FTP password prompt pops up for every directory change or file download
Categories
(Core Graveyard :: Networking: FTP, enhancement)
Tracking
(Not tracked)
People
(Reporter: dnk1287, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
- type url of FTP-server, in my case an vsftpd-server
- enter user name and password in popup window
- a file list shows, in this case with directories
- click on a file or directory
Actual results:
The popup windows asking for user name and password reappears. Entering them is neccessary to complete the action. This keeps happening each time a file or directory is clicked.
Accessing the same FTP-server with Filezilla (on a Windows machine) or ftp (on a Linux machine) works fine, i.e. without reentering user name and password.
Expected results:
The action (open file or directory) should happen without entering user name and password again and again.
Comment 1•5 years ago
|
||
This looks like a duplicate of bug 80652, but the most recent duplicate was filed in 2010, so I'll leave it up to someone else to decide.
This will likely not be fixed regardless, since bug 1574475 will probably remove FTP support.
Comment 2•5 years ago
|
||
This is a feature request about "caching a password to be transmitted over an unencrypted connection of a protocol that is removed from web browsers next year".
Please configure vsftpd to enforce ftps:// and keep using FileZilla: https://manpages.debian.org/buster/vsftpd/vsftpd.conf.5.en.html
Config should roughly look like this if I'm not totally mistaken:
listen=YES
listen_ipv6=YES
listen_port=990
ftp_data_port=989
connect_from_port_20=YES
anonymous_enable=NO
ssl_enable=YES
implicit_ssl=YES # this means real TLS ("ftps://") instead of starting STARTTLS over a plaintext ftp connection ("ftpes://") https://en.wikipedia.org/wiki/FTPS#Implicit
allow_anon_ssl=YES
force_anon_data_ssl=YES
force_anon_logins_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES (If you use Fedora, you can set ssl_tlsv1=NO ssl_tlsv1_1=NO ssl_tlsv1_2=YES)
strict_ssl_read_eof=YES
strict_ssl_write_shutdown=YES
rsa_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/example.com/privkey.pem
ssl_ciphers=ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384
You could also configure https:// with HTTP Basic Auth + Autoindex:
https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
https://nginx.org/en/docs/http/ngx_http_autoindex_module.html
Updated•9 months ago
|
Description
•