en:navody:lftp:start

lftp

Lftp is command line tool for Linux and Cygwin (Windows).

To install lftp info Cygwin you can use a guide where instead of rsync and openssh component choose lftp.

In GNU/Linux you can install lftp using package manager or download the source code from website. In both cases it is necessary to check whether the program lftp uses GnuTLS or OpenSSL library. This can be done using:

ldd `which /path_to_lftp/lftp`

Fragment of GnuTLS library output might look like:

linux-vdso.so.1 =>  (0x00007fff8bc97000)
libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26 (0x00007fbd4866d000)
...

In case that lftp doesn't use OpenSSL nor GnuTLS than it is necessary to compile the program with one of the libraries.

During the login process is very important to check if hash (MD5 or SHA1) server is valid:

Ostrava data center (du4)

SHA256 (du4) F4:03:A0:42:69:D1:47:E7:71:CD:A3:00:FB:B1:3A:BA:38:DC:2A:36:B8:BC:2A:0E:18:79:7A:E4:54:A1:78:F8
SHA1 (du4) B9:F7:55:E9:18:F4:1F:B2:A3:25:B5:94:F7:06:62:63:CC:03:D9:69
MD5 (du4) 9D:E6:63:FA:75:FA:DC:53:3D:BA:AB:F3:AB:10:A5:48

If the key does not match, stop connecting to the server and contact us at: support@cesnet.cz

The certificate used on the servers was signed by these certification authorities.

It is important to have imported CRL (Certificate Revocation List) lists, containing serial numbers already revoked (invalid) certificates. Please download CRL lists of CAs that we are using into your browser and select the automatic update.
Addresses of access servers (hosts) for each data center are:

Ostrava ftp.du4.cesnet.cz
Jihlava ftp.du5.cesnet.cz

To log in to ftp server we can use a command:

lftp ftp://username@server
Although in a command for established connection you specify protocol ftp:// and not ftps://, encryption occurs because the connection using SSL/TLS is enforced on the server side.
Because by default it encrypts only the establishment of transmission, it is very useful also to enable encryption during data transfer by adding the following line to /etc/lftp.conf:
set ftp:ssl-protect-data yes
set ftp:ssl-protect-list yes

After you sucessfully log in you can enter FTP commands:

cd <adresar> change the remote directory
lcd <local_directory> change the local directory
get [OPTS] <remote_files> [-o <local_file>]
   download remote file 
mget [OPTS] <remote_files> download remote files
mkdir [-p] <dirs> create directory on the server
ls [<args>] list directory on the remote server                           
put [OPTS] <local_file> [-o <remote_file>] send local
   file on server
mput [OPTS] <local_files> send local files on the server
mirror -R <local_directory> send entire directory including
   file on the server
mv <remote_file1> <remote_file2> move remote file into 
   different one. In you are moving file within one directory
   you are actualy renaming the file.
rmdir [-f] <remote_directory> delete remote directory

Other available commands can be determined by:

help
If you do not have a certificate CA TERENA in your system as trusted, you need to download all the certificates representing the certificate-chain from the pages http://pki.cesnet.cz/cs/ch-tcs-crt-crl.html and import them into system as trusted. In Linux you can achieve this by copying the files to the directory /usr/share/ca-certificates/mozilla/ and creating symbolic links. An example of a symbolic link for the certificate AddTrust_External_Root.crt:
ln -s /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt /etc/ssl/certs/AddTrust_External_Root.pem

Then you must add the following lines to the file /etc/lftp.conf:
set ssl:check-hostname yes
set ssl:verify-certificate yes
set ssl:ca-file “path to your bundle certificate”

Setting that enables transferring timestamps

FTP protocol in generally doesn't support transferring time of files (timestamps). But if you use the lftp client against out data storage servers, you can enable this feature in the configuration file /etc/lftp.conf:

set ftp:use-mdtm-overloaded yes

References

Last modified: 01.11.2015 12:47