Show/Hide Toolbars

 

Navigation: » No topics above this level «

FTP Connection

 Scroll Prev Top Next More

 

About FTP

 

File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet.

 

FTP is built on a client-server architecture and uses separate control and data connections between the client and the server. FTP users may authenticate themselves using a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that hides (encrypts) the username and password, and encrypts the content, FTP is often secured with SSL/TLS ("FTPS"). SSH File Transfer Protocol ("SFTP") is sometimes also used instead, but is technologically different.

 

The first FTP client applications were command-line applications developed before operating systems had graphical user interfaces, and are still shipped with most Windows, Unix, and Linux operating systems. Dozens of FTP clients and automation utilities have since been developed for desktops, servers, mobile devices, and hardware, and FTP has been incorporated into hundreds of productivity applications, such as Web page editors.

 

"Implicit SSL" versus "explicit SSL" (per RFC 2228)

 

Connecting securely and authenticating are two distinct methods of establishing a secure connection with a FTP server. In the first case, the Secure FTP server may first require a SSL connection to be established, before the initial welcome message is sent. This is called an implicit SSL connection. In the second case, the connection is established in clear text and a special FTP command must be sent to the Secure FTP server to change the connection into a secure connection. This is called an explicit SSL connection.

 

In most cases, FTP servers that support SSL authentication will accept a normal connection on port 21. Once the connection is established, it is necessary to authenticate before logging in, using the Authenticate method. When explicitly securing the connection, it is also possible to secure data connections using the overload of the Authenticate method which requires a DataChannelProtection ENUM as a parameter.

 

Servers that require an implicit SSL connection usually listen on port 990 rather than 21

 

Protocol variants

 

FTP

FTP SSL Explicit

FTP SSL Implicit

FTP TLS Explicit

FTP TLS Implicit

 

 

Connection settings

 

Main settings tab

 

clip0asdffsdds25

 

Protocol type

VisualCron is able to connect using regular FTP and FTPS (with implicit and explicit encryption). Regular FTP offer no security and information is not encrypted. VisualCron supports both SSL 3.0 and TLS (SSL 3.1). SSL and TLS are protocols layered above connection protocols (such as TCP/IP) but beneath application protocols (such as FTP) that provide encrypted, authenticated communications between a client and a server.

 

Brute force test

When using FTP and you are unsure of connection properties you can use the Brute force test tool to test all connection combinations. Note, brute force test option is only available for FTP protocol.

.

Name

This is a descriptive name of the connection to distinguish from other connections.

 

Address

This is the host address to the server. It could be a DNS name or IP number.

 

Port

This is the remote connection port. Default port for regular FTP is 21. Default port for Implicit FTPS is 990.

 

Timeout

Sets the timeout for the operation.

 

Authentication tab

 

clip00asdfdfsdfdsfdfsfd49

 

Authentication type

Authentication type can either by password or public key. For the FTP protocol only password authentication is available. When using SFTP together with public key authentication you have to specify a path to a private key file.

 

Anonymous login

If your connection does not require a username and password this box should be checked.

 

Username

The username for the connection.

 

Password

The password for the connection.

 

ACCT

This property is only for some proxies that require ACCT value. FTP protocol only.

 

Public key group

These options are only used when using Public key authentication.

 

Private key file

This is the private key you have received from server administrator

 

Password

The password for the public key.

 

Override authentication

When authenticating we normally try both Password and Keyboard authentication. Some servers do not support our "auto authentication". Uncheck this and check the specified type of authentication you want to use.

 

Encryption tab

 

clip0049ftpencryption

 

Use data channel encryption (PROT P)

If this property value is True the channel used for data transfer (files, directory listings) will be encrypted, otherwise only command channel will be encrypted.

 

Use command channel encryption

If this property value is True the command channel will be encrypted.

 

Certificates tab

For the FTP SSL/TLS connection types, an extra Certificates tab is provided.

 

clip333444109

 

Client certificates

Client certificates can be sent to the FTP server when connecting (implicit SSL) or when authenticating (explicit SSL). If the client certificate should be rejected by the server, an exception will be issued and the Task can not continue.

 

To add a client certificate, you need to click on Server -> Certificates. VisualCron is able to store certificates within itself. These certificates can be created by VisualCron or imported from other source. When you have create a Certificate you need to select it in the list of Certificates in the Certificates tab of the Connection properties.

 

Server certificates

The certificate that is received from the FTP server is verified against the VerificationFlags provided at connection or authentication. By default, if a certificate received from an FTP server contains anomalies, it will be rejected. If no anomalies are detected, it will be accepted. This behavior can be overridden by checking the Auto-accept server certificates checkbox. If not checked and a certificate anomaly is detected, a popup will be shown (if the client is logged in). The popup message will show why the server certificate was initially connected. You can choose to "Accept" or "Deny" the certificate. If accepted, it will be saved and you will not be asked again unless the server certificate has changed.

 

Proxy tab

Proxy servers allow a client to make indirect network connections. The client connects to the proxy, makes a request for a connection, file, etc. The proxy server then provides this resource by getting it from the requested address or by retrieving it from its cache. The advantages of using a proxy server can include filtering, connection sharing, increased speed and decreased bandwidth use. HTTP proxy servers are web servers that relay requests from a client to an external FTP server.

 

clipdfg44444444444dffnnnn0025

 

Proxy type

The FTP implementation supports the HTTP proxy type and the SFTP implementation supports the SOCKS4 and SOCKS5 proxy types.

 

Address

Host name or IP number of the proxy server.

 

Port

Port of the proxy server.

 

Username

A username to access the proxy server.

 

Password

A password to access the proxy server.

 

Use proxy for data channel

By default, proxy is used for the data (sending channel). Uncheck this to circumvent proxy.

 

 

Extra settings tab

 

clip0049extrasettings

 

Transfer type

Select if you want to transfer through binary (default) or ascii mode.

 

Data connection type

This value is indicating if the FTP client should initiate the data connection rather than the FTP server.

 

If set to PASV, the PASV command will be sent to the FTP server rather than the PORT command. This results in that the FTP server will listen on a data port (other than its default) and wait for a data connection to be established by the FTP client. The reply to the PASV command includes the host and port address the FTP server is listening on.

 

If set to PORT, the PORT command will be sent and the FTP client will listen for an incoming data connection.

 

The FTP server will establish the data connection upon receipt of a transfer command.

 

Note: If you are having problems with connecting or sending/receiving files to/from a server, try the PASV setting.

 

Automatically adjust passive mode addres for NAT'ed servers

If this property is set to True, in passive mode data transfer, VisualCron will automatically set the address of the remote host to that from the control connection.

 

Log tab

The Log tab provides features to debug/trace the connection.

This tab is not applicable for the email related (SMTP, POP3 and IMAP4) or SQL connection types.

 

clip333444110

 

Log outgoing messages to Task output

All messages sent from VisualCron to the FTP server is logged and stored in the Task output.

 

Log incoming messages to Task output

All messages received from VisualCron to the FTP server is logged and stored in the Task output.

 

 

Troubleshooting

 

Control channel transfer error (error code is 10053)

Try checking "Auto accept all server certificates" in Certificates tab.

 

Server cannot perform SSL/TLS negotiation

FTP server either does not support TLS or SSL. Try switching between those.

 

450 TLS session of data connection has not resumed or the session does not match the control connection

Check the Use SSL session resumption.