Transfer files to censhare or pick them up with an integrated FTP Client.
Introduction
The censhare server allows users access to specific directories via FTP. This allows the user to upload files using an FTP client. The destination directory could also be a hot folder which then triggers dedicated automated processes after the upload. FTP TLS was implemented.
When connecting with an FTP-client, as usual, hostname (such as the IP address of the server), port, username, and password have to be specified. For user authentication, the user's censhare credentials are used. To enable a respective user's access via FTP to the server, the user must have the permission key "all" or at least "ftp_access_all". The service also supports encrypted connections via the protocol FTPS (SSL over FTP) and operation in the so-called "passive mode", making communication possible even across a firewall.
Configuration
The FTP Server feature was implemented as a standard-compliant censhare server service. The service configuration is made via the Admin client (services/ftpserver). First, the generic FTP configuration data is specified:
Standard Port: The port on which the FTP server is set up in normal mode.
Secure Port: The port for encrypted SSL access.
IP address: The name or IP address of the censhare system (internal and external!)
Key Alias: In case TLS is used a certificate is required to be provided in the censhare Java Keystore. The setting "Key Alias" references to the to be used certificate alias in the Java Keystore.
Mode: either "active" or "passive".
Port (s) for passive mode: Here one or more ports can be configured that are made available for the passive mode. For details about the syntax, see below.
Authentication: Either "standard" (censhare authentication) or "custom" (LDAP).
Users without a password will be ignored by the FTP service for security reasons. Likewise, there is no anonymous access. In addition, a specific start directory can be specified for each user. This is the remote path wherein said user is located after a successful connection with the FTP client. In the drop-down menu for the users, only those users will be displayed, which have the proper "all" or "ftp_access_all" key. For each user, the file system is selected and if necessary, a subdirectory inserted. If for a particular user no directory has been configured, the "default home directory" is used which can also be set in another field below. The Log-Level for the Apache FTP can be adjusted. In the earlier versions, the censhare server log could otherwise grow very quickly with FTP transfers running.
Note: The FTP server will be restarted if any configuration (e.g. log level) is changed.
Setting up the FTP service in the Admin-Client. It is necessary to specify your internal and external IP address to guarantee passive mode working as expected.
Configuration of the passive ports
If the port for passive mode is not specified, the FTP server selects from any available port. You may also have specific ports shown as viable passive ports. Here you can specify either a single port (e.g. 20020), an array of multiple ports (e.g. 20020, 20030, 20040) or a range of ports (e.g. 20020 through 20030). A port range can be closed (e.g. 20020 - 20030) or open (e.g. 60000 -). An open area starts at 1024 and ends at 65535. This means that the area "60000 -" includes all remaining ports from 60000 to 65535. You can also use any combination of these options, which must then be separated by a comma. However; the port number must be in any case greater than or equal to 1024.
If the server has used all passive ports (one per client in passive mode), then the other clients must wait until a port is available. Therefore, it is useful when you configure multiple ports for the passive mode.
Note
SFTP (FTP over SSH) and FTP with implicit SSL are not supported by this open-source software. In FileZilla the "Explicit SSL" option must be selected. Implicit does not work and "Plain FTP" is an unencrypted connection. Example to import certificate and private key to the Java
Keystore: openssl pkcs12 -inkey star_censhare.key -in star_censhare.crt -export -out censhare.pkcs12 keytool -importkeystore -srckeystore censhare.pkcs12 -srcstoretype PKCS12 -destkeystore -alias "ftp@censhare-server" ~/cscs/app/config/keystore