On Apr 26, 2010, at 10:48, Thomas Samoht wrote: > 1. When using AUTH TLS, I can see PBSZ 0 and PROT P. I haven't read the RFC, > but I hope this means that > both command, and data channel are encrypted. Am I correct?
Not necessarily, that depends on the ftp:ssl-protect-data option. set ftp:ssl-protect-data yes if you want to encrypt the data channel too. It is off by default. You'll probably want ftp:ssl-force too, and set up certificate verification for the server to make sure you're really talking to the server you think you do. Search for "ftp:ssl" in the man page for more information. You can also limit these settings to the given site only: set ftp:ssl-force/ftp.example.com yes > 2. Is there a way to store "user/password" combinations somewhere in a file > and only use a passphrase to that file > for authentication (like with SSH), e.g. You can use the standard .netrc file like any other ftp client, or set up bookmarks in ~/.lftp/bookmarks. These are of course plain text files with the password also stored in plain text though. Search for "bookmark" in the man page. > 4. When I use the mirror -R, I can see the following behaviours. Correct me, > if I'm wrong. > If the file is present, and it is the same then the one on the local site, > nothing is transferred. Only timestamp and size are compared, if the file changed somehow with those staying the same, they won't get updated. > Is there an option to > -1- rename the old file "filename" to "filename.back" > -2- transfer the data to the remote site > -3- remove filename.back > or maybe better > -1- rename the old file "filename" to "filename.timestamp" (format given by > the lftp user) > -2- transfer the new file No, none of the above. That's up to you to devise a script. Running the mirror command with --script=FILE or --dry-run and parsing the output might help. Look for "get -e" commands and add a rename before them. > Reasonal for 2: I want to do the backup and mirroring process to be done > automatically, and I don't like passwords in the clear > (other uses might see the password in the process list) With cooperation from the server you could set up TLS authentication using keys and certificates only, without passwords. Or you could just use the SFTP protocol with an SSH2 server and use any ssh authentication method. But if seeing the password in the process list is you only concern then of course that's easily avoided by storing the password in any initialization or script file.
