Need to use ftps (NOT sftp) on RHAS4

Fri Aug 21 14:56:53 UTC 2009

On Fri, 21 Aug 2009, MacIntyre, Ross A wrote:

> I've had a quick look at curl but haven't been able to see any examples of 
> what I am trying to do.

Hmmm.  Google seems to have a fair few easily accessible if you search on 
"curl ftps example".

> If you don't mind, would you might showing me a script that will simply 
> mirror a folder/directory from an ftp server.

Ah, now, you didn't mention that I don't think.  I assumed it was perhaps a 
single file.

>From the curl FAQ:

"1.3 What is cURL not?
  Curl is *not* a wget clone even though that is a very common misconception.
  Never, during curl's development, have we intended curl to replace wget or
  compete on its market. Curl is targeted at single-shot file transfers.
  -
  Curl is not a web site mirroring program. If you wanna use curl to mirror
  something: fine, go ahead and write a script that wraps around curl to make
  it reality (like curlmirror.pl does).
  -
  Curl is not an FTP site mirroring program. Sure, get and send FTP with curl
  but if you want systematic and sequential behavior you should write a
  script (or write a new program that interfaces libcurl) and do it."

In other words.  You may be using the wrong tool for the job (apologies if 
so).  For simple gets:

curl ftps://server.com/<dir>/<file> -o <file> --user <user:pass> # or
curl --ftp-ssl ftp://server.com/<dir>/<file> -o <file> --user <user:pass>

Unfortunately it looks like what you really need is wget.  Only that doesn't 
support FTPS.  Maybe a peruse of http://curl.haxx.se/docs/programs.html will 
give you some ideas.  Liberal use of the "-o" and --create-dirs" option (see 
man curl) may also help.

> Also if you could show me how to specify it to use ftps rather than ftp I 
> would appreciate it. Thanks in advance,

As the man page says use "ftps://" or "--ftp-ssl ftp://".

Note from the curl man page:

"curl performs SSL certificate verification by default, using a "bundle" of 
Certificate Authority (CA) public keys (CA certs). The default bundle is 
named curl-ca-bundle.crt; you can specify an alternate file using the 
--cacert option. If this HTTPS server uses a certificate signed by a CA 
represented in the bundle, the certificate verification probably failed due 
to a problem with the certificate (it might be expired, or the name might 
not match the domain name in the URL). If you'd like to turn off curl's 
verification of the certificate, use the -k (or --insecure) option."

This kind of problem happens when your server's certificate is self signed 
too.

Good luck.

Ben
-- 
Unix Support, MISD, University of Cambridge, England
Plugger of wire, typer of keyboard, imparter of Clue
         Life Is Short.          It's All Good.