How to do a secure ftp in Bash

Parthenolide · July 3, 2008, 12:54am

I’m running a cron job Monday through Saturday to upload my icalendar and email contacts from Kontact to my ISP host account. I’m using ftp in the script, and I wonder if there is a more secure way of doing this. The command for the calendar upload is (on one line):

ftp -u ftp:://account:password@ftp.hostname.biz
/%2Ffilename/ical_‘date +%a’.ics path_to_icalendar.ics;

I read somewhere that the ftp password, and the data are not encrypted, and vulnerable to snooping. Is there a secure form of ftp, and how do I use it?

user · July 3, 2008, 1:07am

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There’s sftp, scp, or something like that. Ask your ISP if they support
either. These are part of the SSH package which is installed on every
OS in the world (save one that I know of… windows) by default. scp
is exactly like the copy command but you specify a host so, instead of
‘cp /path/to/source /path/to/dest’ you instead ‘scp /path/to/source
you@yourisp:/path/to/dest’ and it prompt you for a password. There are
ways to avoid using the password as well but it depends on if your ISP
will let you do that. Most companies anymore seem to be offering
alternatives to FTP for this very reason and it, along with rsh, rsync,
telnet, and those other unencrypted protocols that use passwords, should
be avoided.

Good luck.

Parthenolide wrote:
| I’m running a cron job Monday through Saturday to upload my icalendar
| and email contacts from Kontact to my ISP host account. I’m using ftp
| in the script, and I wonder if there is a more secure way of doing
| this. The command for the calendar upload is (on one line):
|
| ftp -u ftp:://account:password@ftp.hostname.biz
| /%2Ffilename/ical_‘date +%a’.ics path_to_icalendar.ics;
|
| I read somewhere that the ftp password, and the data are not encrypted,
| and vulnerable to snooping. Is there a secure form of ftp, and how do I
| use it?
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIbAo33s42bA80+9kRAtx+AJ4rfCUbf7n6dr8KYAGvalnxfZD8XwCfSVJ0
sFIsDcWPmnJd9iHO0ClCKNE=
=VGty
-----END PGP SIGNATURE-----

ken_yap · July 3, 2008, 5:48am

There is also ftp with TLS (SSL), which is not the same as sftp, which is just on top of ssh. Ask if your ISP supports this.

Another possibility is if your ISP supports WEBDAV over SSL (https). WEBDAV can host calendars.

jantman · July 18, 2008, 3:58am

SFTP/SCP is the “good” way to do it, with RSA/DSA key authentication. But most public machines (ISPs, etc.) don’t support passwordless key authentication.

I’d ask your ISP support if there’s a good way to do it… but would avoid telling them what you’re doing now…

as to how to use it, man scp or man sftp.

BTW - scp is what you want. sftp is geared towards interactive use, and would require additional scripting like expect.