I’ve come across an odd problem today on a server that’s been working fine for all kinds of FTP traffic for many years. Turns out that today, FileZilla started complaining about explicit TLS connections (when available) and gave the following error message:
425 MLSD unable to build data connection: operation not permitted
Clients could still connect, but no directory content was displayed, nor was uploading new files possible. Rats, I thought. This was on a CentOS 6 server with Plesk 12 running without a hitch otherwise.
Turns out that by default, ProFTP is configured to re-use TLS sessions – but it appears that this behaviour freaks out FileZilla, which in turn doesn’t like it and throws an error instead. This did not affect plain (non-secure) sessions.
Thankfully, Adam Stohl knows the answer to this problem: tell ProFTP not to re-use TLS sessions. Open /etc/proftp.conf and add the following line to the bottom of the file:
The ProFTP service in Plesk is part of xinetd, so for those changes to take effect, simply restart it with this:
service xinetd restart
And voila, TLS connections can happen again. Thanks, Adam – you’re a life saver!