We Keep Coding

Unable to run FTP commands from AWS AMI

I want to connect to an FTP using PHP to upload the reports generated. As per the remote server, the FTP needs to be in ACTIVE mode.
this is my code:
ini_set('display_errors', '1');
error_reporting(E_ALL);
$conn_id = ftp_connect('myftpserver.com', 21);
if($conn_id)
{
// login with username and password
$login_result = ftp_login($conn_id, 'mysuer', 'password');
$passive = ftp_pasv($conn_id,FALSE);
echo "is active?<br/>";
var_dump($passive);
echo 'Login Result:';
var_dump($login_result);
$files_list = ftp_nlist($conn_id, '/MyFolder/');
echo "<br/>files list ";
var_dump($files_list);
}
else
{
var_dump('Unable to connect to FTP Server');
}
When I am running it from the local machine or a normal shared server, I am able fetch the list, but I am unable to run the script from my AWS AMI instance. For testing purpose, I have even opened all inbound traffic too. Still no luck. Also, the point is that if I try with some other ftp details, I am able to get the response of ftp_nlist. But not for this one. I tried it on 3 AWS instances till yet. Yielded the same result.
All I can say is that this is somewhere the issue at my server security group/firewall. But unable to figure it out. Please help.
The response I get from the server:
is active
bool(true)
Login Result:bool(true)
files list bool(false)

Using FTP Active Mode is problematic with AWS Security Groups.
For active mode to work, you will have to open all inbound ports above 1023. If your client supports restricting the range, do so. You will also need to open both port 20 and port 21 inbound and outbound.
The problem is that the FTP client selects a port that it will listen on. Then the FTP client informs the FTP Server of this port number. The FTP Server then connects to this port. This goes against normal AWS Security Group designs meaning only allow specific ports to be open. You can verify this by opening all ports temporarily, test your FTP client and then closing all the ports.
Active Mode is not secure for the FTP client. Passive Mode is not secure for the FTP server (but the better choice).
NOTE: Rotate your FTP credentials often. Your login and password is sent in the clear and are not encrypted.
FTP is a legacy technology, which is still very popular, that should be stored away in the attic.

Cannot connect to external FTPS server with php

I need to extract data from a .gz file which is located on an ftp server. The FTP server works with IP white listing, so I submitted my local IP and my website IP (i used gethostbynameto get the IP) which were both approved.
Locally, I can run this code to reach the file:
$url="ftp://username:password#host/targetfile.gz";
$xml = simplexml_load_file("compress.zlib://$url") or die ("Cannot load file");
This runs perfectly fine and it allows me to extract data from the XML file.
When I run the script on my server however, i'm not getting a connection. I contacted the admin running the ftp server and they told me they only allow FTPS connections.
So, I proceeded with the following code to try and establish a connection:
$conn_id = ftp_ssl_connect($ftp_server);
// login with username and password
$login_result = ftp_login($conn_id, $ftp_user, $ftp_pass);
if (!$login_result) {
die("Cannot login.");
}
echo ftp_pwd($conn_id); // /
// close the ssl connection
ftp_close($conn_id);
This also doesn't connect. I'm new to FTP connections with PHP and FTP in general and i've got no clue on how to proceed from this point.
OpenSSL is enabled.
Can anyone point me in the right direction?
Edit: These are the error messages:
When I use the top block of code, this occurs:
Warning: simplexml_load_file(): I/O warning : failed to load external
entity
"compress.zlib://username:password#ftp.thehost.com/targetfile.gz"; in
/path/to/my/website/folder/htdocs/mydomain.com/feeds/script.php on
line 13
When I use the bottom block of code, I get this error:
Warning: ftp_login() expects parameter 1 to be resource, boolean given
in /path/to/my/website/folder/htdocs/mydomain.com/feeds/script.php on
line 16 Cannot login.
I do not have access to the log file afaik

I do not think there's much we can help you here.
You do not have a network connectivity between the web server and FTP server.
Note that it does not have to be because the web server has not been white-listed on the FTP server. It's also possible that the web server does not allow outgoing connections.

Cannot connect to server from another server ftp php

I work with 2 servers one is my production server other is my resource server.
I cannot connect to my resource server from my production server over ftp.
I can connect to other servers from my production server.
I can also connect to my resource server from my localhost or filezilla.
I use this code to connect :
$conn_id = ftp_connect("resource server ip", "21", "5");
if ($conn_id) {
echo "connected";
ftp_close($conn_id);
}
print_r(error_get_last());
I don't get any output when I run this script on server(no error).
On localhost it runs no problem.
What can be the problem with this? Is this something that server admin has to resolve? Thanks for help.

You should first check from commandline, whether it's a networking/OS issue or not.
So if you've got shell access to the production server try connecting to the resource server via the commandline ftp client.
If that does not work, you've got a network / firewall / access control problem, not related to php or your software, and you should talk to the sysadmin.
If it does work, then the problem is in your stuff, and you should set the log levels to high, and run this script from commandline, also check the logs of php, php-error, syslog and the resource servers ftp access log and syslog too.
Note: ftp is a not-too-exact beast, the servers and clients have a lot of workarounds built in to treat each other in a way, that works somehow. There could be issues from active (multiple back-and-forth connections) and passive mode (it's like http), also with ls formats and timestamps, timezones and ports.
Also some servers only support ftps (ftp with ssl) - which is not the same as sftp (file transfer over ssh - port 22).
Your production server probably has some firewall rules, and your connection get caught on that, to debug this, please use the commandline ftp client, and/or nmap / netcat.

PHP ftp_put via SSL

One of our suppliers has requested we change from an ftp to ftps for sending them files.
I have a PHP script that uses ftp_connect to transfer the files.
I've modified the script to now use ftp_ssl_connect and while it can open the connection and login, it fails to transfer the files.
This is the error I get from the ftp_put operation:
"Warning: ftp_put(): Unable to build data connection: Operation not permitted in....."
Could this be a firewall issue? The server is an EC2 instance.
Paddy

I ran into the exact same problem today. Using
ftp_pasv($conn_id, true);
to enforce passive transfers before the actual call to ftp_put() solved the problem for me.

Connection to secure FTP Server from PHP

This question is in line with this question, I am trying to connect to secure FTP Server and it is not able to connect, wierd part is that I am able to do ssh and connect to the server but when I try to do it from php code using few different approaches but it is not working
Approaches:
FTP Wrappers
ftp_connect & ftp_login
ftp_ssl_connect
ssh2_sftp
ssh2-scp-send & ssh2-scp-receive -- Have not tried this approach yet but recommended in comments portion and so would work on this and will post updates later.
Code for Approach 1:
$ftp_server = "ftp://username:password#192.168.1.1:21/{$log_file_name}";
$opts = array('ftp' => array('overwrite' => TRUE));
$context = stream_context_create($opts);
$put_file = file_put_contents($ftp_server, $response, LOCK_EX,$context);
Here also am not able to connect to secure FTP Server, any suggestions as to why it is not able to connect ?
Code for Approach 2:
ftp_server = 'www.server.com';
$conn_id = ftp_connect($ftp_server) or die ("Cannot connect to host");
//Program dies out here and give error message "Cannot connect to host",
//but why ftp_login does not work here, Any Suggestions ?
$ftp_user_name = "login";
$ftp_user_pass = "password";
// login with username and password
$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass);
// check connection and login result
if ((!$conn_id) || (!$login_result))
{ echo "FTP connection has encountered an error!";
echo "Attempted to connect to $ftp_server for user $ftp_user_name....";
//exit;
} else
{
echo "Connected to $ftp_server, for user $ftp_user_name".".....";
}
Code for Approach 3:
Here am using same code as approach 1 but instead of ftp_connect, am using ftp_ssl_connect
Code for Approach 4:
$connection = ssh2_connect('www.server.com', 22);
ssh2_auth_password($connection, 'login', 'password');
$sftp = ssh2_sftp($connection);
//exit();
$stream = fopen("ssh2.sftp://$sftp/path/to/file", 'r');
Can anyone advise why am I not able to connect to secure FTP Server using above approaches but still am able to do so using ssh ?
Are there any other approaches to connect to secure FTP Server using php ?
UPDATE:
Q1. I tried again using ftp_connect but it just died out and why does it dies out, what are the scenarios in which ftp_connect dies out ?
Q2. Do we have only this approaches to connect to the server or are there any other which we can implement ?
Q3. Is this php language related that it does not support secure FTP Connection ? OR there is any other way of doing this using php, if yes than do provide different approaches as it would be very helpful.
UPDATE 1:
I was trying to google more on the issue and it seems that if ftp_connect does not work than firewall could be one of the reason for it. I am not totally sure if that is the case but I am researching more on it and post an update in here if I find anything useful.
Possible Solution :
Problem
If I remove the "or die" then you get the error:
When running from a webpage:
Warning: ftp_login() expects parameter 1 to be resource, boolean given in /var/www/ftp_test.php on line 28
var_dump($conn_id); returns bool(false).
From command line /usr/bin/php /var/www/ftp_test.php
var_dump($conn_id); returns resource(4) of type (FTP Buffer).
Script completes.
Solution 1
This could be one solution :
Try to turn off selinux and here is the way or Search : How to disable selinux for turning it off temporarily or permanently.
Solution 2
If you don't want to turn off selinux completely, you might get what you need by just setting the httpd_can_network_connect using the setsebool command.
Verify that it was previously set to "off":
getsebool httpd_can_network_connect
Set it to "on":
setsebool httpd_can_network_connect=1
Turn selinux back on:
setenforce 1
Check to be sure php ftp_connect still works when running under httpd.
Set the policy (-P) to "on" so it persists over a reboot:
setsebool -P httpd_can_network_connect=1
Solution 3
There could also be issue with company firewall. Make sure it is configured properly and has access rights set properly.
Solution 4
Another approach is to use cURL : libcurl as it can be used to connect and communicate to many different types of servers with many different types of protocols
Solution 5
There is open source project called PHP Secure Communication Library (phpspeclib) which can be also used to establish secure connection to FTP Server.

Many cheap webhoster will not give you ssh (hence no ftp via ssh aka
sftp) but only ssl-secured ftp aka ftps (see here). You might
have that problem. As others suggested, use filezilla or
another ftp client to test your credits and chosen security method
beforehand.
ftp_ssl_connect() at least under windows will be a long journey,
since you have to compile your own php binaries, see here.
As this php contributor rightfully points out, no secure
connection is secure, as long as you don't know, who you are talking
too, aka „peer certification“ through valid certificates.
phpseclib is probably your best bet. But I haven't figure out, how to
ensure, it uses peer verification (guessing, the truth is in
openssl.conf ...)
So even at the time of writing, I wonder more than ever, if
peer-validated ftps (ftp with ssl/tls authentification) is possible... also see my question here.

As for ´ftp via ssh´ alias ´sftp´: No direct advice, but note, that many cheap 'non-dedicated server' webhosts do not support it (which is bad). Company firewalls might block the relevant ports.
As for 'ftp using ssl/tls' alias 'ftps': Your answer is here. Don't waste time on ftp_ssl_connect() :-)
(Yes, it's poorly documented on the php site, to say the least)

This page has what you seek (I think)
http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/
and here are the manual pages
http://php.net/manual/en/book.ssh2.php

I, too, encountered quite a lot of issues when dealing with encrypted connections.
First thing is to check the protocol you are looking to use. Secure FTP is most commonly refearing to FTP over SHH but can also mean SCP, SFTP or FTPS.
One way to figure out is to check connecting using a client like filezilla.
If the protocol is handled via a PHP module, the best approach is indeed, to use it. In this case, you need to make sure that, in addition to the protocol-related one, the OPENSSL module is installed for php.
There are some cases where the module support still won't work. In this case, using the libcurl module is one option. This is the case for instance when you need to use a client certificate.
Unfortunately, here again, you may encounter some problems due to the partial support of libcurl in the php module. One scenario I experimented is when the server certificate is judged invalid by the module.
The last solution I usually use is to run the curl binary from an exec statement, for the later case using the "-k" switch.

I tried the phpseclib library and it works in Windows and Linux.
If you are using composer, just add in your require section :
"phpseclib/phpseclib": "0.3.*#dev"
And then, you can do this : http://phpseclib.sourceforge.net/sftp/examples.html#put