Hello Alexander,

I'm using lftp-3.0.13 with these settings:

  set ftp:ssl-force true
  set ftp:ssl-protect-list true
  set ftp:ssl-protect-data false

I am doing FXP between two sites using the 'mirror' command.  I noticed that
lftp sends 'PROT P' before its dir listing (which is correct), but when it
wants to transfer a file, it issues 'PROT C' _before_ it sends PASV/PORT, and
then it sends STOR/RETR.  That means the last PASV/PORT commands were not
encrypted, correct?  I think all commands should be encrypted (dir listing and
control connection).  Can the order be changed to reflect:

1) login
2) PROT P/PROT P    (encrypt dir listing and control connection)
3) LIST/LIST        (see what's there)
4) PASV/PORT        (to send file)
5) PROT C/PROT C    (don't encrypt file transfer)
6) STOR/RETR        (transfer file)
7) PROT P/PROT P    (back to default protection mode)

I want all commands being sent to the servers to be encrypted, not just dir
listing, so that includes PASV/PORT commands.  I've included some output below.
 

Also, I see PROT C being issued three times (below), not sure why.  Take care!

-Vahid



*** Login/authenticate here...

---> PROT P
---> PROT P
<--- 200 Protection set to Private
---> TYPE A
<--- 200 Type set to A.
---> PASV
<--- 200 Protection set to Private
---> PASV
<--- 227 Entering Passive Mode (1,1,1,1,78,127)
---- Connecting data socket to (1.1.1.1) port 20095
---> LIST
<--- 227 Entering Passive Mode (2,2,2,2,34,17)
---- Connecting data socket to (2.2.2.2) port 8721
---> LIST
<--- 150 Opening ASCII mode data connection for directory listing.
---- Got EOF on data connection
---- Closing data socket
---> TYPE I
<--- 200 Type set to I.
<--- 150 Opening BINARY mode data connection for directory listing.
---- Got EOF on data connection
---- Closing data socket
---> TYPE I
<--- 200 Type set to I.
copy src: seek past eof (seek_pos=0, size=0)
copy: get hit eof
copy: waiting for put confirmation
---> PROT C
copy: put confirmed store
copy: get is finished - all done
---> PROT C
<--- 200 Protection set to Clear
---> PROT C
<--- 200 Protection set to Clear
---> PASV
<--- 200 Protection set to Clear
<--- 227 Entering Passive Mode (1,1,1,1,78,188)
---> PORT 1,1,1,1,78,188
<--- 200 PORT command successful.
---> STOR myfilehere.bin
---> RETR myfilehere.bin


=====
Make it better before you make it faster.
=====

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Reply via email to