32

Using any FTP client (I'm on Ubuntu 12.04 and tried using lftp), I want to be able to make an implicit TLS connection to a FTP server, but I can't quite manage to successfully connect. All I am getting is: 'ls' at 0 [Delaying before reconnect 29]

Greg Dubicki
  • 348
  • 4
  • 15
dominicbri7
  • 421
  • 1
  • 4
  • 5

3 Answers3

44

Give this a try:

$ lftp
lftp :~> set ftp:ssl-force true
lftp :~> connect ftp.domain.tld
lftp ftp.domain.tld:~> login <username>

NOTE: If the server is making use of self signed certificates you may need to add this set as well:

lftp :~> set ssl:verify-certificate no
slm
  • 363,520
  • 117
  • 767
  • 871
  • 3
    and for explicit? can't find how to choose this with lftp – Lluís Jun 21 '16 at 12:21
  • @tictacbum Does [this other discussion thread](http://lftp.uniyar.ac.narkive.com/Orp3BESx/having-problems-with-explicit-ssl-ftps#post6) help? – summea Aug 16 '17 at 22:35
  • Sorry, but with quite recent `lftp` 4.8.1 it doesn't work: ```gdubicki@mac ~ $ lftp -d lftp :~> set ftp:ssl-force true lftp :~> connect ftp.myserver.com ---- Resolving host address... ---- 1 address found: 111.222.111.222 lftp ftp.myserver.com:~> login someuser Password: lftp [email protected]:~> ls ---- Connecting to ftp.myserver.com (111.222.111.222) port 21 <--- 220 Service ready for new user. ---> FEAT <--- 530 Access denied. ---> AUTH TLS <--- 234 Command AUTH okay; starting TLS connection.``` - you can see that this is explicit SSL because of `AUTH` command is used. – Greg Dubicki Feb 04 '19 at 21:05
  • @Lluís : see my answer for both implicit and explicit. – Greg Dubicki Feb 04 '19 at 21:08
8

For implicit TLS / SSL using lftp please do these commands:

connect ftps://ftp.domain.tld

Note that this will connect you to port 990 directly using TLS.


For explicit TLS / SSL:

set ftp:ssl-force true
connect ftp://ftp.domain.tld

...which will connect you to port 21 with plain-text initially but then will explicitly switch you to TLS using FTP protocol AUTH command.


You can add -d parameter to connect (like connect -d ftp://ftp.domain.tld) to enable debug output to ensure that you are connecting using the method you want.


Tested on lftp v. 4.8.4.

Greg Dubicki
  • 348
  • 4
  • 15
1

In case the link that @summea refers to above disappears, the pertinent info that solved this issue for me was this option:

set ftp:ssl-auth TLS
Chris Paul
  • 19
  • 2
  • This option alone does nothing as it's the default auth method (inless call to FEAT responds with SSL, but it's deprecated nowadays). – Greg Dubicki Feb 04 '19 at 21:02