How to connect to FTP server that requires SSL/TLS on control channel

Question

There are a number of public FTP servers that require SSL/TLS on the control channel.

One example of that is www3.software.ibm.com.

I would like to use a linux shell ftp client like lftp or ncftp to interact with such servers.

Unfortunately I haven't found a configuration of those programs yet that allows me to do so.

I am looking for suggestions how to configure those client programs to successfully connect.

Addendum 1 at 2024-12-28T09:26:44+00:00

The following is adapted from the SU post that martin-prikryl linked to and does not work for me:

#!/bin/sh
URL="www3.software.ibm.com"
lftp -e " 

    set ftps:initial-prot ""; 

    set ftp:ssl-force true; 

    set ftp:ssl-protect-data true; 

    open ${URL};"

Same error message as before.

score 0 · Accepted Answer · answered Dec 28 '24 at 10:56

For lftp, enable ftp:ssl-allow-anonymous in your ~/.config/lftp/rc. It will then automatically recognize the availability of STARTTLS (what FTP clients tend to call "explicit TLS") using FEAT.

If this were an FTPS server (aka "implicit TLS" on the control channel), you would instead connect to it by specifying an ftps:// URL, but the provided example doesn't listen on port 990.

If it were not an anonymous connection, you'd need to enable ftp:ssl-allow instead.

$ lftp -d ftp://www3.software.ibm.com
---- Resolving host address...
---- 1 address found: 170.225.126.17
lftp www3.software.ibm.com:~> ls
---- Connecting to www3.software.ibm.com (170.225.126.17) port 21
<--- 220 ProFTPD Server (proftpd) [170.225.126.17]
---> FEAT
<--- 211-Features:
<---  AUTH TLS
<--- 211 End
---> AUTH TLS
<--- 234 AUTH TLS successful
Loaded 152 CAs
Loaded 0 CRLs
---> USER anonymous
<--- 331 Anonymous login ok, send your complete email address as your password
---> PASS anonymous@example.com
<--- 230 Anonymous access granted, restrictions apply

How to connect to FTP server that requires SSL/TLS on control channel

1 Answers1