Cyberduck Mountain Duck CLI

Version 30 (modified by dkocher, on Oct 5, 2010 at 7:22:52 PM) (diff)

--

Table of Contents

  1. FTP Connect Mode
  2. Character Encoding
  3. TLS Connections (FTPS)
    1. Switch to secure connection
    2. Disable SSL/TLS X.509 certificate trust validation
  4. Server compatibility
    1. ProFTPd
  5. Problems
    1. Error opening data socket
    2. It is not possible to change permissions
    3. Leading whitespace in filenames
    4. Listing directories fails or shows no content
  6. References

Cyberduck Help / Howto / FTP & FTP-TLS

FTP Connect Mode

Choose between an Active (PORT) or Passive (PASV) connect mode per bookmark or when opening a new connection. The default setting can be set in the System Preferences in NetworkAdvanced...ProxiesUse Passive FTP Mode (PASV).

Character Encoding

The character encoding used to parse directory listings can be set as a per bookmark setting. If special characters such as Umlaute aren't displayed correctly in the browser, try to change the character encoding used. See View → Text Encoding. Try UTF-8 (the default), ISO-8859-1 and Windows-1252.

TLS Connections (FTPS)

Explicit TLS is supported.

Switch to secure connection

If you attempt to connect to a server using FTP without TLS transport security but the server advertises support for TLS (as a response to FEAT), a prompt is displayed to secure the connection.

Disable SSL/TLS X.509 certificate trust validation

If you have problems with the Keychain trust settings, you can use the following options to disable verification of certificates. Be aware that this a severely compromising security. This is not a recommended configuration. Before disabling trust verification, try to restart Cyberduck after editing the trust setting.

  • Disable certificate validation for FTP-TLS: 
defaults write ch.sudo.cyberduck ftp.tls.acceptAnyCertificate true

Server compatibility

ProFTPd

  • You need to have the option set TLSOptions NoSessionReuseRequired for FTP-TLS connections. Issue #5087. If configuring the server is not an option, users should switch back to plain FTP connections. Choose FTP (File Transfer Protocol) in the bookmark protocol setting. Most users hit by this compatibility issue have been asked to secure the connection because support for TLS was detected upon negogiating the connection.

Example configuration: 

TLSOptions

      The NoSessionReuseRequired option has been added.  As of
      ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
      that reuse the SSL session of the control connection, as a security
      measure.  Unfortunately, there are some clients (e.g. curl) which
      do not reuse SSL sessions.

      To relax the requirement that the SSL session from the control
      connection be reused for data connections, use the following in the
      proftpd.conf:

        <IfModule mod_tls.c>
          ...
          TLSOptions NoSessionReuseRequired
          ...
        </IfModule>
  • The option TLSOptions AllowClientRenegotiations must be set for FTP-TLS connections. Issue #3012.

Problems

Error opening data socket

For data transfers and possibly file listings (depending on the features supported by the server), a second data connection must be opened using PASV or PORT commands which is referred to as a passive or active data connection.

Depending on the firewall and router configuration in your network there may be errors reported:

  • Failure opening active data socket reports I won't open a connection to xxx.xxx.xx.xx (only to xxx.xx.xxx.x)

It is not possible to change permissions

The error message FTP Error: SITE not understood or similar is displayed. The server does not support this feature (which is an optional extension to the FTP protocol) and can not be used.

Leading whitespace in filenames

if you have issues with filenames parsed with a leading whitespace as described in #2895, disable whitespace awareness in the directory listing parser using the hidden configuration option 

defaults write ch.sudo.cyberduck ftp.parser.whitespaceAware false

Listing directories fails or shows no content

Directory listings are requested using STAT, LIST -a and LIST commands in that order. If a failure is detected (because the server may not support the command), the next option is tried. Because this can be fuzzy logic, it may still be that Cyberduck does not correctly fall back to a supported list command. You may then try to force the use of a given command.

To disable STAT for directory listings, open a Terminal.app window and enter 

defaults write ch.sudo.cyberduck ftp.sendStatListCommand false

To disable LIST -a for directory listings, open a Terminal.app window and enter 

defaults write ch.sudo.cyberduck ftp.sendExtendedListCommand false

To disable MLSD for directory listings, open a Terminal.app window and enter 

defaults write ch.sudo.cyberduck ftp.sendMlsdListCommand false

Restart Cyberduck.

References

Attachments (4)

Download all attachments as: .zip