FTP and FTPS
While FTP is not a secure protocol, it can be useful in some circumstances such as an onsite backup server where connection security is "good enough". Both regular FTP and secure FTP are supported.
Selective Download
Selective download is supported on FTP destinations, allowing HB to download only the parts of files that are needed for an operation, saving time, bandwidth, and download costs.
type
(required)
May be ftp
for regular FTP, or ftps
for FTP with a secure control
channel. ftps
encrypts the userid, password, and commands, but does
not encrypt file transfers since all of HB’s files are already
encrypted.
host
(required)
Specifies the FTP server’s address by:
-
a host name without a domain name that is in the host table or DNS, eg, myhost
-
a fully qualified domain name, eg, a.b.c
-
an IP address, eg, 1.2.3.4
userid
and password
Specfies the userid and password to login to the FTP server. These are usually in a special FTP config file, or your FTP server may be setup to use the normal system userids and passwords. For anonymous ftp, userid and password are omitted.
One way to have a somewhat secure anonymus ftp server is to use chmod to put x access (cd only) on the main ftp directory and any standard directories like incoming, etc, and pub. Users cannot read or write files there, or list contents. Then create subdirectories with unpredictable names for each backup user. One way to do this is with hexdump:
$ hexdump -n4 </dev/random
0000000 8d 5c 59 fe
This gives over 4 billion possibilities, or use -n8
to get more.
As root, create each user’s ftp backup directory, for example:
# mkdir ~ftp/john_smith_8d5c59fe
# chmod 770 ~ftp/john_smith_8d5c59fe
This effectively puts a 32-bit random password on each user’s backup directory without having to do a lot of ftp server administration. Be sure to test get, put, and del commands in this setup, and make sure users cannot cd up and do ls commands.
dir
If present, a cd command is sent after logging in. If the directory
does not already exist on the FTP server, HB will try to create it.
The directory is used without modifications, so a directory without a
leading slash will be a subdirectory on the FTP server. If there is
no dir
keyword, backups will be sent to the initial FTP login
directory.
port
For better security it is recommended to setup an FTP server on a non-standard port rather than the default ports. If omitted, the default port is used.
restart
Failed FTP uploads are restarted by default. If this is not desired
or causes problems with your FTP server, add restart false
.
rate
Limits outgoing bandwidth for each worker. See Destination Setup for details.
idle
FTP destinations try to keep the connection to a server open for a while after each operation to avoid making another connection. This keyword specifies how long in seconds the connection can stay idle before HB closes it. The default is 15 seconds.
Example
destname myftp
type ftp
host ftp.myserver.com
port 21
userid jim
password mypass
dir hashbackup