|
|||||||||||||||||||||||||||||||||
|
NAMEbbftpd - BBFTP protocol server
SYNOPSISbbftpd -v bbftpd -s [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile] bbftpd -b [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile] [-u] [-c|-p] bbftpd [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile] [-u] [-c|-p]
DESCRIPTIONbbftpd is a server that supports the BBFTP protocol. This protocol has been developed in order to speed up transfer by using multiple TCP streams between client and server, and also to take advantage of the RFC 1323. As one of the major problems of the FTP protocol was the unencrypted transmission of the username and password, BBFTP uses several methods for authentication. The first one is to generate at each new connection a RSA key pair, to send the public key to the client who will encrypt the username and password using this public key, and then to decrypt them with the private key. As these keys are 1024 bits long and generated at each new connection, it will be quite difficult to steal a password. This method requires OpenSSL to be installed on both sides. The second connection method is based on ssh; instead of making a connection to a running daemon, the client will remotely start the daemon with ssh (with a command like ssh -l user remotehost ``bbftpd -s''). A third additionnal authenticate mode allows to use certificates to log on. This mode is based on the Grid Security Infrastructure and requires Globus software to be installed. The client side needs a certificate to identify itself and the daemon needs a host certificate BBFTP protocol works in the following way : - After the authentication procedure has ended there is what is called a control connection between the client and the server. On that connection all control commands will circulate. - When a data transfer occurs (get or put command sent by the client), the server can work in passive or non-passive mode: - In passive mode (with client >= 3), the server gets all TCP ports needed by the transfer (one per stream) and sends those ports to the client on the control connection. If the server is built or run with a range, those ports will be chosen in this range. - In non-passive mode, the client gets all TCP ports needed by the transfer (one per stream) and sends those port numbers to the server on the control connection. The server will then connect to those ports (using a defined port number if the -f is not used) and use them to transfer data. To meet security requirements (firewalls filters), you may want to use the passive mode with a defined range of ephemeral ports. The behaviour of the server is controlled by commands sent by the client (see bbftp(1)). The server can be used in different ways : Through inetd (and tcpwrapper if needed). In this case the line in the inetd.conf file will look like : bbftp stream tcp nowait root /usr/local/bin/bbftpd bbftpd [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-R ProfileFile] [-u] [-c|-p] As a standalone server. In this case the starting procedure has to contain the following line: bbftpd -b [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-u] [-R ProfileFile] [-u] [-c|-p] Started via ssh. In this case the remote command started by the client will look like: bbftpd -s [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile]
OPTIONS
WARNING : This option has to be the last one when used in conjunction with option -s for backward compatibility.
CONTROL COMMANDSThe control commands are contained by an ASCII file (~/.bbftprc or any file specified by the -R option).
MESSAGES AND ERRORSAll informative messages and error messages are written to the syslog.
AUTHORSbbftp was developed by Gilles Farrache (farrache@cc.in2p3.fr) from IN2P3 Computing Center , Villeurbanne (FRANCE). All the ssh-related stuff is based on ideas and software written by Tim Adye (T.J.Adye@RL.AC.UK) from ``Rutherford Appleton Laboratory'' , UK. The certificate authentication mode uses the GSS FrameWork (GFW) developed by Lionel Schwarz (schwarz@cc.in2p3.fr) from IN2P3 Computing Center. This library is currently based on the Grid Security Infrastructure (GSI) which is an implementation of the GSS-API. The QBSS option was developed by Paola Grosso (grosso@slac.stanford.edu) from SLAC.
BUGSSend bugs / comments to bbftp@in2p3.fr
SEE ALSObbftp(1). |