HPE Community
Operating System - HP-UX
1752608 Members
4507 Online
108788 Solutions
New Discussion юеВ

Re: Banner issue in FTP

 
SOLVED
Go to solution
Kavita Poonia
Regular Advisor

тАО11-22-2010 10:58 PM

тАО11-22-2010 10:58 PM

Banner issue in FTP

Hello Techies,

We have configured banner with FTP but now when-ever application team copy or put any file with FTP, it is failing with directory not found error, however we can see the permissions are correctly set and the directory is there. After that we removed banner from FTP then it worked fine.

Please suggest here what can be done as we need to display banner but at the same time it should not impact anything.

Thanks & regards,
Kavita

0 Kudos
Reply
11 REPLIES 11
Matti_Kurkela
Honored Contributor

тАО11-22-2010 11:19 PM

тАО11-22-2010 11:19 PM

Solution

Re: Banner issue in FTP

Exactly how did you configure the banner?

If you used the "banner" keyword in /etc/ftpd/ftpaccess configuration file, did you read "man ftpaccess"?

----quote----
banner path

* Works similarly to the message command (see below), except that the banner is displayed before the user enters the username and password. The path is relative to the real system root, not the base of the anonymous FTP directory.

* WARNING: use of this command can completely prevent non-compliant FTP clients from making use of the FTP server. Not all clients can handle multi-line responses (which is how the banner is displayed).
----end quote----

Please notice the WARNING.

"Multi-line responses" is a feature of the FTP protocol that is not understood by all FTP clients, because it was introduced as an optional extension to the original FTP protocol standard.

If your application team uses a FTP client that does not understand multi-line responses from the FTP server and cannot replace it with a newer one, there is not much you can do about it.

MK
MK
Reply
Kavita Poonia
Regular Advisor

тАО12-17-2010 12:54 AM

тАО12-17-2010 12:54 AM

Re: Banner issue in FTP

Then how can we achieve this successfully. There has to be some-way which we can edit in ftpaccess to get the banner dispalyed without causing job failure for the application which uses FTP.
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО12-17-2010 07:10 AM

тАО12-17-2010 07:10 AM

Re: Banner issue in FTP

> Exactly how did you configure the banner?

> Then how can we achieve this successfully.
> [...]

Did you consider answering the question?

As usual, showing actual commands with their
actual output, or actual file contents, can
be more helpful than vague descriptions or
interpretations. Or none at all.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО12-17-2010 06:13 PM

тАО12-17-2010 06:13 PM

Re: Banner issue in FTP

>> "Multi-line responses" is a feature of the FTP protocol that is not understood by all FTP clients, because it was introduced as an optional extension to the original FTP protocol standard.

> Then how can we achieve this successfully. There has to be some-way which we can edit in ftpaccess to get the banner dispalyed without causing job failure for the application which uses FTP.

You have conflicting requirements. You must fix the defect in your application. This may require a rewrite (if you have the source code), or purchasing a modern ftp client. Or you could scrap ftp completely because it is inherently not secure, and use ssh/scp/sftp. Naturally, both sides (client and server) will require ssh capability.


Bill Hassell, sysadmin
Reply
Kavita Poonia
Regular Advisor

тАО12-18-2010 12:47 AM

тАО12-18-2010 12:47 AM

Re: Banner issue in FTP

Thanks Bill, we have been looking on code side to do some changes so that it can accept banner response.
0 Kudos
Reply
Amdocs_case
Occasional Contributor

тАО12-27-2010 09:59 PM

тАО12-27-2010 09:59 PM

Re: Banner issue in FTP

Hello All,

Is it possible if we can have 220 response code to be displayed before "Connected to 10.120.21.170", like the way it is displaying for following lines. Actually the application is not able to understand string Con. Is there any patch available for this in 11iv2 ?

# ftp 10.120.21.170
Connected to 10.120.21.170.
220-GenericSysName [HP Release B.11.23] (see /etc/issue)
220-
220- #### ##### ##### # # # #####
220- # # # # # # ## # #
220- #### # # # # # # # # #
220- # ##### ##### # # # # #
220- # # # # # # # ## #
220- #### # # # # # # #
220-


Is there any way where I can have below output ?

# ftp 10.120.21.170
220-Connected to 10.120.21.170.
220-GenericSysName [HP Release B.11.23] (see /etc/issue)
220-
220- #### ##### ##### # # # #####
220- # # # # # # ## # #
220- #### # # # # # # # # #
220- # ##### ##### # # # # #
220- # # # # # # # ## #
220- #### # # # # # # #
220-
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО12-27-2010 10:14 PM

тАО12-27-2010 10:14 PM

Re: Banner issue in FTP

>Is there any patch available for this in 11iv2?

Is there a ftp.cat that you can modify?
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО12-28-2010 06:09 AM

тАО12-28-2010 06:09 AM

Re: Banner issue in FTP

> Is it possible if we can have 220 response
> code to be displayed before "Connected to
> 10.120.21.170", like the way it is
> displaying for following lines. [...]

I seriously doubt it. I believe that the
"Connected to" message is created by the FTP
client program, not by the FTP server. Those
"220" codes come from the FTP server. If you
enable the debug/verbose diagnostic messages
in your FTP client program, then you should
be able to see exactly who sends what to
whom. If you see "Connected to" going
anywhere on the network, then I'll be amazed.

> Actually the application is not able to
> understand string Con.

If that is true, then I'd say that the
problem is entirely in "the application".

> Is there any patch available for this in
> 11iv2 ?

Again, I seriously doubt that HP would want
to break its FTP client program that way.
Reply
Kavita Poonia
Regular Advisor

тАО12-28-2010 09:46 PM

тАО12-28-2010 09:46 PM

Re: Banner issue in FTP

Thanks Steven.

Even, I think that application code needs to be changed.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.