FTP Server cant connect, command unknown

Hey @Luke_Austin,

It will be something like that, I have still not had a chance to take a look but I plan to do it next week so should have an update for you soon.

Hey @Luke_Austin,

I have done some testing this morning and set up Pure-FTPD v1.0.49 [privesep], I have then enabled TLS and configured so that I get a similar output to your Filezilla data (created a cert, set TLS to 1).

Filezilla Output
Status:      	Connecting to 192.168.1.139:21...
Status:      	Connection established, waiting for welcome message...
Response: 	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 	220-You are user number 1 of 50 allowed.
Response: 	220-Local time is now 10:42. Server port: 21.
Response: 	220-This is a private system - No anonymous login
Response: 	220-IPv6 connections are also welcome on this server.
Response: 	220 You will be disconnected after 15 minutes of inactivity.
Status:      	Plain FTP is insecure. Please switch to FTP over TLS.
Command:	USER n8n
Response: 	331 User n8n OK. Password required
Command:	PASS ***
Response: 	230 OK. Current directory is /home/n8n
Command:	OPTS UTF8 ON
Response: 	504 Unknown command
Status:      	Logged in
Trace:       	Measured latency of 21 ms
Status:      	Retrieving directory listing...
Command:	PWD
Response: 	257 "/home/n8n" is your current location
Status:      	Directory listing of "/home/n8n" successful

I have then gone to n8n and added the credentials

image

Then I have made a quick workflow to upload a file, list the folder, check the result for the file we made, download the file then delete it.

Example Workflow

Oddly enough all of this is working as expected, This doesn’t help though as I can see you have an issue and you are not the only one but I am not able to reproduce the issue. Normally I would ask if we can get a copy of the FTPD configuration so I can take a look and see what I am missing in my config.

Would you be able to run the same worklfow (changing the path in Create File) and see if this works?

Great, thanks @Jon.

We got burgled last night, so I’m a bit preoccupied today, but I’ll give this a bash when things quieten down.

Hey @Luke_Austin,

Well that is a pain, Hopefully everything is ok and they catch whoever did it.

Ah, they never get caught. Bikes are the new target of organised crime, it’s a nightmare - we’ve had 5 years of this now.

No dice - same error - I’ve checked / double checked my credentials, and they are exactly the same as the ones for FileZilla that work.

I’ve contacted the server owner, and asked for a copy of the FTPD config, so i’ll forward it on when i get a response.

Created a bug report on git too: FTP Node: HTTP Error 500 · Issue #2906 · n8n-io/n8n · GitHub

Hey @Luke_Austin,

Just spotted the bug report was about to send the user here, For now I will pop a note on it to say we are dealing with it here.

Out of interest and this is a big ask, Would you be able to make an FTP user that I can test with you can DM me the details if you are happy to do it?

If you just do a list does that fail as well or is it just an upload / download that fails?

Hi Jon,

I can pass on my credentials with that server, no problem - they are IP locked, so i’ll need to route you through my VPN. I’ll DM details to you.

The List command throws an error elsewhere in ftp.node.js, so my theory remains that there’s a minor error command being thrown back by the server that the node is not ignoring, but filezilla just takes it on the nose.

Hi @Luke_Austin,

That is a possibility, Looking at the node we do hande one error but the connection should for just a list should work as it did in my testing. I am just wondering if there is some odd config issue at play here, The Filezilla outputs we have are almost identical other than mine is supporting IPv6 as well.

I am looking forward to getting to the bottom of this one.

I too have run into this issue Filezilla logs (can connect over plain insecure ftp/ not TLS) server = Pure-FTP

Status:	Connecting to xxx.xxx.xxx.xxx:21...
Status:	Connection established, waiting for welcome message...
Status:	Plain FTP is insecure. Please switch to FTP over TLS.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Directory listing of "/" successful

N8N

ERROR: Unknown command
 Details
Stack
Error: Unknown command
    at makeError (/usr/local/lib/node_modules/n8n/node_modules/@icetee/ftp/lib/connection.js:1128:13)
    at Parser.<anonymous> (/usr/local/lib/node_modules/n8n/node_modules/@icetee/ftp/lib/connection.js:122:25)
    at Parser.emit (node:events:390:28)
    at Parser._write (/usr/local/lib/node_modules/n8n/node_modules/@icetee/ftp/lib/parser.js:61:10)
    at writeOrBuffer (node:internal/streams/writable:389:12)
    at _write (node:internal/streams/writable:330:10)
    at Parser.Writable.write (node:internal/streams/writable:334:10)
    at Socket.ondata (/usr/local/lib/node_modules/n8n/node_modules/@icetee/ftp/lib/connection.js:298:20)
    at Socket.emit (node:events:390:28)
    at addChunk (node:internal/streams/readable:315:12)
    at readableAddChunk (node:internal/streams/readable:289:9)
    at Socket.Readable.push (node:internal/streams/readable:228:10)
    at TCP.onStreamRead (node:internal/stream_base_commons:199:23)

not the 500 error, however from other forum posts people are having issues with this node as well

Hey @wgicio,

Can you pop FileZilla into debug mode and send over the output?

I suspect this could be down to active / passive ftp. In FileZilla another test would be to see if the connection still works if you set up the site to use Passive only.

[active]
Status:	Connecting to xxx.xxx.xxx.xxx:21...
Status:	Connection established, waiting for welcome message...
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 500 allowed.
Response:	220-Local time is now 15:33. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Status:	Plain FTP is insecure. Please switch to FTP over TLS.
Command:	USER [email protected]
Response:	331 User [email protected] OK. Password required
Command:	PASS **********************
Response:	230 OK. Current restricted directory is /
Command:	SYST
Response:	215 UNIX Type: L8
Command:	FEAT
Response:	211-Extensions supported:
Response:	 UTF8
Response:	 EPRT
Response:	 IDLE
Response:	 MDTM
Response:	 SIZE
Response:	 MFMT
Response:	 REST STREAM
Response:	 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:	 MLSD
Response:	 PRET
Response:	 AUTH TLS
Response:	 PBSZ
Response:	 PROT
Response:	 TVFS
Response:	 ESTA
Response:	 PASV
Response:	 EPSV
Response:	 SPSV
Response:	 ESTP
Response:	211 End.
Command:	OPTS UTF8 ON
Response:	504 Unknown command
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Command:	TYPE I
Response:	200 TYPE is now 8-bit binary
Command:	PORT 10,0,58,254,207,118
Response:	200 PORT command successful
Command:	MLSD
Response:	150 Connecting to port 53110
Response:	226 38 matches total
Status:	Directory listing of "/" successful
Status:	Disconnected from server


[passive]
Status:	Connecting to xxx.xxx.xxx.xxx:21...
Status:	Connection established, waiting for welcome message...
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 500 allowed.
Response:	220-Local time is now 15:33. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Status:	Plain FTP is insecure. Please switch to FTP over TLS.
Command:	USER [email protected]
Response:	331 User [email protected] OK. Password required
Command:	PASS **********************
Response:	230 OK. Current restricted directory is /
Command:	SYST
Response:	215 UNIX Type: L8
Command:	FEAT
Response:	211-Extensions supported:
Response:	 UTF8
Response:	 EPRT
Response:	 IDLE
Response:	 MDTM
Response:	 SIZE
Response:	 MFMT
Response:	 REST STREAM
Response:	 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Response:	 MLSD
Response:	 PRET
Response:	 AUTH TLS
Response:	 PBSZ
Response:	 PROT
Response:	 TVFS
Response:	 ESTA
Response:	 PASV
Response:	 EPSV
Response:	 SPSV
Response:	 ESTP
Response:	211 End.
Command:	OPTS UTF8 ON
Response:	504 Unknown command
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is your current location
Status:	Directory listing of "/" successful

So normally after the opts command it would send PASV or EPSV I am not sure why the FileZilla log isn’t show that command though, it could be that it is not taken the passive command properly.

The problem with the ftp node is we don’t support active ftp so it needs to be passive and I suspect the server is not configured to support it, do you have access to the server itself to check the ftp logs?

I will check the logs tomorrow and see if that shows anything. It’s a standard WHM / cPanel / FTP setup which is super common so hopefully get can n8n working out of the box with this type of setup.

Thanks for your help!

Those components are common but the configuration of the firewall and pureftpd itself can be different depending on your server hardening steps or if you followed a guide whatever that says to do.

So with Active FTP it is all done over port 21 but with passive (PASV / EPSV) the initial connection is done over 21 then the server will reply back with another port number for the magic to happen to on which could be anything between 1024 and 65535 depending on configuration.

The library we use for FTP doesn’t support Active FTP which would be the ideal solution or to actual support FTPS, Personally I prefer to use SFTP whenever possible as I find it a nicer protocol and it has some handy inbuilt functions.

So I guess the quick question would be during your setup did you set a port range for passive ftp or was that left as default and has the firewall been set up to block connections on anything that isn’t 21, 22, 80, 443 and the cPanel / WHM ports?

Settings are default,CSF is setup to only allow specific ports (80, 443, 21 etc etc), so if the node needs a random port then this would explain why its not connecting.
I’ll specify some passive ftp port numbers tomorrow and open it up in the firewall and get back to you

1 Like

So after looking into this I’ve found that

In cPanel & WHM version 60 and later, the system enables passive ports 49152 through 65534 for Pure-FTPd servers and ProFTPD servers by default

Those ports were already open on CSF

Apr 23 09:36:26 sydney1 pure-ftpd: ([email protected]) [INFO] [email protected] is now logged in
Apr 23 09:36:26 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [INFO] Logout.


Apr 23 11:04:36 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Apr 23 11:04:36 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-You are user number 2 of 500 allowed.
Apr 23 11:04:36 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-Local time is now 11:04. Server port: 21.
Apr 23 11:04:36 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-This is a private system - No anonymous login
Apr 23 11:04:36 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-IPv6 connections are also welcome on this server.
Apr 23 11:04:36 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220 You will be disconnected after 15 minutes of inactivity.
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]) [DEBUG] Command [user] [[email protected]]
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]) [DEBUG] 331 User [email protected] OK. Password required
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>]
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]) [INFO] [email protected] is now logged in
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 230 OK. Current restricted directory is /
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [feat] []
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 211-Extensions supported:#015#012 UTF8#015#012 EPRT#015#012 IDLE#015#012 MDTM#015#012 SIZE#015#012 MFMT#015#012 REST STREAM#015#012 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;#015#012 MLSD#015#012 PRET#015#012 AUTH TLS#015#012 PBSZ#015#012 PROT#015#012 TVFS#015#012 ESTA#015#012 PASV#015#012 EPSV#015#012 SPSV#015#012 ESTP
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 211 End.
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [opts] [UTF8 ON]
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 504 Unknown command
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [type] [I]
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 200 TYPE is now 8-bit binary
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [epsv] []
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 500 Unknown command
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [INFO] Logout.
Apr 23 11:04:37 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 500 Logout.

The good news is I can see the issue in that log file, the server is saying it supports EPSV and that command is being sent but the server is then saying the command is incorrect (last 4 lines of that log snippet).

I wonder if the default pureftpd config is broken in some way, does the config have an option to disable EPSV it could be that it is set to disabled but is still reporting as available.

This is the log from a filezilla session

Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-You are user number 1 of 500 allowed.
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-Local time is now 16:22. Server port: 21.
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-This is a private system - No anonymous login
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-IPv6 connections are also welcome on this server.
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220 You will be disconnected after 15 minutes of inactivity.
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] Command [user] [[email protected]]
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] 331 User [email protected] OK. Password required
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>]
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]) [INFO] [email protected] is now logged in
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 230 OK. Current restricted directory is /
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [opts] [UTF8 ON]
Apr 23 16:22:55 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 504 Unknown command
Apr 23 16:22:56 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [pwd] []
Apr 23 16:22:56 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 257 "/" is your current location
Apr 23 16:23:01 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [cwd] [social-videos]
Apr 23 16:23:01 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 250 OK. Current directory is /social-videos
Apr 23 16:23:01 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [pwd] []
Apr 23 16:23:01 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 257 "/social-videos" is your current location
Apr 23 16:23:02 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [type] [I]
Apr 23 16:23:02 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 200 TYPE is now 8-bit binary
Apr 23 16:23:02 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [pasv] []
Apr 23 16:23:02 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 227 Entering Passive Mode (xxx,xxx,xxx,xxx,244,194)
Apr 23 16:23:02 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [mlsd] []
Apr 23 16:23:02 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 150 Accepted data connection
Apr 23 16:23:02 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 226 236 matches total

Go it working, setting “BrokenClientsCompatibility” to “no” in pure-ftpd.conf is the answer

 32 # Turn on compatibility hacks for broken clients
   33 
   34 BrokenClientsCompatibility   no
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [INFO] New connection from 1xxx.xxx.xxx.xxx
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-You are user number 1 of 500 allowed.
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-Local time is now 16:35. Server port: 21.
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-This is a private system - No anonymous login
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220-IPv6 connections are also welcome on this server.
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] 220 You will be disconnected after 15 minutes of inactivity.
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] Command [user] [[email protected]]
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] 331 User [email protected]. Password required
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [DEBUG] Command [pass] [<*>]
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]) [INFO] [email protected] now logged in
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 230 OK. Current restricted directory is /
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [feat] []
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 211-Extensions supported:#015#012 UTF8#015#012 EPRT#015#012 IDLE#015#012 MDTM#015#012 SIZE#015#012 MFMT#015#012 REST STREAM#015#012 MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;#015#012 MLSD#015#012 PRET#015#012 AUTH TLS#015#012 PBSZ#015#012 PROT#015#012 TVFS#015#012 ESTA#015#012 PASV#015#012 EPSV#015#012 SPSV#015#012 ESTP
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 211 End.
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [opts] [UTF8 ON]
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 504 Unknown command
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [type] [I]
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 200 TYPE is now 8-bit binary
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [epsv] []
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 229 Extended Passive mode OK (|||51291|)
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] Command [list] [/]
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 150 Accepted data connection
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 226-Options: -a -l
Apr 23 16:35:23 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 226 5 matches total
Apr 23 16:35:24 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [INFO] Logout.
Apr 23 16:35:24 sydney1 pure-ftpd: ([email protected]@xxx.xxx.xxx.xxx) [DEBUG] 226 Logout.

Thanks so much for your help @Jon !!!

1 Like

Solid fix thanks for sharing.