FTP and FTPS

While FTP is not a secure protocol, it can be useful in some circumstances such as an onsite backup server where connection security is "good enough". Both regular FTP and secure FTP are supported.

Selective Download

Selective download is supported on FTP destinations, allowing HB to download only the parts of files that are needed for an operation, saving time, bandwidth, and download costs.

type (required)

May be ftp for regular FTP, or ftps for FTP with a secure control channel. ftps encrypts the userid, password, and commands, but does not encrypt file transfers since all of HB’s files are already encrypted.

host (required)

Specifies the FTP server’s address by:

  • a host name without a domain name that is in the host table or DNS, eg, myhost

  • a fully qualified domain name, eg, a.b.c

  • an IP address, eg, 1.2.3.4

userid and password

Specfies the userid and password to login to the FTP server. These are usually in a special FTP config file, or your FTP server may be setup to use the normal system userids and passwords. For anonymous ftp, userid and password are omitted.

One way to have a somewhat secure anonymus ftp server is to use chmod to put x access (cd only) on the main ftp directory and any standard directories like incoming, etc, and pub. Users cannot read or write files there, or list contents. Then create subdirectories with unpredictable names for each backup user. One way to do this is with hexdump:

$ hexdump -n4 </dev/random
0000000 8d 5c 59 fe

This gives over 4 billion possibilities, or use -n8 to get more.

As root, create each user’s ftp backup directory, for example:

# mkdir ~ftp/john_smith_8d5c59fe
# chmod 770 ~ftp/john_smith_8d5c59fe

This effectively puts a 32-bit random password on each user’s backup directory without having to do a lot of ftp server administration. Be sure to test get, put, and del commands in this setup, and make sure users cannot cd up and do ls commands.

dir

If present, a cd command is sent after logging in. If the directory does not already exist on the FTP server, HB will try to create it. The directory is used without modifications, so a directory without a leading slash will be a subdirectory on the FTP server. If there is no dir keyword, backups will be sent to the initial FTP login directory.

port

For better security it is recommended to setup an FTP server on a non-standard port rather than the default ports. If omitted, the default port is used.

restart

Failed FTP uploads are restarted by default. If this is not desired or causes problems with your FTP server, add restart false.

rate

Limits outgoing bandwidth for each worker. See Destination Setup for details.

idle

FTP destinations try to keep the connection to a server open for a while after each operation to avoid making another connection. This keyword specifies how long in seconds the connection can stay idle before HB closes it. The default is 15 seconds.

Example

destname myftp
type ftp
host ftp.myserver.com
port 21
userid jim
password mypass
dir hashbackup