FTP

I am thinking about how to use FTP in a secure way. Some notes on my way there  ...

History and standards

• The original FTP protocol seems to be defined by RFC 959 http://www.cis.ohio-state.edu/htbin/rfc/rfc959.html
• Here user and passwords are transferred unencrypted so that they can be sniffed easily.
• Then they introduced a connection over SSL port 990. This is apparently considered obsolete now.
• Now they suggest TSL to secure the connection: RFC 4217 Securing FTP with TLS (http://www.faqs.org/rfcs/rfc4217.html.

Good information

• Good info on port stuff and active and passive ftp on: http://slacksite.com/other/ftp.html
• What also might be useful is this document on FTP TLS current play of state: http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
• How to configure proFTPd under cygwin/windows: http://www.fuzzybuckets.org/fuzzybuckets/archives/2005/11/setting_up_pro...

Client side

• FTP client: My host suggested: gftp which has not been updated 2005 what makes me a little suspicious, http://gftp.seul.org. The geeks seem to prefer lftp. Unfortunately, this seems to be limited to *nix.
• The current state of play in perl doesn't make me to optimistic either. 
  • Net::Lite::FTP - Perl FTP client with support for TLS 
  • Net::FTP is a class implementing a simple FTP client in Perl as described in RFC959,i.e. it is not even intended to help me here.
• Maybe PHP has more to offer. Would be interesting to check.
  • http://www.zend.com/code/codex.php?ozid=1462&single=1
  • Maybe http://www.scriptol.com/scripts/php-ftp-synchronizer.php is what I am looking for?

Server Side

• On the server side: ProFTPD 1.3 is used. That looks good. The server allows personal configuration much like .htaccess with apache. This might save me. There is a very good document: http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html

Consequences

• But I need to send my user name unencrypted to make use of this, then switch to AUTH TLS, then send password and possibly switch back to non encrypted if I have firewall problems.
• Since I have control of my firewall I might be able to use active.