| Home |
| Overview |
| License |
| Contributors |
| Releases |
| Download |
| ChangeLog |
| Documentation |
| 3.2.1 |
| 3.2.0 |
| 3.1.0 |
| 3.0.2 |
| 3.0.1 |
| 3.0.0 |
| 2.2.2 |
| 2.2.1 |
| 2.2.0 |
| 2.1.0 |
| 2.0.2 |
| Help |
| BBFTP-L List |
| Register |
| Archives |
| FAQ |
| Error messages |
| Email Us |
| bbftp@in2p3.fr |
NAME
bbftpd - BBFTP protocol server
SYNOPSIS
bbftpd -v
bbftpd -s [-f] [-l LogLevel] [-m MaxStreamNumber] [-w PotNumber] [-R ProfileFile]
bbftpd -b [-f] [-l LogLevel] [-m MaxStreamNumber] [-w PotNumber] [-R ProfileFile] [-u]
bbftpd [-f] [-l LogLevel] [-m MaxStreamNumber] [-w PotNumber] [-R ProfileFile] [-u]
DESCRIPTION
bbftpd is a server that supports the BBFTP protocol. This protocol has been developed in order to speed up transfer by using multiple TCP streams between client and server, and also to take advantage of the RFC 1323.
As one of the major problems of the FTP protocol was the unencrypted transmission of the username and password, BBFTP uses two methods for authentication. The first one is to generate at each new connection a RSA key pair, to send the public key to the client who will encrypt the username and password using this public key, and then to decrypt them with the private key. As these keys are 1024 bits long and generated at each new connection, it will be quite difficult to steal a password. The second connection method is based on ssh; instead of making a connection to a running daemon, the client will remotely start the daemon with ssh (with a command like ssh -l user remotehost ``bbftpd -s''). A third additionnal authenticate mode allows to use certificates to log on. This mode is based on the Grid Security Infrastructure and requires Globus software to be installed. The client side needs a certificate to identify itself and the daemon needs a host certificate
BBFTP protocol works in the following way :
- After the authentication procedure has ended there is what is called a control connection between the client and the server. On that connection all control commands will circulate.
- When a data transfer occurs (get or put command sent by the client) the client will get all TCP ports needed by the transfer (one per stream) and send those port numbers to the server on the control connection. The server will then connect to those ports (using a defined port number if the -f is not used) and use them to transfer data.
The behaviour of the server is controlled by commands sent by the client (see bbftp(1)).
The server can be used in different ways :
Through inetd (and tcpwrapper if needed). In this case the line in the inetd.conf file will look like :
bbftp stream tcp nowait root /usr/local/bin/bbftpd bbftpd [-f] [-l LogLevel] [-m MaxStreamNumber] [-R ProfileFile] [-u]
As a standalone server. In this case the starting procedure has to contain the following line:
bbftpd -b [-f] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-u] [-R ProfileFile] [-u]
Started via ssh. In this case the remote command started by the client will look like:
bbftpd -s [-f] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile]
OPTIONS
- -b
- Use this option to start bbftpd in background. In this case the server will bind and listen on a control port which can be changed with the -w option.
- -f
- The standard behaviour of the server is to bind the server-side port number on data connection to controlport minus one. This is useful if the server is behind a firewall. If you want the server to take the first free port number use this option.
- -l LogLevel
-
Use this option to change the log level. By default the server will log nothing.
Loglevel is a string (uppercase or lowercase) whose values are :
WARNING :
This option has to be the last one when used in conjunction with option -s for backward compatibility.
- -m MaxStreamNumber
- For each stream the server forks a child. If you want to limit or increase the number of streams use this option.
- -R ProfileFile
- At start, the daemon tries to execute commands located in the $HOME/.bbftprc file. The location of this file can be changed with this option. See CONTROL COMMANDS to know the list of control commands
- -s
- Use this option when the server is started remotely via an ssh connection.
- -v
- Use this option to write the version of the software and default values to standard output.
- -w PortNumber
- Use this option to change the control port number.
- -u
- This option allows the daemon to accept non-encrypted username/password messages from a client.
CONTROL COMMANDS
The control commands are contained by an ASCII file (~/.bbftprc or any file specified by the -R option).
- setackto ``Acknowledge time-out''
- Set time-out (in seconds) to wait for an acknowledge. Default value is 100
- setrecvcontrolto ``Input control time-out''
- Set time-out (in seconds) to wait while reading on the control socket. Default value is 180
- setsendcontrolto ``Output control time-out''
- Set time-out (in seconds) to wait while writing on the control socket. Default value is 180
- setdatato ``Data time-out''
- Set time-out (in seconds) to wait while reading on the data socket. Default value is 300
MESSAGES AND ERRORS
All informative messages and error messages are written to the syslog.
AUTHORS
bbftp was developed by Gilles Farrache (farrache@cc.in2p3.fr) from IN2P3 Computing Center , Villeurbanne (FRANCE).
All the ssh-related stuff is based on ideas and software written by Tim Adye (T.J.Adye@RL.AC.UK) from ``Rutherford Appleton Laboratory'' , UK.
The certificate authentication mode uses the GSS FrameWork (GFW) developed by Lionel Schwarz (schwarz@cc.in2p3.fr) from IN2P3 Computing Center. This library is currently based on the Grid Security Infrastructure (GSI) which is an implementation of the GSS-API.
The QBSS option was developed by Paola Grosso (grosso@slac.stanford.edu) from SLAC.
BUGS
Send bugs / comments to bbftp@in2p3.fr
SEE ALSO
bbftp(1).