Golang FTP PASS (password) command works locally, but doesn't while running on ECS

justin-obn · June 16, 2021, 8:42pm

I have a go server that uses github.com/jlaffaye/ftp library for getting FTP files from a remote server.
I first of all get the connection

	conn, err := ftp.DialTimeout(cfg.Host+cfg.Port, time.Second*15)
	if err != nil {
		return nil, fmt.Errorf("ftp dial error: %v", err)
	}

After which, I try to login with

	err = conn.Login(cfg.Username, pwd)
	if err != nil {
		return nil, fmt.Errorf("ftp login error: %v", err)
	}

I log in successfully while running locally.
This is also confirmed while looking at the output of

		code, msg, err := c.cmd(StatusLoggedIn, "PASS %s", password)
		log.Printf("pass, code %d, msg %s, err %v", code, msg, err)
		if err != nil {
			return err
		}

Which is from my vendor pkg under \vendor\github.com\jlaffaye\ftp\ftp.go
With the output being

2021/06/16 23:12:45 pass, code 230, msg User xxxx logged in, err <nil>

While running the same service deployed on amazon ECS,
the output of the vendored pkg under \vendor\github.com\jlaffaye\ftp\ftp.go becomes

2021/06/16 20:24:28 pass, code 0, msg , err EOF

Any idea on what might be causing this?

justin-obn · June 16, 2021, 9:00pm

Also wanted to note that

runs the FTP USER command also. This step passes while running both locally and on ECS

justin-obn · June 17, 2021, 6:00am

using an if errors.Is(err, io.EOF) and returning nil if true helps, but later still get EOF while running other FTP commands.

n0muh · June 17, 2021, 1:46pm

@justin-obn Have you tried using the DialWithDebugOutput DialOption? Maybe that will help point you in the right direction. For example,

c, err := ftp.Dial(
  host,
  ftp.DialWithDebugOutput(os.Stdout),
  ftp.DialWithTimeout(time.Second*15),
)

justin-obn · June 17, 2021, 4:13pm

@n0muh I’ll try that, but did some debugging already with telnet.
From local machine connected to the needed VPN, I can connect

# telnet ftp.xxxxxxxxx.net 21
Trying xx.xxx.xxx.xxx...
Connected to xxxxxxxxxxx.net.
Escape character is '^]'.
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [xx.xxx.xxx.xxx]
USER xxxx
331 Password required for xxxx
PASS xxxxxxxxx
230 User xxx logged in

From an EC2 machine in a different VPC

Connected to ftp.xxxxxxxxxxxx.net.
Escape character is '^]'.
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [xx.xxx.xxx.xxx]
USER xxxx
331 Password required for xxxx
PASS xxxxxxxx
Connection closed by foreign host.

justin-obn · June 17, 2021, 5:49pm

@n0muh Thanks, the debug output really helped. It seems the ftp server is not reachable when running from amazon ECS because the IP address for the ec2 machine isn’t whitelisted

system · September 15, 2021, 5:49pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.