Closed Bug 1593595 Opened 5 years ago Closed 5 years ago

FTP password prompt pops up for every directory change or file download

Categories

(Core Graveyard :: Networking: FTP, enhancement)

Product:
Core Graveyard
Component:
Networking: FTP
Version:
70 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 80652

People

(Reporter: dnk1287, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0

Steps to reproduce:

  1. type url of FTP-server, in my case an vsftpd-server
  2. enter user name and password in popup window
  3. a file list shows, in this case with directories
  4. click on a file or directory

Actual results:

The popup windows asking for user name and password reappears. Entering them is neccessary to complete the action. This keeps happening each time a file or directory is clicked.

Accessing the same FTP-server with Filezilla (on a Windows machine) or ftp (on a Linux machine) works fine, i.e. without reentering user name and password.

Expected results:

The action (open file or directory) should happen without entering user name and password again and again.

This looks like a duplicate of bug 80652, but the most recent duplicate was filed in 2010, so I'll leave it up to someone else to decide.

This will likely not be fixed regardless, since bug 1574475 will probably remove FTP support.

Component: Untriaged → Networking: FTP
Product: Firefox → Core
Summary: FTP connection does not allow changing directories → FTP password prompt pops up for every directory change or file download

This is a feature request about "caching a password to be transmitted over an unencrypted connection of a protocol that is removed from web browsers next year".

Please configure vsftpd to enforce ftps:// and keep using FileZilla: https://manpages.debian.org/buster/vsftpd/vsftpd.conf.5.en.html
Config should roughly look like this if I'm not totally mistaken:

listen=YES
listen_ipv6=YES
listen_port=990
ftp_data_port=989
connect_from_port_20=YES
anonymous_enable=NO
ssl_enable=YES
implicit_ssl=YES # this means real TLS ("ftps://") instead of starting STARTTLS over a plaintext ftp connection ("ftpes://") https://en.wikipedia.org/wiki/FTPS#Implicit
allow_anon_ssl=YES
force_anon_data_ssl=YES
force_anon_logins_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES (If you use Fedora, you can set ssl_tlsv1=NO ssl_tlsv1_1=NO ssl_tlsv1_2=YES)
strict_ssl_read_eof=YES
strict_ssl_write_shutdown=YES
rsa_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/example.com/privkey.pem
ssl_ciphers=ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384

You could also configure https:// with HTTP Basic Auth + Autoindex:
https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
https://nginx.org/en/docs/http/ngx_http_autoindex_module.html

Status: UNCONFIRMED → RESOLVED
Type: defect → enhancement
Closed: 5 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.