On Tue, Apr 22, 2008, Nico Kadel-Garcia wrote:
>ThreeStar wrote:
>
>> Sounds like a problem with the command file (/tmp/ftp.$$). Post
>> that. From the "Not connected" errors I'm guessing it's a problem
>> with establishing user credentials. Are you able to FTP interactively
>> to the host from this box?
>>
>> BTW if this script is designed to run in a particular context I'd
>> use .netrc files to contain the user name and password instead of
>> echoing them in the script. It's somewhat more secure, makes the
>> password easier to change, and simplifies your script.
>>
>> Better yet is SCP, but you didn't ask about that.
>>
>> R Robert
>> *** Software
>
>SCP is *AWFUL* for this sort of thing. It mishandles symlinks, and SCP or SFTP
>access provides user access to the rest of the server's file system, with the
>user's normal privileges. That presents a real security issue.
>
>I'm a big proponent of WebDAV over HTTPS fur just this sort of thing, and for
>rsync over SSH with a restricted validation script as needed.

Depending on the nature of the data, we often use rsync's modules
to handle things like this, restricting access by IP address.
Doing it that way does not require things like ssh identities with
empty pass phrases or other potential security issues.

Bill
--
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186

Each individual of the society has a right to be protected in the
enjoyment of his life, liberty, and property no part of the property
of any individual can, with justice, be taken from him, or applied to
public uses, without his own consent -- John Adams