Jump to content

Resident agent SFTP


Recommended Posts

  • 2 months later...

In the meantime, I am trying to use FTPS but cannot get it to work either.

tniwinagent.log

2018.02.21 16:40:10.183 [iNFO] Starting service...
2018.02.21 16:40:10.183 [iNFO] Notification successful
2018.02.21 16:40:10.183 [iNFO] Resident mode
2018.02.21 16:40:10.186 [iNFO] {9E4A6CAF-1C8C-4B5C-83FD-088DD9D605A4}=weekly|1|201802211130|1|0010010||||189912300000|189912300000|0|0
2018.02.21 16:40:10.187 [iNFO] Starting local scan...
2018.02.21 16:40:10.187 [iNFO] Make local scan
2018.02.21 16:40:25.749 [iNFO] Scan finished
2018.02.21 16:40:25.763 [ERROR] Login error: check the send settings and network settings

ftp://ftp.server.net/dir WORKS

ftp://ftp.server.net:21/dir WORKS

ftp://ftp.server.net:990/dir FAILS

ftps://ftp.server.net:990/dir FAILS

I can connect using Filezilla on port 990 and setting 'encryption' to 'Require explicit FTP over TLS'.

I tried another server aswell that has TLS default on port 21, but same error.

Link to comment

Also the update URL does not handle https it seems.

https://www.server.net/update/tniwinagent.ini

2018.02.22 11:35:02.011 [ERROR] Scheduler: download failed: 500

-> works fine using wget in linux (HTTP request sent, awaiting response... 200 OK)

http://www.server.net/update/tniwinagent.ini

2018.02.22 11:32:02.031 [ERROR] Scheduler: download failed: 301 Moved Permanently

--> redirect to https is not handled

Link to comment

Hello!

>ftps://ftp.server.net:990/dir
This option should be working just fine for explicit FTP over TLS.

> I tried another server aswell that has TLS default on port 21, but same error.
Using the default port 21 for Explicit mode is the best option and should be working too.

In any case the communication schema must be as follows:
•  Client connects to the server.
•  Client explicitly requests TLS/SSL encryption to be switched on.
•  Client talks to the server using an encrypted channel.

By the way, can you please confirm that you’ve placed both DLLs (libeay32.dll and ssleay32.dll) next to the agent file?

Link to comment

Both .dll files are in the same directory. I also tried copying them to the Windows system folder and tried latest versions, both 64 an 32-bit files from http://indy.fulgan.com/SSL/

I'm using windows 10 and start the agent as admin with command "tniwinagent.exe /install /start /testrun" and before exporting new test settings "tniwinagent.exe /uninstall".

I've now setup my own vsftpd test server with TLS enabled and I get the same error "[ERROR] Error sending data: check the send settings and network settings"

This is the server log:

Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: CONNECT: Client "10.33.62.74"
Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: FTP response: Client "10.33.62.74", "220 test FTP server"
Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: FTP command: Client "10.33.62.74", "AUTH TLS"
Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: FTP response: Client "10.33.62.74", "234 Proceed with negotiation."
Feb 28 12:09:21 dhcp-10-33-62-66 vsftpd[27071]: "" from "10.33.62.74": error:00000000:lib(0):func(0):reason(0)

This is the server log connecting with Filezilla client with exact same settings:
 

Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: CONNECT: Client "10.33.62.74"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: FTP response: Client "10.33.62.74", "220 test FTP server"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: FTP command: Client "10.33.62.74", "AUTH TLS"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: FTP response: Client "10.33.62.74", "234 Proceed with negotiation."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: FTP command: Client "10.33.62.74", "USER test"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: [test] FTP response: Client "10.33.62.74", "331 Please specify the password."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27654]: [test] FTP command: Client "10.33.62.74", "PASS <password>"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27653]: [test] OK LOGIN: Client "10.33.62.74"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "230 Login successful."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "OPTS UTF8 ON"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "200 Always in UTF8 mode."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "PBSZ 0"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "200 PBSZ set to 0."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "PROT P"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "200 PROT now Private."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "PWD"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "257 "/srv/ftp""
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "TYPE I"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "200 Switching to Binary mode."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "PASV"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "227 Entering Passive Mode (10,33,62,66,117,84)."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP command: Client "10.33.62.74", "LIST"
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "150 Here comes the directory listing."
Feb 28 12:11:29 dhcp-10-33-62-66 vsftpd[27655]: [test] FTP response: Client "10.33.62.74", "226 Directory send OK."

This is my config file:

[ResidentAgent]
version=18.02.16.0
config-timestamp=20180228121217.956000+060

[schedules]

[sendDataSettings]
method=smFTP
save-sent-data=0
URL=ftps://10.33.62.66
Login=test
Password=04000000C4F02FB5E2795EE06280481972597009
Timeout=30000
UseFW=0
UseProxy=0
 

Link to comment
  • 1 month later...
  • 2 years later...
On 11/27/2017 at 4:24 PM, ict.fys said:

I would also be nice to have an option to set a random delay for the scan schedule.

If all clients connect simultaneously at the exact same time to upload their inventory file, this could cause a problem with max. remote logins.

On 11/27/2017 at 5:09 PM, Alex said:

You are right. We’ll consider adding such an option in the future.

Any updates on this? We are almost getting to the limit of our max simultaneous server connections.

Still on version 3.7, this would be a reason to buy an upgrade for us.

Link to comment

Hello,

Thanks for your message.

Unfortunately, we have not yet implemented this functionality. We did implement a small time randomization for the agent when it contacts the updates server.

Random delay for the scan schedule is still on our to-do list.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...