Opened 3 years ago
Last modified 3 years ago
#12663 moreinfo Bug report
Error: Please verify the user name and password used to connect.
| Reported by: | itsupport | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | FileZilla Client |
| Keywords: | Cc: | ||
| Component version: | Operating system type: | Windows | |
| Operating system version: |
Description
Hello,
We have FileZilla Pro and connecting to an S3 bucket via a IAM user creds access and secrete key. The policy we have will allow users to see all buckets and go inside the buckets to view sub-folders.
However we are having an issue with connecting to the actual buckets with it returning an error "Error: Please verify the user name and password used to connect"
Any thoughts as to why this is happening when the policy should allow the access? Just another piece of info. We also use cloudberry and it allows access to those buckets.
Attachments (1)
Change History (8)
comment:1 by , 3 years ago
| Status: | new → moreinfo |
|---|
by , 3 years ago
| Attachment: | FileZilla.log added |
|---|
Here is a copy of the log when it happens. I have my keys stored in the site manager like they should so I don't know why it's asking for username and password to be verified.
comment:3 by , 3 years ago
| Status: | moreinfo → new |
|---|
The policy does have s3:ListBucket. I will let you know I am using a wildcard in the Resource bucket name in order for it to find the name in over 200 bucekts. I'm not sure if FileZilla doesn't like the use of this wild card.
I was able to take a full bucket name and add it to the policy and was able to connect right away to that bucket. Example is below
"Resource": [
"arn:aws:s3:::Thisisatest-client-prd*"
comment:5 by , 3 years ago
| Status: | new → moreinfo |
|---|
Not sure I understand the example, it doesn't contain a full bucket name. Is it truncated? Another oddity with the example is the uppercase letter in the ARN.
Since listing available buckets works, but listing the objects within a bucket doesn't, means that at the very least the provided credentials are working and recognized by AWS. However the policy doesn't allow access to the requested bucket.
comment:6 by , 3 years ago
| Status: | moreinfo → new |
|---|
The example is showing the bucket name with a wild card. We have over 200 buckets that follow the same suit starting out with "awscheetah-client-prd-xxxxx" xxxxx representing the client name/id. We use a wild card * at the end of the first part so that it recognizes all of the clients instead of having to completely write out the whole bucket for each client which would make the policy giant.
Inside our policy we list our sub-folders inside the buckets which should allow us to go inside that bucket and view those folders. We have this same policy for several users and it works everywhere minus FileZilla.
Does FileZilla restrict using wildcards inside a bucket policy name vs listing out the whole bucket name?
comment:7 by , 3 years ago
| Status: | new → moreinfo |
|---|
Inside our policy we list our sub-folders inside the buckets which should allow us to go inside that bucket and view those folders. We have this same policy for several users and it works everywhere minus FileZilla.
What about the permissions to list from the root of that bucket? If you do not have permission to list the root, you need to enter the specific subdirectory in the bucket as default remote directory in the Site Manager, e.g. /bucketname/subdir/you/can/access
Does FileZilla restrict using wildcards inside a bucket policy name vs listing out the whole bucket name?
Clients do not care at all about what's in a policy. Policies are entirely enforced server-side.
There must be something wrong with your policy. When I create a policy to grant access to specific buckets, with wildcards, and assign this policy to an IAM user, everything works just as expected. Please attach your policy in its entirety so that I can check what may be wrong.
Please attach a complete log of this happening.