FTP and FTPS
While FTP is not a secure protocol, it can be useful in some circumstances such as an onsite backup server where connection security is "good enough". Both regular FTP and secure FTP are supported.
Selective download is supported on FTP destinations, allowing HB to download only the parts of files that are needed for an operation, saving time, bandwidth, and download costs.
ftp for regular FTP, or
ftps for FTP with a secure control
ftps encrypts the userid, password, and commands, but does
not encrypt file transfers since all of HB’s files are already
Specifies the FTP server’s address by:
a host name without a domain name that is in the host table or DNS, eg, myhost
a fully qualified domain name, eg, a.b.c
an IP address, eg, 184.108.40.206
Specfies the userid and password to login to the FTP server. These are usually in a special FTP config file, or your FTP server may be setup to use the normal system userids and passwords. For anonymous ftp, userid and password are omitted.
One way to have a somewhat secure anonymus ftp server is to use chmod to put x access (cd only) on the main ftp directory and any standard directories like incoming, etc, and pub. Users cannot read or write files there, or list contents. Then create subdirectories with unpredictable names for each backup user. One way to do this is with hexdump:
$ hexdump -n4 </dev/random 0000000 8d 5c 59 fe
This gives over 4 billion possibilities, or use
-n8 to get more.
As root, create each user’s ftp backup directory, for example:
# mkdir ~ftp/john_smith_8d5c59fe # chmod 770 ~ftp/john_smith_8d5c59fe
This effectively puts a 32-bit random password on each user’s backup directory without having to do a lot of ftp server administration. Be sure to test get, put, and del commands in this setup, and make sure users cannot cd up and do ls commands.
If present, a cd command is sent after logging in. If the directory
does not already exist on the FTP server, HB will try to create it.
The directory is used without modifications, so a directory without a
leading slash will be a subdirectory on the FTP server. If there is
dir keyword, backups will be sent to the initial FTP login
For better security it is recommended to setup an FTP server on a non-standard port rather than the default ports. If omitted, the default port is used.
Failed FTP uploads are restarted by default. If this is not desired
or causes problems with your FTP server, add
Limits outgoing bandwidth for each worker. See Destination Setup for details.
FTP destinations try to keep the connection to a server open for a while after each operation to avoid making another connection. This keyword specifies how long in seconds the connection can stay idle before HB closes it. The default is 15 seconds.
destname myftp type ftp host ftp.myserver.com port 21 userid jim password mypass dir hashbackup