While FTP is not a secure protocol, it can be useful in some circumstances such as an onsite backup server where connection security is "good enough". Both regular FTP and secure FTP are supported. Selective Download Selective download is supported on FTP destinations, allowing HB to download only the parts of files that are needed for an operation, saving time, bandwidth, and download costs. type (required) May be ftp for regular FTP, or ftps for FTP with a secure control channel. ftps encrypts the userid, password, and commands, but does not encrypt file transfers since all of HB's files are already encrypted. host (required) Specifies the FTP server's address by:
userid and password Specfies the userid and password to login to the FTP server. These are usually in a special FTP config file, or your FTP server may be setup to use the regular userid and password on the system. For anonymous ftp, userid and password are omitted. One way to have a somewhat secure anonymus ftp server is to use chmod to put x access (cd only) on the main ftp directory and any standard directories like incoming, etc, and pub. Users cannot read or write files there, or list contents. Then create subdirectories with unpredictable names for each backup user. One way to do this is with hexdump: $ hexdump -n4 </dev/random 0000000 8d 5c 59 fe This gives over 4 billion possibilities, or use -n8 to get more. As root, create each user's ftp backup directory, for example: # mkdir ~ftp/john_smith_8d5c59fe # chmod 770 ~ftp/john_smith_8d5c59fe This effectively puts a 32-bit random password on each user's backup directory without having to do a lot of ftp server administration. Be sure to test get, put, and del commands in this setup, and make sure users cannot cd up and do ls commands. dir If present, a cd command is sent after logging in. If the directory does not already exist on the FTP server, HB will try to create it. The directory is used without modifications, so a directory without a leading slash will be a subdirectory on the FTP server. If there is no dir keyword, backups will be sent to the initial FTP login directory. port For better security it is recommended to setup an FTP server on a non-standard port rather than the default ports. If omitted, the default port is used. restart Failed FTP uploads are restarted by default. If this is not desired or causes problems with your FTP server, add restart false. rate Limits outgoing bandwidth for each worker. See Destinations for details. idle FTP destinations try to keep the connection to a server open for a while after each operation to avoidmaking another connection. This keyword specifies how long in seconds the connection can stay idle before HB closes it. The default is 15 seconds. Example destname myftp type ftp host ftp.myserver.com port 21 userid jim password mypass dir hashbackup |
Destinations >