search

satiromarra / vscode-sftp

Super fast sftp/ftp extension for VS Code
Other
23 stars 3 forks source link

Plugin not working with FTPS Azure deployment slot using port 990 #60

Closed ankeorum closed 9 months ago

ankeorum commented 1 year ago

My ftp host is an azure service deployment slot with ftps and implicit connection working on port 990. My current setup for sftp.json is:

{ "name": "Azure Claimpro", "host": "myawesomehost.azure.net", "protocol": "ftp", "port": 990, "username": "mypreferredusername", "password": "ultraSecr3tPwd!", "remotePath": "/site", "uploadOnSave": true, "downloadOnOpen": true, "ignore": [ ".vscode", ".git", ".DS_Store", "_notes", ".idea", "z_logs", "system_files" ] }

Is there any property to let me connecting to my site? I have tried changing the protocol from ftp to ftps but ftps is not a valid value, the sftp plugin for sublime, which I presume is pretty similar works with the settings below but some of them do not apply for the vscode plugin, any ideas or advices?

Sublime Text sftp plugin settings:

{ // sftp, ftp or ftps "type": "ftps",

"save_before_upload": true, "upload_on_save": true, "sync_down_on_open": false, "sync_skip_deletes": false, "sync_same_age": true, "confirm_downloads": false, "confirm_sync": true, "confirm_overwrite_newer": false,

"host": "myawesomehost.azure.net", "user": "mypreferredusername", "password": "ultraSecr3tPwd!", "port": "990",

"remote_path": "/site", "ignore_regexes": [ "\.sublime-(project|workspace)", "sftp-config(-alt\d?)?\.json", "sftp-settings\.json", "/venv/", "\.svn/", "\.hg/", "\.git/", "\.bzr", "_darcs", "CVS", "\.DS_Store", "Thumbs\.db", "desktop\.ini" ],

"connect_timeout": 30, "ftp_passive_mode": true, }

Please, help me as I love vscode but am not able to use it as long as we changed from ftp to ftps, thank you

https://imgur.com/a/yUgsl6u Here you have my configurations for PHPStorm and Dreamweaver which both works, I would need to replicate the same config on VSCode ftp plugin, any idea?

satiromarra commented 1 year ago

@ankeorum Have you tried the option? "secure": implicit FTP(s) only Configuration

Or this option:

"secureOptions": {
  "rejectUnauthorized": false
}
ankeorum commented 1 year ago

I have tried both options, the "secure" flag needs quotes, needs to be "implicit" isn't it?

Also, the secureOptions flag have been also tried and not any luck :-(

This is so annoying.

satiromarra commented 1 year ago

@ankeorum Trataré de hacer una prueba con Azure. ¿Qué tipo de servicio es?

ankeorum commented 1 year ago

Es un "App Service" corriendo con Stack: PHP.

image

Y esas son las general settings del FTP.

satiromarra commented 1 year ago

@ankeorum Después de varias pruebas he conseguido conectar con azure, dejando el puerto como 21 y secure con valor "control" o true

...
"port": 21,
...
"secure": true, // true o "control"
...

Sin la opción secure o con valor implicit no funciona.

Es raro que no conecte al puerto 990, lo sigo investigando.

ankeorum commented 1 year ago

Mi configuración actual es la siguiente:

{
    "name": "Azure",
...
    "protocol": "ftp",
    "port": 990,
...
    "ignore": [
        ".vscode", 
        ".git", 
        ".DS_Store",
        "_notes",
        ".idea",
    ],
    "secure": true, //true or "control"
    "connectTimeout": 100000,
    "uploadOnSave": true,
    "downloadOnOpen": true,
    "secureOptions": {
        "rejectUnauthorized": false
    }
}
ankeorum commented 1 year ago

Para continuar actualizando el caso, el error que obtengo constantemente es un timeout, no es error de credenciales, ni de autenticación, lo que es extraño. Es como que no está enviando mis credenciales de la forma adecuada, si no por qué obtendría un timeout? El servidor escucha y recibe info, entiendo, pero no resuelve y arroja un timeout... es extraño, porque las credenciales son las mismas que uso en dreamweaver o phpstorm o incluso sublime (con el plugin de ftp para sublime)

satiromarra commented 1 year ago

Por las pruebas que he estado haciendo, el problema viene de la libreria tls que viene incluida con nodejs. no logro hacer que funcione

satiromarra commented 1 year ago

Lanzando este comando openssl s_client -connect fffffff.azurewebsites.windows.net:990 devuelve que usa tlsv1.2 con un cifrado ECDHE-RSA-AES256-SHA384 y los algoritmos RSA-PSS+SHA256

Sin embargo al configurar una conexión con:

"secureOptions": {
    "minVersion": "TLSv1.2",
    "sigalgs": "RSA-PSS+SHA256",
    "ciphers": "ECDHE-RSA-AES256-SHA384"
}

Acaba dando error:

{
  "library": "SSL routines",
  "function": "ssl3_get_record",
  "reason": "wrong version number",
  "code": "ERR_SSL_WRONG_VERSION_NUMBER"
}

no consigo pasar de ahí.

ankeorum commented 1 year ago

Y no hay forma de hacer bypass a los cifrados o ponerle alguna opcion de argumento en secureOptions para conseguir conectar?

es llamativo que sublime con su extension de ftp conecte y phpstorm sin problema y dreamweaver tambien

satiromarra commented 1 year ago

Todo lo que he intentado no ha funcionado, pero aún me quedan mas cosas por probar. Esta extensión usa node:tlsque es un módulo que viene integrado en node y depende de node para que funcione (vscode se ejecuta con node). sublimetext está hecho en python que tiene sus propias librerías para eso, phpstorm está hecha en java con sus propias librerías, y dreamweaver (que no sé que está hecho ¿c++?) tendrá su propia forma de hacerlo. La información que me he encontrado sobre el error de version incorrecta se debe a que el servidor está usando SSLv3 que está obsoleta, se supone que con secureProtocol: "TLSv1_2_method", se arreglaría, pero no. La solución que usan muchos es indicar en el servidor (sobre todo apache y nginx) que deje de usar SSLv3 pero aquí no se puede hacer.

satiromarra commented 1 year ago

¿Has probado esta configuración? es lo que viene siendo "Ftp explicito sobre Tls"

  "port": 21, // en vez de 990
  "secure": true, // o "control"

Esto es un extracto de un log de actividad, como puedes ver el cliente lanza el comando "AUTH TLS" y el servidor responde "TLS handshake successful" y al final acaba con "User logged in."

Status: Connecting to xx.xx.xx.xx
Warning: The entered address does not resolve to an IPv6 address.
Status: Connected, waiting for welcome message...
Reply: 220 Microsoft FTP Service
Command: AUTH TLS
Reply: 234 AUTH command ok. Expecting TLS Negotiation.
Status: Performing TLS handshake...
Status: TLS handshake successful, verifying certificate...
Status: Received 2 certificates from server.
Status: cert[0]: subject='C=US,ST=Washington,L=Redmond,O=Microsoft Corporation,CN=xxx.azurewebsites.windows.net' issuer='C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA'
Status: cert[1]: subject='C=US,O=DigiCert Inc,CN=DigiCert SHA2 Secure Server CA' issuer='C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert Global Root CA'
Command: USER xxxx\xxxxx
Reply: 331 Password required
Command: PASS *****************************************
Reply: 230 User logged in.
...

Siento no poder hacer nada mas ya que no encuentro otra solución, por ahora.

ankeorum commented 1 year ago

Well, it works now, the reason? No idea, because it is using port 21 instead 990 which is the one configured in the server to receive connections... SOOOO WEIRD

ankeorum commented 1 year ago

Al final, la configuración con la que todo me funcionó es la siguiente:

{
    "name": "My Website",
....
    "protocol": "ftp",
    "port": 21,
....
    "remotePath": "/mySite/",
    "ignore": [
        ".vscode", 
        ".git", 
        ".DS_Store",
        "_notes",
        ".idea",
    ],
    "secure": true,
    "connectTimeout": 100000,
    "uploadOnSave": true,
    "downloadOnOpen": true,
    "secureOptions": {
        "rejectUnauthorized": false
    }
}
satiromarra commented 1 year ago

Well, it works now, the reason? No idea, because it is using port 21 instead 990 which is the one configured in the server to receive connections... SOOOO WEIRD

No idea, I will continue investigating what can be done to fix it.

ankeorum commented 1 year ago

Well, it works now, the reason? No idea, because it is using port 21 instead 990 which is the one configured in the server to receive connections... SOOOO WEIRD

No idea, I will continue investigating what can be done to fix it.

It is sooo weird to be able to connect using port 21 when the server is configured to accept requests on port 990. Is this an azure vulnerability? This is so strange for me.

satiromarra commented 1 year ago

@ankeorum After all the tests I've been doing I still don't have it clear, the nodejs tls module gives me error, but other tools too and they don't have to do with nodejs, but configuring them well they do work.

In filezilla I have to set it to use TLS1.2 for it to work, otherwise I get the same error.

According to what I have read about the TLS protocol, the client when it first connects expects to receive a "TLS" response but the server (azure) does not and that is when it fails, and it is possible that node:tls does not take that into consideration.

ankeorum commented 1 year ago

Yet it look weird for me that Azure allow connections for a different port than 990 when it is set up to allow connections on 990, isnt it?

satiromarra commented 1 year ago

It is not rare, the ftp service is listening on two ports 21 and 990, in the same way that a web server can be listening on port 80 and 443. You can access the same service using two different ports.