Sto usando un client FTP molto vecchio. Ho controllato la casella "sicuro (SSL)" nell'editor di connessione. Per quanto ne so, il server supporta FTPS esplicito ma non FTPS o SFTP implicito.
Quando accedo e faccio un trasferimento, vedo un comando "AUTH SSL", ma nessuna linea PBSZ o PROT. Ecco un esempio:
Finding Host ftp.softronics.ch ...
Connecting to 62.2.182.131:21
Connected to 62.2.182.131:21 in 0.087, Waiting for Server Response
220 ProFTPD 1.3.3a Server (Softronics FTP) [62.2.182.131]
Host type (1): Automatic detect
AUTH SSL
234 AUTH SSL successful
USER <DELETED>
331 Password required for <DELETED>
PASS (hidden)
230-8278412.12 KB used - authorized: 15728640.00 KB
230 User <DELETED> logged in
SYST
215 UNIX Type: L8
Host type (2): UNIX (standard)
FEAT
211-Features:
XSHA256
MDTM
MFMT
TVFS
AUTH TLS
UTF8
MFF modify;UNIX.group;UNIX.mode;
MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
XSHA1
PBSZ
PROT
SITE MKDIR
SITE RMDIR
SITE UTIME
LANG bg-BG;ko-KR.UTF-8;ko-KR;en-US;zh-TW;fr-FR;ja-JP.UTF-8;ja-JP;zh-CN
SITE SYMLINK
REST STREAM
XCRC
XMD5
SIZE
211 End
PWD
257 "/" is the current directory
CWD /Backups
250 CWD command successful
/Backups loaded from [Directory Listing Cache]DIR51BB.tmp
Starting request
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (62,2,182,131,230,178).
connecting data channel to 62.2.182.131:59058
data channel connected to 62.2.182.131:59058
STOR avgsugarPrint.csv
150 Opening ASCII mode data connection for avgsugarPrint.csv
transferred 4392 bytes in < 0.001 seconds, 34312.500 Kbps ( 4289.063 KBps), transfer succeeded.
226 Transfer complete
Transfer request completed with status: Finished
PWD
257 "/Backups" is the current directory
PASV
227 Entering Passive Mode (62,2,182,131,216,236).
connecting data channel to 62.2.182.131:55532
data channel connected to 62.2.182.131:55532
LIST
150 Opening ASCII mode data connection for file list
transferred 11296 bytes in 0.270 seconds, 326.833 Kbps ( 40.854 KBps), transfer succeeded.
QUIT
221 Goodbye.
Che cosa sta succedendo qui, per quanto riguarda la sicurezza? È abbastanza buono? Il nome utente e la password vengono inviati crittografati?
Grazie.
D.