Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: arnoldob on March 29, 2007, 10:09:59 PM
-
Does anyone have any experience using SME's ftp client to connect to an ftp server that requires an x.509 cert to connect: I need to:
1. import the ssl private key provided by the ftp server.
2. make an ftp-ssl connection that requires the use of auth ssl or auth tls instead of just a standard user prompt and password.
3. the ftp server uses passive mode. the commands are on standard ftp port 21, but after the key exchange each subsequent data connection will be made on a randomly choosen port in the range of 1025-65535. I assume this means a firewall change to accomadate it or is the built in firewall passive mode ftp aware enough to allow the traffic?
This is to accomadate a secure transfer of EDI files and the only alternative beyond ftp-ssl is paying for a dedicated leased-line, and that isn't going to happen.
Thanks
-
Does anyone have any experience using SME's ftp client ...
Which ftp client? SME has multiple ftp clients.
... to connect to an ftp server that requires an x.509 cert to connect: I need to:
1. import the ssl private key provided by the ftp server.
I think you mean public key. The private key should be private, should it not?
2. make an ftp-ssl connection that requires the use of auth ssl or auth tls instead of just a standard user prompt and password.
I don't know whether any of the ftp clients provided with SME implement ftp-ssl.
3. the ftp server uses passive mode. the commands are on standard ftp port 21, but after the key exchange each subsequent data connection will be made on a randomly choosen port in the range of 1025-65535. I assume this means a firewall change to accomadate it or is the built in firewall passive mode ftp aware enough to allow the traffic?
This is to accomadate a secure transfer of EDI files and the only alternative beyond ftp-ssl is paying for a dedicated leased-line, and that isn't going to happen.
Thanks
You won't require any changes to firewall rules.
-
Which FTP client indeed. I'm not familiar with any of them, hence the question. I can research them if I can at least find out what the names are. I'm sure there's something out there that does ftp-ssl, but I thought it best to ask about the stuff that's already on the SME box before reinventing the wheel.
As far as the cert goes, the service provider issues a x.509 certificate, I thought it was a private key since it assoicated with my login, but I may well be wrong about the terminology.
I've dealt with this service on other platforms and firewall rules were a problem in every single case. Maybe SME is better with handling passive mode ftp-ssl connections. I guess I'll find out if I can locate a ftp client that support ssl
-
I think I found something that will work nicely:
Name : ckermit
Arch : i386
Version: 8.0.209
Release: 9
Size : 3.0 M
Repo : installed
Summary: The quintessential all-purpose communications program
Description:
C-Kermit is a combined serial and network communication software
package offering a consistent, medium-independent, cross-platform
approach to connection establishment, terminal sessions, file transfer
and management, character-set translation, and automation of
communication tasks. For more information please see:
http://www.columbia.edu/kermit/
Got it from the CentOS base yum repository. It's even listed by the EDI service provider as a tested ftp/ssl solution. Now for the fun part, getting it configured...