. Owen Hardy

ftp • 935 views
ADD COMMENTlink modified 12 months ago by Jennifer Hillman Jackson25k • written 12 months ago by odhardy10

Hi Jen, I can connect at home on Filezilla + Mac. I cannot connect at work on Filezilla + windows 7 since changes were made to galaxy. I cannot resume any transfers as I cannot even connect at all--after adjusting encryption settings to require TLS and accepting the new certificate I get the error above. I can get a little further by changing transfer settings from default to active in Filezilla, but then it fails loading the directory. I CAN connect to other servers via filezilla on windows, galaxy is the only one I cannot connect to right now.

Require TLS + default transfer setting

Status: Resolving address of usegalaxy.org
Status: Connecting to 129.114.60.60:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Type set to I
Command:    PASV
Response:   227 Entering Passive Mode (129,114,60,60,118,34).
Command:    MLSD
Error:  GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error:  Transfer connection interrupted: ECONNABORTED - Connection aborted

Require TLS + active transfer setting

Status: Resolving address of usegalaxy.org
Status: Connecting to 129.114.60.56:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Type set to I
Command:    PORT 10,64,176,252,226,14
Response:   200 PORT command successful
Command:    MLSD
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing
ADD REPLYlink modified 11 months ago • written 11 months ago by odhardy10

Please see this Q&A from this morning. In short, use Passive mode with Filezilla. The connection will still be handled in secure TLS mode. https://biostar.usegalaxy.org/p/24299/

ADD REPLYlink modified 11 months ago • written 11 months ago by Jennifer Hillman Jackson25k

HI Jen, Thanks for your reply however I'm not sure what you would have me do? If I use default settings then that produces connection refused error in the first place (default or passive, require TLS or use TLS when available none make a difference and already tried before reporting). Also, how do I avoid using MLSD command? I see no setting or preference relating to this.

ADD REPLYlink written 11 months ago by odhardy10

I resolved this by using default settings with Filezilla (on a MAC).

If I instead try to adjust the settings, active mode is enabled (directly or indirectly), and Filezilla sends out a series of commands as a way to get the server's directory listing. This invokes the problematic command.

In short, use FTP in passive mode (the default) and do not change anything else related to TLS. This still produces a server directly listing and the security cert will still pop-up to be accepted. The transfer will be in TLS secure mode as that is the only connection type available and the Filezilla client will fall back to that usage (and report it in the log).

There haven't been other problems reported when using a PC and I haven't tested that out specifically. Try using defaults and let us know how that goes (it wasn't clear if you already tried that or not).

I updated the text help here to be more specific (the video uses a different example client and the Filezilla-specific issues with active FTP mode were not known at that time): https://galaxyproject.org/ftp-upload/#upload-from-client

And created a ticket for admin review here, just in case there is some other workaround: https://github.com/galaxyproject/galaxy/issues/4384

I've tested with both older versions of Filezilla and the latest release - passive FTP using defaults is what works on a MAC and I suspect on a PC as well.

ADD REPLYlink modified 11 months ago • written 11 months ago by Jennifer Hillman Jackson25k

example windows user with issue: https://biostar.usegalaxy.org/p/24242/ default everything on windows does NOT work. Passive does NOT work. On Mac yes I can connect fine. I have tried cyberduck, winSCP, Filezilla on windows 7. All fail in one of the two ways above. Also just tried different PC with windows 10 with fresh Filezilla install. Same issue.

ADD REPLYlink written 11 months ago by odhardy10

Thanks for testing out the solution. I also asked the other user if default works for them (they tried under more than one OS - windows and linux-ubuntu). It is not clear if they used default settings.

Our team is looking into this but hasn't been able to reproduce the issue yet. It is possible that a firewall or other network situation is blocking the connection. The other user's error suggests that. But let's follow up and find out for certain what the problem is exactly and come up with a solution. More feedback soon.

ADD REPLYlink written 11 months ago by Jennifer Hillman Jackson25k

I am having the same problem to connect to usegalaxy.org using etiher winSCP or Filezilla on Windows 10, but I used to connect using the same ftp clients some weeks ago, Now I also tried several Galaxy servers and it works.

Any suggestion will be welcome. Many thanks

ADD REPLYlink written 11 months ago by jmfranco10

Can you send me the IP address you're connecting from so I can check our logs? I suspect either the protocol (TLS 1.1+) or available ciphers are not compatible between client and server.

nate@bx.psu.edu

ADD REPLYlink written 11 months ago by Nate Coraor3.2k

Hi Nate, 104.129.198.109

ADD REPLYlink written 11 months ago by odhardy10

No hits in the logs, but as configured they are not very verbose.

Can you point your (passive mode) client at galaxy-web-06.galaxyproject.org port 30921? I've started up a debugging server there that should hopefully reveal the issue.

ADD REPLYlink written 11 months ago by Nate Coraor3.2k

Yep that works, successfully connected and transferred file

Status: Resolving address of galaxy-web-06.galaxyproject.org
Status: Connecting to 129.114.60.56:30921...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Status: Directory listing of "/" successful
ADD REPLYlink written 11 months ago by odhardy10

But it fails if you make the same connection to the same host on port 21?

ADD REPLYlink written 11 months ago by Nate Coraor3.2k

yes if I try main with any mode, port 21 I get the error below. I never get a successful directory listing so I cannot even begin file transfer...or maybe you meant the test server on 21. No that doesn't work either, just tried. Same error.

    Error:  GnuTLS error -110: The TLS connection was non-properly terminated.
Status: Server did not properly shut down TLS connection
Error:  Transfer connection interrupted: ECONNABORTED - Connection aborted
ADD REPLYlink modified 11 months ago • written 11 months ago by odhardy10

Sorry for not getting back to you - I suspect this is a firewall issue. Many firewalls do packet inspection and start dropping packets once the communication is encrypted in a protocol that it is expecting to be unencrypted.

For cases like this, I'm going to set up an implicit FTPS server on the standard ports 990 and 991, which most firewalls should happily ignore.

ADD REPLYlink written 11 months ago by Nate Coraor3.2k
0
gravatar for Jennifer Hillman Jackson
12 months ago by
United States
Jennifer Hillman Jackson25k wrote:

Hello,

I am not able to replicate this with Filezilla on a MAC. Did you try to resume the transfer? Sometimes longer transfers will abort due to network issue (generally client side).

If that doesn't solve the problem, perhaps try a different FTP Client?

I'll also show this to our internal team as some do use Windows, to eliminate any server issues (none are currently known). And other users that have successfully connected using Filezilla or alternative FTP Clients on Windows are definitely welcome to add in more suggestions/advice.

Reference FAQ: https://galaxyproject.org/ftp-upload/

Thanks, Jen, Galaxy team

ADD COMMENTlink modified 12 months ago • written 12 months ago by Jennifer Hillman Jackson25k
Please log in to add an answer.

Help
Access

Use of this site constitutes acceptance of our User Agreement and Privacy Policy.
Powered by Biostar version 16.09
Traffic: 91 users visited in the last hour