Koray Tugay Koray Tugay - 13 days ago 10
Java Question

org.apache.commons.net.ftp.FTPSClient returning 425 after list command

I am trying to connect to an FTPS server. I can connect with FileZilla just fine and list the files in the server, download etc..

enter image description here

I am trying to connect to this FTP Server with Java using the FTPSClient from org.apache.commons.net.ftp package. This is how I am trying:

FTPSClient ftp = new FTPSClient();
ftp.connect(HOST, 7021);
ftp.enterLocalPassiveMode();
ftp.login(USERNAME, PASSWORD);
final int list = ftp.list();
System.out.println("List returned: " + list);


And the response I am getting is:

List returned: 425


According to Wikipedia, 425 means: "Can't open data connection."

However, trying to create a folder works fine:

FTPSClient ftp = new FTPSClient();
ftp.connect(HOST, 7021);
ftp.enterLocalPassiveMode();
ftp.login(USERNAME, PASSWORD);
ftp.mkd("/laylaylom");


So if I run this code and connect with FileZilla I will see folder "laylaylom" in the FTP Server.

I also tried:

FTPSClient ftp = new FTPSClient();
ftp.connect(HOST, 7021);
ftp.login(USERNAME, PASSWORD);
final int pasv = ftp.sendCommand("PASV");
System.out.println("pasv is: " + pasv);
final int list = ftp.list();
System.out.println("List returned: " + list);


And the output will be:

pasv is: 227
List returned: 522


where 227 is: "Entering Passive Mode (h1,h2,h3,h4,p1,p2)." and 552 is not listed in the Wikipedia page and I am not sure what it stands for.

How can I make
list()
work?

Edit #1

After Martin Prikryl 's answer I tried this:

FTPSClient ftp = new FTPSClient();
ftp.connect(HOST, 7021);
ftp.enterLocalPassiveMode();
ftp.login(USERNAME, PASSWORD);
final FTPFile[] ftpFiles = ftp.mlistDir("/");
System.out.println(ftpFiles.length);


which returns 0..

Edit #2
WinSCP Log:

. 2016-11-24 12:52:33.947 --------------------------------------------------------------------------
. 2016-11-24 12:52:33.947 WinSCP Version 5.9.2 (Build 6958) (OS 6.1.7601 Service Pack 1 - Windows 7 Home Premium)
. 2016-11-24 12:52:33.947 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2016-11-24 12:52:33.947 Log level: Normal
. 2016-11-24 12:52:33.947 Local account: KORAYTUGAY6639\koraytugay
. 2016-11-24 12:52:33.947 Working directory: C:\Program Files (x86)\WinSCP
. 2016-11-24 12:52:33.947 Process ID: 3220
. 2016-11-24 12:52:33.947 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2016-11-24 12:52:33.947 Time zone: Current: GMT+2, Standard: GMT+2 (E. Europe Standard Time), DST: GMT+3 (E. Europe Daylight Time), DST Start: 3/27/2016, DST End: 10/30/2016
. 2016-11-24 12:52:33.947 Login time: Thursday, November 24, 2016 12:52:33 PM
. 2016-11-24 12:52:33.947 --------------------------------------------------------------------------
. 2016-11-24 12:52:33.947 Session name: tuimcardtest@files.innbound.net (Ad-Hoc site)
. 2016-11-24 12:52:33.947 Host name: files.innbound.net (Port: 7021)
. 2016-11-24 12:52:33.947 User name: tuimcardtest (Password: Yes, Key file: No)
. 2016-11-24 12:52:33.947 Transfer Protocol: FTP
. 2016-11-24 12:52:33.947 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2016-11-24 12:52:33.947 Disable Nagle: No
. 2016-11-24 12:52:33.947 Proxy: None
. 2016-11-24 12:52:33.947 Send buffer: 262144
. 2016-11-24 12:52:33.947 UTF: Auto
. 2016-11-24 12:52:33.947 FTPS: Explicit TLS/SSL [Client certificate: No]
. 2016-11-24 12:52:33.947 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto
. 2016-11-24 12:52:33.947 Session reuse: Yes
. 2016-11-24 12:52:33.947 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2016-11-24 12:52:33.947 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2016-11-24 12:52:33.947 Cache directory changes: Yes, Permanent: Yes
. 2016-11-24 12:52:33.947 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2016-11-24 12:52:33.947 Timezone offset: 0h 0m
. 2016-11-24 12:52:33.947 --------------------------------------------------------------------------
. 2016-11-24 12:52:34.009 Connecting to files.innbound.net:7021 ...
. 2016-11-24 12:52:34.009 Connected with files.innbound.net:7021, negotiating TLS connection...
< 2016-11-24 12:52:34.071 220 Welcome to THE FTP service.
> 2016-11-24 12:52:34.071 AUTH TLS
< 2016-11-24 12:52:34.149 234 Proceed with negotiation.
. 2016-11-24 12:52:34.212 Server asks for authentication with a client certificate.
. 2016-11-24 12:52:34.290 Verifying certificate for "Innflow" with fingerprint 54:52:0f:a0:cc:6a:38:80:d5:52:cc:9d:a4:4f:19:4a:d9:50:08:a7 and 18 failures
. 2016-11-24 12:52:34.290 Asking user:
. 2016-11-24 12:52:34.290 **The server's certificate is not known. You have no guarantee that the server is the computer you think it is.**
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 Server's certificate details follow:
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 Issuer:
. 2016-11-24 12:52:34.290 - Organization: Innflow, innbound.net, patrick.meier@innflow.com
. 2016-11-24 12:52:34.290 - Location: CH, Zurich, Zurich
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 Subject:
. 2016-11-24 12:52:34.290 - Organization: Innflow, innbound.net, patrick.meier@innflow.com
. 2016-11-24 12:52:34.290 - Location: CH, Zurich, Zurich
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 Valid: 7/6/2010 11:42:44 PM - 7/3/2020 11:42:44 PM
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 Fingerprint (SHA-1): 54:52:0f:a0:cc:6a:38:80:d5:52:cc:9d:a4:4f:19:4a:d9:50:08:a7
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 Summary: Self-signed certificate. The error occurred at a depth of 1 in the certificate chain.
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 Certificate was not issued for this server. You might be connecting to a server that is pretending to be "files.innbound.net".
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 If you trust this certificate, press Yes. To connect without storing certificate, press No. To abandon the connection press Cancel.
. 2016-11-24 12:52:34.290
. 2016-11-24 12:52:34.290 Continue connecting and store the certificate? ()
. 2016-11-24 12:52:35.725 Using TLSv1, cipher TLSv1/SSLv3: AES128-SHA, 1024 bit RSA, AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
. 2016-11-24 12:52:35.787 TLS connection established. Waiting for welcome message...
> 2016-11-24 12:52:35.787 USER tuimcardtest
< 2016-11-24 12:52:35.803 331 Please specify the password.
> 2016-11-24 12:52:35.803 PASS ************
< 2016-11-24 12:52:35.865 230 Login successful.
> 2016-11-24 12:52:35.865 SYST
< 2016-11-24 12:52:35.928 215 UNIX Type: L8
> 2016-11-24 12:52:35.928 FEAT
< 2016-11-24 12:52:36.006 211-Features:
< 2016-11-24 12:52:36.006 AUTH SSL
< 2016-11-24 12:52:36.006 AUTH TLS
< 2016-11-24 12:52:36.006 EPRT
< 2016-11-24 12:52:36.006 EPSV
< 2016-11-24 12:52:36.068 MDTM
< 2016-11-24 12:52:36.068 PASV
< 2016-11-24 12:52:36.068 PBSZ
< 2016-11-24 12:52:36.068 PROT
< 2016-11-24 12:52:36.068 REST STREAM
< 2016-11-24 12:52:36.068 SIZE
< 2016-11-24 12:52:36.068 TVFS
< 2016-11-24 12:52:36.068 UTF8
< 2016-11-24 12:52:36.068 211 End
> 2016-11-24 12:52:36.068 OPTS UTF8 ON
< 2016-11-24 12:52:36.131 200 Always in UTF8 mode.
> 2016-11-24 12:52:36.131 PBSZ 0
< 2016-11-24 12:52:36.209 200 PBSZ set to 0.
> 2016-11-24 12:52:36.209 PROT P
< 2016-11-24 12:52:36.271 200 PROT now Private.
. 2016-11-24 12:52:36.287 Connected
. 2016-11-24 12:52:36.287 --------------------------------------------------------------------------
. 2016-11-24 12:52:36.287 Using FTP protocol.
. 2016-11-24 12:52:36.287 Doing startup conversation with host.
> 2016-11-24 12:52:36.349 PWD
< 2016-11-24 12:52:36.411 257 "/"
. 2016-11-24 12:52:36.411 Getting current directory name.
. 2016-11-24 12:52:36.599 Retrieving directory listing...
> 2016-11-24 12:52:36.599 TYPE A
< 2016-11-24 12:52:36.661 200 Switching to ASCII mode.
> 2016-11-24 12:52:36.661 PASV
< 2016-11-24 12:52:36.739 227 Entering Passive Mode (46,140,133,66,195,80).
> 2016-11-24 12:52:36.739 LIST -a
. 2016-11-24 12:52:36.739 Connecting to 46.140.133.66:50000 ...
. 2016-11-24 12:52:36.879 Session ID reused
< 2016-11-24 12:52:36.879 150 Here comes the directory listing.
. 2016-11-24 12:52:36.879 Using TLSv1, cipher TLSv1/SSLv3: AES128-SHA, 1024 bit RSA, AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
. 2016-11-24 12:52:36.911 TLS connection established
. 2016-11-24 12:52:37.020 drwxrwsrwx 6 0 1004 4096 Nov 24 08:32 .
. 2016-11-24 12:52:37.020 drwxrwsrwx 6 0 1004 4096 Nov 24 08:32 ..
. 2016-11-24 12:52:37.020 -rw-r--r-- 1 1004 1004 162000 Oct 28 15:25 YTF.AR.T700.S.E0089858.D161028.T092339.A001
. 2016-11-24 12:52:37.020 drwxr-sr-x 2 1004 1004 4096 Nov 24 07:29 abc
. 2016-11-24 12:52:37.020 drwxr-sr-x 2 1004 1004 4096 Nov 24 07:14 koray
. 2016-11-24 12:52:37.020 drwxr-sr-x 2 1004 1004 4096 Nov 24 08:32 laylaylom
. 2016-11-24 12:52:37.020 drwxr-sr-x 2 1004 1004 4096 Nov 24 07:15 tugay
< 2016-11-24 12:52:37.160 226 Directory send OK.
. 2016-11-24 12:52:37.160 Directory listing successful
. 2016-11-24 12:52:37.160 Detecting timezone difference...
. 2016-11-24 12:52:37.160 Retrieving file information...
> 2016-11-24 12:52:37.160 PWD
< 2016-11-24 12:52:37.223 257 "/"
> 2016-11-24 12:52:37.223 CWD /YTF.AR.T700.S.E0089858.D161028.T092339.A001
< 2016-11-24 12:52:37.285 550 Failed to change directory.
> 2016-11-24 12:52:37.285 TYPE I
< 2016-11-24 12:52:37.363 200 Switching to Binary mode.
> 2016-11-24 12:52:37.363 SIZE /YTF.AR.T700.S.E0089858.D161028.T092339.A001
< 2016-11-24 12:52:37.425 213 162000
> 2016-11-24 12:52:37.425 MDTM /YTF.AR.T700.S.E0089858.D161028.T092339.A001
< 2016-11-24 12:52:37.488 213 20161028152533
. 2016-11-24 12:52:37.488 Retrieving file information successful
. 2016-11-24 12:52:37.488 Timezone difference of -3 detected using file /YTF.AR.T700.S.E0089858.D161028.T092339.A001 (Listing: 2016-10-28T12:25:00.000Z, UTF: 2016-10-28T15:25:00.000Z)
. 2016-11-24 12:52:37.488 ..;D;0;1899-12-30T02:00:00.000Z;0;"" [0];"" [0];---------;0
. 2016-11-24 12:52:37.488 YTF.AR.T700.S.E0089858.D161028.T092339.A001;-;162000;2016-10-28T15:25:00.000Z;1;"1004" [0];"1004" [0];rw-r--r--;0
. 2016-11-24 12:52:37.488 abc;D;0;2016-11-24T08:29:00.000Z;1;"1004" [0];"1004" [0];rwxr-sr-x;0
. 2016-11-24 12:52:37.488 koray;D;0;2016-11-24T08:14:00.000Z;1;"1004" [0];"1004" [0];rwxr-sr-x;0
. 2016-11-24 12:52:37.488 laylaylom;D;0;2016-11-24T09:32:00.000Z;1;"1004" [0];"1004" [0];rwxr-sr-x;0
. 2016-11-24 12:52:37.488 tugay;D;0;2016-11-24T08:15:00.000Z;1;"1004" [0];"1004" [0];rwxr-sr-x;0
. 2016-11-24 12:52:37.597 Startup conversation with host finished.
. 2016-11-24 13:54:14.249 Dummy directory read to keep session alive.
. 2016-11-24 13:54:14.249 Retrieving directory listing...
> 2016-11-24 13:54:14.249 TYPE A
< 2016-11-24 13:54:14.312 200 Switching to ASCII mode.
> 2016-11-24 13:54:14.312 PASV
< 2016-11-24 13:54:14.390 227 Entering Passive Mode (46,140,133,66,195,81).
> 2016-11-24 13:54:14.390 LIST -a
. 2016-11-24 13:54:14.390 Connecting to 46.140.133.66:50001 ...
< 2016-11-24 13:54:14.514 150 Here comes the directory listing.
. 2016-11-24 13:54:14.514 Session ID reused
. 2016-11-24 13:54:14.530 Using TLSv1, cipher TLSv1/SSLv3: AES128-SHA, 1024 bit RSA, AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
. 2016-11-24 13:54:14.530 TLS connection established
. 2016-11-24 13:54:14.655 drwxrwsrwx 6 0 1004 4096 Nov 24 08:32 .
. 2016-11-24 13:54:14.655 drwxrwsrwx 6 0 1004 4096 Nov 24 08:32 ..
. 2016-11-24 13:54:14.655 -rw-r--r-- 1 1004 1004 162000 Oct 28 15:25 YTF.AR.T700.S.E0089858.D161028.T092339.A001
. 2016-11-24 13:54:14.655 drwxr-sr-x 2 1004 1004 4096 Nov 24 07:29 abc
. 2016-11-24 13:54:14.655 drwxr-sr-x 2 1004 1004 4096 Nov 24 07:14 koray
. 2016-11-24 13:54:14.655 drwxr-sr-x 2 1004 1004 4096 Nov 24 08:32 laylaylom
. 2016-11-24 13:54:14.655 drwxr-sr-x 2 1004 1004 4096 Nov 24 07:15 tugay
< 2016-11-24 13:54:14.795 226 Directory send OK.
. 2016-11-24 13:54:14.795 Directory listing successful

Answer

The FTP.list method is way too low-level. It does not even open a data connection. It just sends the LIST command. You cannot use it on its own. As it's documentation say:

A convenience method to send the FTP LIST command to the server, receive the reply, and return the reply code. Remember, it is up to you to manage the data connection. If you don't need this low level of access, use FTPClient, which will handle all low level details for you.


Instead, use some high-level method like:


And keep your first approach with a call to the FTPClient.enterLocalPassiveMode().

You cannot switch to the passive mode just by sending the PASV command to the server. You have to switch also the client. Otherwise the client and server won't be able to talk to each other.

The enterLocalPassiveMode switches both the client and the server to the passive mode.


As you are using FTPS, you will want to enable encrypted data transfers too. Note that the Apache Common Net library does not encrypt data transfers by default.

ftp.execPBSZ(0);
ftp.execPROT("P").

And actually some servers (yours in particular) will even require you to encrypt the data transfers, if the control connection is encrypted.