BSDftpd-ssl is a secure FTP server that supports industry standard TLS/SSL encryption and authentication for whole FTP sessions and data transfers.
This implementation is compatible with the original FTP protocol, which is described in RFC 959, and the TLS/SSL enhancement allows RFC 2228 "FTP Security Extensions"-compliant TLS/SSL protection for both control and data channels.
The BSDftpd-ssl FTP server, which is named "ftpd", is available for Linux (RedHat Linux, ALT Linux Master; it's also known that it will work with another Linux distributions too) operating systems, and for FreeBSD. The command-line TLS/SSL-aware FTP client utility, which is named "ftps", is available for these systems, and also for win32 systems such as Windows 95/98/NT/2000/2003/XP.
Here are some key features of "BSDftpd dash ssl":
· Compliance with RFC959 "File Transfer Protocol (FTP)" and the support for other FTP-related RFC like RFC1639, RFC2389, RFC2428, RFC3659.
· Capability for changing of the session root into the user's home directory or into the specified one.
· Internal support for list files requests (the built-in "ls" command).
· Support for the IP-based virtual hosting for anonymous FTP areas.
· Support for Pluggable Authentication Modules (PAM) for the user authentication.
· Support for wu-ftpd style "xferlog" format of logging an information about file transfers.
· It works with the large files (greater than 4Gb), if an operating system supports this feature.
· Ability to override the IP address that will be advertised to IPv4 clients in response to the PASV/LPSV commands.
Here are some key features of the TLS/SSL enhancement:
· TLS/SSL-aware and standard clients can be supported simultaneously.
· Support for encrypted and unencrypted data connections with dynamic switching between them.
· TLS and SSL cipher suites are supported, and RSA is used for the key exchange and the authentication.
· Verification of peer's X.509 certificates with the CRL support.
· Advanced support for the user authentication that is based upon the authentication information obtained from X.509 certificates. The certificate-based user authentication may be used instead of standard password-based one.
· Compliance with RFC2228 "FTP Security Extensions" and "Securing FTP with TLS" Internet Draft v12, but compatibility with the initial version of this draft (which is named "Secure FTP over SSL") is still supported.
What's New in This Release:
· IPv6 support is now enabled for FreeBSD in both the client and the server.
· ftpd: An ability to override the IP address that will be advertised to IPv4
clients in response to the PASV/LPSV commands has been implemented. The "-a"
command-line argument now has the new syntax: "-a bind=" is the same as old
"-a", and "-a pasvip=" specifies an IPv4 address or a symbolic host name that
will be resolved after the connection of the client. In the daemon mode only
the IP addresses are allowed as possible string values for "-a pasvip=".
· ftpd: Reply messages for AUTH, PBSZ and PROT commands were modified.
· ftpd: FEAT and OPTS commands from RFC 2389 were implemented. The way of
analyzing of FTP commands has been changed to perform a basic syntax checking
and returning the "501 Syntax error in parameters or arguments." reply to
clients if command expects the arguments but they aren't provided or if
command doesn't expect the arguments but they are provided.
· ftpd: A bug in the daemon mode has been fixed: if the IPv6 is configured in
the system, but the server is compiled without the IPv6 support, don't try
to bind to local IPv6 addresses (otherwise data connections will not work).
· ftpd: The "-E" command-line option now disables both EPSV and EPRT commands.
· ftpd: The bug with logging of negative values of times and file sizes in the
wu-ftpd style xferlog format, which can be occurred in case of rejected
attempts of transfer, for example, if the requested file isn't a plain file,
has been fixed.
· ftpd: The bug that breaks encrypted control connections during file transfers
in ASCII mode has been fixed.
· ftps: A bug which leads to the segmentation fault error in case if the
program waits for username and password from stdin, but the server closes the
control connection, has been fixed.
· ftps: New user-level command has been implemented: "features" - show a list
of extensions supported by the remote system.
· ftps: The support for EPRT and EPSV commands (RFC2428) has been completely
implemented for IPv4 mode. The autodetection of the support for EPRT/EPSV by
the remote side now works in both IPv4 and IPv6 modes.
· ftps: The support for EPSV/EPRT commands now can be enabled or disabled
separately for IPv4 with help of the existent "epsv4" command and for IPv6
with help of the new "epsv6" command.