How to use ftp on Calar Alto Network
 
 
Being the ftp system a sensitive part when security speaking, we have tried this application to be secure and easy to use at Calar Alto. Anyway,  it has its own features so this page tries to show you how to use this facility when working with Calar Alto Network
 
 
Here you can find a little index of this page:
 
 
 
 
1. Restrictions and browser configuration
 

First important thing we should mention are the restrictions. As ftp can have dangerous usages, it is restricted for Calar Alto Network. Main points to take into account are:

 
(a) From outside Calar Alto you cannot access any internal machine with ftp but ftp.caha.es,  our anonymous ftp server.

(b) To access external ftp servers from Calar Alto computers, you must use ncftp command (see man ncftp) instead of ftp command. You have to configure ncftp to access the correct proxy server. Please, see below for this configuration.

(c) Command ftp is still working within Calar Alto Network on Solaris systems. On Linux boxes you have to use sftp or scp. Anyway, on both cases we suggest to use secure connections if possible.
(d) If using a browser, you have to configure it for using our ftp proxy:
Proxy: derfel.caha.es
Port:    3128
 
2. Ncftp configuration
 
You will use ncftp for accessing external anonymous servers. Normally, ncftp has a configuration file called  ~/.ncftp/firewall The first time you use ncftp, you have to enter some information inside this file. Please, edit it and change the next entries:
firewall-type=1
firewall-host=derfel.caha.es
 
And do not use any user or password (comment the correspondent lines). Save the file and that's all.
 

3. Using anonymous ftp server

As mentioned above, our anonymous ftp server is called  ftp.caha.es

There are two possible users for using all the features.

3.a The first user is the one everybody knows: anonymous (if you prefer, you can use word "ftp" instead of  "anonymous"). You contact our ftp machine as normal:
> ftp ftp.caha.es
Connected to ftp.caha.es.
220 FTP server ready.
Name (ftp.caha.es:usuario): anonymous
331 Use your email account as password.
Password:
This is as usual. Once inside ftp:
 
(a) You can see all ftp commands with 'help' or execute '? command'.
(b) Just after entering as anonymous, if you type   dir you'll see nothing. Do not worry about that. The normal  pub  directory is still there, although you cannot see it. So, inmediately after being on the system, change to the pub directory as usual:
 
ftp> cd pub
 
Then you'll be into a correct place, and the dir command will show you the directories under pub.
(c) When you change to one of the pub's subdirectories, then you'll see all the files you can retrieve (or other directories). To get the files you still use the normal commands 'get'   or  'mget' . But also you'll see a special directory called 'incoming'. Normally, when a user is created inside ftp area, this directory is also created below the user's directory. Under that directory, anonymous user can leave (put) files, so anonymous can do:
 
 
ftp> cd pub 250 OK. Current directory is /pubftp> cd edejuan
250 OK. Current directory is /pub/edejuan
ftp> cd incoming
250 OK. Current directory is /pub/edejuan/incoming
ftp> put calar.jpg
local: calar.jpg   remote: calar.jpg
227 Entering Passive Mode (150,214,222,232,178,209)
50 Accepted data
connection100% |*****************************| 948 KB 11.20 MB/s 00:00    ETA
226-File successfully transferred
226 0.084 seconds (measured here), 10.97 Mbytes per second970975 bytes
sent in 00:00 (10.93 MB/s)
ftp>
 
One important thing: anonymous user can PUT files on /pub/incoming but he cannot GET files from that directory. He can GET files from /pub/ but not from /pub/incoming
 
3.b The second user is . If you want to use it, please, contact system group for account and password. Its purpose is to allow people at Calar Alto to  put  files on the ftp area, I mean, on those directories called    /pub/, so other people arround the world can retrieve them. This user is special. You cannot use this account for telnet/ssh. It only allow ftp connections. So, a normal ftp session with this special user looks like:
> ftp ftp.caha.es
Connected to ftp.caha.es.
220 FTP server ready.
Name (ftp.caha.es:usuario):
331 User OK. Password required
Password:
230-User has group access to: 100 500
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 OK. Current directory is /pub
ftp> cd edejuan
250 OK. Current directory is /pub/edejuan
ftp> mkdir test
257 "test" : The directory was successfully created
ftp> cd test
250 OK. Current directory is /pub/edejuan/test
ftp> put calar.jpg
local: calar.jpg   remote: calar.jpg
227 Entering Passive Mode (150,214,222,232,208,168)
150 Accepted data connection
100% |********************************************| 948 KB 11.20 MB/s 00:00 ETA
226-File successfully transferred
226 0.085 seconds (measured here), 10.95 Mbytes per second 970975 bytes
sent in 00:00 (10.92 MB/s)
ftp> cd ..
250 OK. Current directory is /pub/edejuan
ftp> cd incoming
250 OK. Current directory is /pub/edejuan/incoming
ftp> get calar.jpg
local: calar.jpg  remote: calar.jpg
227 Entering Passive Mode (150,214,222,232,26,186)
150-Accepted data connection
150 948.2 kbytes to download
100% |********************************************| 948 KB 10.98 MB/s 00:00 ETA
226-File successfully transferred
226 0.076 seconds (measured here), 12.17 Mbytes per second
970975 bytes received in 00:00 (10.96 MB/s)
ftp>
 
Now if an anonymous user access the system and goes to   /pub/edejuan/test he can GET calar.jpg file.
Two important things must be taken into account with this user:
(a) This user is a powerful user once inside any of the pub's subdirectories (i.e /pub/edejuan ) So, please, use it carefully. In fact, with this user, you can put/get files, below that point, wherever you want (also creating dirs and deleting files).
(b) All commands like  'dir'  or  'ls'  will work much like the same as for anonymous user.
(c) It can only be used within Calar Alto Network.
 
4. Another way of copying files to/from remote sites
 
There is a command called  scp which allows secure file copy. At Calar Alto you are allowed to do  scp  to external computers. The other way is not allowed. Let's see a couple of examples. Imagine you have an account called myacc on a remote machine called c1.example.com (external to Calar Alto network). If you desire to put several files from linca7 (your Calar Alto computer) to the remote machine, you could do:

linca7> scp  This email address is being protected from spambots. You need JavaScript enabled to view it.:/path/to/my/dir

What you cannot do is to scp from the remote computer to the Calar Alto machine. However, you can enter on your Calar Alto machine (say linca7) and then bring the files from the remote computer with scp:

linca7> scp  This email address is being protected from spambots. You need JavaScript enabled to view it.:/path/to/my/dir/files_to_brought  .
In above both cases, you'll be asked for your remote computer password.

See man scp for more information.