Destinations‎ > ‎

FTP and FTPS

While FTP is not a secure protocol, it can be useful in some circumstances such as an onsite backup server where connection security is "good enough".  Both regular FTP and secure FTP are supported.


Selective Download


Selective download is supported on FTP destinations, allowing HB to download only the parts of files that are needed for an operation, saving time, bandwidth, and download costs.


type (required)


May be ftp for regular FTP, or ftps for FTP with a secure control channel.  ftps encrypts the userid, password, and commands, but does not encrypt file transfers since all of HB's files are already encrypted.


host (required)


Specifies the FTP server's address by:

  • a system without a domain name that is in the host table or DNS
  • a fully qualified domain name
  • an IP address

userid and password


Specfies the userid and password to login to the FTP server.  These are usually in a special FTP config file, or your FTP server may be setup to use the regular userid and password on the system.  For anonymous ftp, userid and password are omitted.


One way to have a somewhat secure anonymus ftp server is to use chmod to put x access (cd only) on the main ftp directory and any standard directories like incoming, etc, and pub.  Users cannot read or write files there, or list contents.  Then create subdirectories with unpredictable names for each backup user.  One way to do this is with hexdump:


    $ hexdump -n4 </dev/random

    0000000 8d 5c 59 fe


This gives over 4 billion possibilities, or use -n8 to get more.


As root, create each user's ftp backup directory, for example:


    # mkdir ~ftp/john_smith_8d5c59fe

    # chmod 770 ~ftp/john_smith_8d5c59fe


This effectively puts a 32-bit random password on each user's backup directory without having to do a lot of ftp server administration.  Be sure to test get, put, and del commands in this setup, and make sure users cannot cd up and do ls commands.


dir


If present, a cd command is sent after logging in.  If the directory does not already exist on the FTP server, HB will try to create it.  The directory is used without modifications, so a directory without a leading slash will be a subdirectory on the FTP server.  If there is no dir keyword, backups will be sent to the initial FTP login directory.


port


For better security it is recommended to setup an FTP server on a non-standard port rather than the default ports.  If omitted, the default port is used.


restart


Failed FTP uploads are restarted by default.  If this is not desired or causes problems with your FTP server, add restart false.


rate


Limits outgoing bandwidth for each worker.  See Destinations for details.


idle


FTP destinations try to keep the connection to a server open for a while after each operation to avoidmaking another connection.  This keyword specifies how long in seconds the connection can stay idle before HB closes it.  The default is 15 seconds.


Example


destname myftp

type ftp

host ftp.myserver.com

port 21

userid jim

password mypass

dir hashbackup

Comments