On Tuesday 31 May 2011 11:47:58 pm Daniel Fazekas wrote: > I too got confused by that name though last time, so don't even use > "ftps://" with lftp since that is for implicit ftps, sorry about the bad > advice. For explicit TLS just open it like "ftp://"; or you don't even need > to specify a protocol since ftp is the default. Using an encrypted control > connection when available is also turned on by default in lftp (set > ftp:use-feat yes, set ftp:ssl-allow yes). > > So you really don't have to do anything but open it normally like > $ lftp jack.masquilier....@ftp.ocsa-data.net > > and you should be good to go.
Thanks. It works indeed, but I am back to my own starting point. I was trying the ftps:// prefix to force a secure connection (maybe I was too clever for my own good). With the settings you suggest, how do I know I have a secure connection? What tell-tale sign can I look to to ascertain that my connection is secure and that the credentials (username, password) have not been sent in clear over the network? Again, the man page does not differentiate between the various protocols, so I am double-plus unclear as to what options are available for which protocol. You advise: set ftp:ssl-allow true I tried: set ftp:ssl-force true but I get: "Login failed: ftp:ssl-force is set and server does not support or allow SSL" What's odd is the ftp:use-feat option. I tried to set it to on then to off, copying the debug output into 2 text files, and then using diff to spot the differences. The following lines are only present with: set ftp:use-feat true ---> FEAT <--- 211-Extensions supported: <--- EPRT <--- IDLE <--- MDTM <--- SIZE <--- REST STREAM <--- MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; <--- MLSD <--- ESTP <--- PASV <--- EPSV <--- SPSV <--- 211 End. ---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid; <--- 200 MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique The following lines are only present with: set ftp:use-feat false ---> AUTH TLS <--- 234 AUTH TLS OK. Certificate depth: 1; subject: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supportatcacert.org; issuer: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=supportatcacert.org So, what's weird is that AUTH TLS and the certificate details are only present when use-feat is set to FALSE! So, how do I know that the connection is secure? How to prevent unsecure connections with FTPS (explicit) knowing that ftp:ssl-force true does not work (see above)? When searching the web earlier, I found other people asking very similar questions. There is a lot of confusion surrounding these topics; that's why I am offering, with your help, to clearly document all of this. Thanks again, Augustin. -- Friends: http://www.reuniting.info/ My projects: http://astralcity.org/ http://3enjeux.overshoot.tv/ http://linux.overshoot.tv/ http://overshoot.tv/ http://charityware.info/ http://masquilier.org/ http://openteacher.info/ http://minguo.info/ http://www.wechange.org/ http://searching911.info/ .
