All geek questions in one place

How to force lftp to use the SSL / TLS security mechanism from the command line?

I am trying to login to the ftps website. I tried to provide login credentials on the command line (and putting the set options in ~/.lftprc ) and then open an lftp session and typing these parameters using the lftp job control statements. Despite this, I continue to beat the same checkpoint:

  421 Sorry, cleartext sessions are not accepted on this server. Please reconnect using SSL/TLS security mechanisms.

I got the highest value with the following parameters, but keep getting the error above.

How do I get lftp to use the SSL / TLS security mechanism from the command line?

The goal is to script access this ftps site using bash (programming without using expect ).

  lftp lftp :~> set ssl-allow false lftp :~> set passive-mode yes lftp :~> open ftp.abc.com lftp ftp.abc.com:~> login theuser Password: lftp theuser@ftp.abc.com :~> cd `cd' at 0 [Delaying before reconnect: 26] CTRL-C lftp theuser@ftp.abc.com :~> debug lftp theuser@ftp.abc.com :~> cd ---- Connecting to ftp.abc.com (XX.XXX.XX.XX) port 21 <--- 220-Welcome to the Yahoo! Web Hosting FTP server <--- 220-Need help? Get all details at: <--- 220-http://help.yahoo.com/help/us/webhosting/gftp/ <--- 220- <--- 220-No anonymous logins accepted. <--- 220-Yahoo! <--- 220-Local time is now 15:30. Server port: 21. <--- 220-This is a private system - No anonymous login <--- 220 You will be disconnected after 5 minutes of inactivity. ---> FEAT <--- 211-Extensions supported: <--- EPRT <--- IDLE <--- MDTM <--- SIZE <--- MFMT <--- REST STREAM <--- MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*; <--- MLSD <--- XDBG <--- AUTH TLS <--- PBSZ <--- PROT <--- TVFS <--- ESTA <--- PASV <--- EPSV <--- SPSV <--- ESTP <--- 211 End. ---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid; <--- 200 MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique; ---> USER theuser <--- 421 Sorry, cleartext sessions are not accepted on this server. Please reconnect using SSL/TLS security mechanisms.
+7
source share
6 answers

lftp: ~> set ssl-allow false

You have explicitly set ssl-allow to false. But this should be true if lftp should try to use SSL.

+16
source

It seems that lftp is incorrectly configured on many systems, which makes it impossible to verify server certificates (which leads to Fatal error: Certificate verification: Not trusted ).

The network (and the answers in this post) is full of suggestions on how to fix this by disabling certificate verification or encryption. This is unsafe because it allows man-in-the-middle attacks to go unnoticed.

The best solution is to properly configure certificate verification, which, fortunately, is simple. To do this, add the following line to /etc/lftp.conf (or, alternatively, ~/.lftp/rc or ~/.config/lftp/rc ):

 set ssl:ca-file "/etc/ssl/certs/ca-certificates.crt"

ca-certificates.crt is a file that contains all the CA system certificates. The location used above is that of Ubuntu and may vary on different systems. To generate or update the file, run update-ca-certificates :

 sudo update-ca-certificates

If your system does not have this command, you can create it manually as follows:

 cat /etc/ssl/certs/*.pem | sudo tee /etc/ssl/certs/ca-certificates.crt > /dev/null
+12
source

You may also need

 set ssl:verify-certificate no
+8
source

Setting ftp:ssl-allow true did not work for me.

By typing set :

 lftp :~> set

I noticed this:

 set ftp:ssl-allow true set ftp:ssl-allow/XXX.XXX.XXX.XXX no

with XXX.XXX.XXX.XXX being the server I logged in to.

So, the final set of commands I needed was:

 lftp :~> set ftp:ssl-allow true lftp :~> set ftp:ssl-allow/XXX.XXX.XXX.XXX true lftp :~> set ssl:verify-certificate no
+3
source

Lftp version must be> = 4.6.3 (Debian user)

+1
source

This worked for me to connect to the FTPS server (with port 990, but not required) using lftp

code: lftp ftps://USER: PASSWORD@server.com -c "set ssl:verify-certificate false;"

then: do things

more info in: how to avoid lftp -c certificate error

0
source

Source: https://habr.com/ru/post/969930/

More articles:


All Articles