Golang FTP PASS (password) command works locally, but doesn't while running on ECS

I have a go server that uses github.com/jlaffaye/ftp library for getting FTP files from a remote server.
I first of all get the connection

	conn, err := ftp.DialTimeout(cfg.Host+cfg.Port, time.Second*15)
	if err != nil {
		return nil, fmt.Errorf("ftp dial error: %v", err)

After which, I try to login with

	err = conn.Login(cfg.Username, pwd)
	if err != nil {
		return nil, fmt.Errorf("ftp login error: %v", err)

I log in successfully while running locally.
This is also confirmed while looking at the output of

		code, msg, err := c.cmd(StatusLoggedIn, "PASS %s", password)
		log.Printf("pass, code %d, msg %s, err %v", code, msg, err)
		if err != nil {
			return err

Which is from my vendor pkg under \vendor\github.com\jlaffaye\ftp\ftp.go
With the output being

2021/06/16 23:12:45 pass, code 230, msg User xxxx logged in, err <nil>

While running the same service deployed on amazon ECS,
the output of the vendored pkg under \vendor\github.com\jlaffaye\ftp\ftp.go becomes

2021/06/16 20:24:28 pass, code 0, msg , err EOF

Any idea on what might be causing this?

Also wanted to note that

runs the FTP USER command also. This step passes while running both locally and on ECS

using an if errors.Is(err, io.EOF) and returning nil if true helps, but later still get EOF while running other FTP commands.

@justin-obn Have you tried using the DialWithDebugOutput DialOption? Maybe that will help point you in the right direction. For example,

c, err := ftp.Dial(
1 Like

@n0muh I’ll try that, but did some debugging already with telnet.
From local machine connected to the needed VPN, I can connect

# telnet ftp.xxxxxxxxx.net 21
Trying xx.xxx.xxx.xxx...
Connected to xxxxxxxxxxx.net.
Escape character is '^]'.
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [xx.xxx.xxx.xxx]
USER xxxx
331 Password required for xxxx
PASS xxxxxxxxx
230 User xxx logged in

From an EC2 machine in a different VPC

Connected to ftp.xxxxxxxxxxxx.net.
Escape character is '^]'.
220 ProFTPD 1.3.5 Server (ProFTPD Default Installation) [xx.xxx.xxx.xxx]
USER xxxx
331 Password required for xxxx
PASS xxxxxxxx
Connection closed by foreign host.

@n0muh Thanks, the debug output really helped. It seems the ftp server is not reachable when running from amazon ECS because the IP address for the ec2 machine isn’t whitelisted


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.