SSH shell script to access FTP over explicit TLS/SSL

mrpi007 · June 11, 2013, 3:48am

Hello,

I use the following SSH script to upload *.jpg files via FTP:

#!/usr/bin/expect
set timeout -1
spawn ftp -v -i [ftp server]
expect "[some word on the last line of server response]"
send "[login]\r"
expect "Password:"
send "[password]\r"
expect "ftp>"
send "mput *.jpg\r"
expect "ftp>"
send "quit\r"

[...] replaced with actual ftp server/account data.

Now I want to modify this script to do the same for FTP over explicit TLS/SSL

Any ideas?

cero · June 11, 2013, 4:02am

You will need a ftp-client that is able to connect via FTPS. The man-page of your ftp-client should tell you if its possible.
A client that can talk TLS/SSL is lftp.

mrpi007 · June 11, 2013, 4:08am

Sorry if I wasn't clear:

I use the SSH script to transfer jpg files from a remote hosting server to ftp servers. I access the hosting server via SSH client and run the script to initiate the ftp file transfer. Works well. However, now I need to do the same with a FTP server over explicit TLS/SSL.

When I just replace

spawn ftp ...

for

spawn lftp ...

it derails the script. I don't know why and how to modify the script accordingly...

cero · June 11, 2013, 5:16am

lftp is an external program you'll have to install on the hosting server if you wish to use it. There are other clients out there that speak ftps, but I found lftp to be the easiest to use.
It is scriptable, so no need to use expect. If you switch to lftp your script could look like this:

/path/to/lftp -u [login],[password] ftp://[ftp server] <<EOF
# the next 2 lines put you in ftpes mode
set ftp:ssl-force true
set ftp:ssl-protect-data true
mput *.jpg
exit
EOF

Corona688 · June 11, 2013, 10:56am

lftp is not a drop-in replacement for ftp, but may serve your purposes anyway.

mrpi007 · June 11, 2013, 12:28pm

Thank you cero & corona,

lftp is a big step forward. Found my host has it installed by default, anyway. Very nice.

I found that the ssl certificate the ftp server I want to connect to is outdated. So I had to add the line

set ssl:verify-certificate no

to the script. It logs in the ftp server no problems and attempts to transfer file but doesn't succeed. Here's what I get with debug option:

---> PASV
<--- 227 Entering Passive Mode ([...ip...]).
---- Connecting data socket to ([...ip...]) port 49556
**** Socket error (Connection timed out) - reconnecting
---- Closing data socket
---- Closing control socket

Any idea what I must do to navigate around this error?