FreeBSD Manual Pages
BBFTPD(1) User Contributed Perl Documentation BBFTPD(1) NAME bbftpd - BBFTP protocol server SYNOPSIS bbftpd -v bbftpd -s [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile] bbftpd -b [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile] [-u] [-c|-p] bbftpd [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile] [-u] [-c|-p] DESCRIPTION bbftpd is a server that supports the BBFTP protocol. This protocol has been developed in order to speed up transfer by using multiple TCP streams between client and server, and also to take advantage of the RFC 1323. As one of the major problems of the FTP protocol was the unencrypted transmission of the username and password, BBFTP uses several methods for authentication. The first one is to generate at each new connection a RSA key pair, to send the public key to the client who will encrypt the username and password using this public key, and then to decrypt them with the private key. As these keys are 1024 bits long and generated at each new connection, it will be quite difficult to steal a password. This method requires OpenSSL to be installed on both sides. The second connection method is based on ssh; instead of making a connection to a running daemon, the client will remotely start the daemon with ssh (with a command like ssh -l user remotehost "bbftpd -s"). A third additionnal authenticate mode allows to use certificates to log on. This mode is based on the Grid Security Infrastructure and requires Globus software to be installed. The client side needs a certificate to identify itself and the daemon needs a host certificate BBFTP protocol works in the following way : - After the authentication procedure has ended there is what is called a control connection between the client and the server. On that connection all control commands will circulate. - When a data transfer occurs (get or put command sent by the client), the server can work in passive or non-passive mode: - In passive mode (with client >= 3), the server gets all TCP ports needed by the transfer (one per stream) and sends those ports to the client on the control connection. If the server is built or run with a range, those ports will be chosen in this range. - In non-passive mode, the client gets all TCP ports needed by the transfer (one per stream) and sends those port numbers to the server on the control connection. The server will then connect to those ports (using a defined port number if the -f is not used) and use them to transfer data. To meet security requirements (firewalls filters), you may want to use the passive mode with a defined range of ephemeral ports. The behaviour of the server is controlled by commands sent by the client (see bbftp(1)). The server can be used in different ways : Through inetd (and tcpwrapper if needed). In this case the line in the inetd.conf file will look like : bbftp stream tcp nowait root /usr/local/bin/bbftpd bbftpd [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-R ProfileFile] [-u] [-c|-p] As a standalone server. In this case the starting procedure has to contain the following line: bbftpd -b [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-u] [-R ProfileFile] [-u] [-c|-p] Started via ssh. In this case the remote command started by the client will look like: bbftpd -s [-f] [-e EphemeralPortsRange] [-l LogLevel] [-m MaxStreamNumber] [-w PortNumber] [-R ProfileFile] OPTIONS -b Use this option to start bbftpd in background. In this case the server will bind and listen on a control port which can be changed with the -w option. -f The standard behaviour of the server is to bind the server-side port number on data connection to controlport minus one. This is useful if the server is behind a firewall. If you want the server to take the first free port number use this option. -e EphemeralPortsRange In passive mode (ie, requested by a client >= 3), the server can choose the ephemeral ports for data connections in a range defined by this option. The syntax is: min:max. Make sure to choose relevant values for min and max ports. If this option is not set, the server will choose the port number in the default range which depends on the system. -l LogLevel Use this option to change the log level. By default the server will log nothing. Loglevel is a string (uppercase or lowercase) whose values are : EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATION DEBUG WARNING : This option has to be the last one when used in conjunction with option -s for backward compatibility. -m MaxStreamNumber For each stream the server forks a child. If you want to limit or increase the number of streams use this option. -R ProfileFile At start, the daemon tries to execute commands located in the $HOME/.bbftprc file. The location of this file can be changed with this option. See CONTROL COMMANDS to know the list of control commands -s Use this option when the server is started remotely via an ssh connection. -v Use this option to write the version of the software and default values to standard output. -w PortNumber Use this option to change the control port number. -u This option allows the daemon to accept non-encrypted username/password messages from a client. -c | -p When compiled with certificates authentication module, these options allow to restrict the way client can authenticate. -c accepts certificates only, whereas -p accepts user/password only. If theses options are not used, both methods are accepted. If -c is used, the option -u is meaningless and ignored. CONTROL COMMANDS The control commands are contained by an ASCII file (file specified by the -R option or ~/.bbftpdrc or /etc/bbftpd.conf). setackto "Acknowledge time-out" Set time-out (in seconds) to wait for an acknowledge. Default value is 100 setrecvcontrolto "Input control time-out" Set time-out (in seconds) to wait while reading on the control socket. Default value is 180 setsendcontrolto "Output control time-out" Set time-out (in seconds) to wait while writing on the control socket. Default value is 180 setdatato "Data time-out" Set time-out (in seconds) to wait while reading on the data socket. Default value is 300 setoption [no]fixeddataport Use a fixed port for listening while using SSH (ie standard port +1 = 5022). Otherwise, use any available port (in range -e if specified). MESSAGES AND ERRORS All informative messages and error messages are written to the syslog. AUTHORS bbftp was developed by Gilles Farrache. It is now maintained by Lionel Schwarz and Pierre-Emmanuel Brinette at IN2P3 Computing Center , Villeurbanne (FRANCE). CONTRIBUTORS Tim Adye (Idea and implementation of ssh mode) Gilles Gallot (Mutli-IP addresses support, secondary groups support, port on various systems and bug fixes) Pierre-Emmanuel Brinette (Bug fix) Andrew Goodney (Port to Darwin) Paola Grosso (Idea and implementation of the -q client option) Petr Holub (Port to Windows cygwin) Dan Schrager (Idea and implementation of the -D client option) Rod Walker & Kostas Georgiou (Idea and implementation of the -g client option) Shuwei Ye (Bug fix) BUGS Send bugs / comments to bbftp@in2p3.fr SEE ALSO bbftp(1). POD ERRORS Hey! The above document had some coding errors, which are explained below: Around line 1: =cut found outside a pod block. Skipping to next block. perl v5.10.0 2013-02-07 BBFTPD(1)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | CONTROL COMMANDS | MESSAGES AND ERRORS | AUTHORS | CONTRIBUTORS | BUGS | SEE ALSO | POD ERRORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=bbftpd&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>