On Nov 13, 2009, at 19:24, Don Tveter wrote: > I've been using plain ftp for a long time but I just became aware that it is > not encrypting passwords. I've been trying to find a clear answer as to > whether or not your lftp program does that. > Will lftp to my website like so: lftp dontveter.com encrypt the password or > do I need to set more parameters?
The default setting is to automatically encrypt the command channel, including the user authentication, if the server supports it. (That's assuming your copy of lftp was built with support for encryption in the first place.) You can also set an option to refuse sending your password in the clear: set ftp:ssl-force yes This way if the server doesn't support encryption, lftp will refuse to connect. You can also limit that option, like any other option, to your site only: set ftp:ssl-force/dontveter.com yes And you can put that in your $HOME/.lftp/rc file so you don't have to set it manually every time.
