Running Panther Server: FTP vs. SFTP

Posted by Pierre Igot in: Macintosh
June 6th, 2004 • 12:25 am

For months now I have been struggling with the FTP service in Mac OS X Server 10.3 on my Xserve. I have turned the FTP service on using Server Admin, disabled anonymous FTP, and tried to connect to the Xserve via FTP from my home office.

Invariably, I am able to initiate a connection, but then things stall and I am unable to get a file listing and do anything. The problem is the same whether I use the ftp command in Terminal or a FTP client program such as Panic Software’s Transmit.

I’ve tried fiddling with all the settings. I’ve done a fair amount of research, both on Apple’s Discussions forums and elsewhere on the net. From what I have been able to find, it might be a problem between the FTP service and the firewall service in Mac OS X Server. I have found this page, which explains in fairly great detail that, while, the initial FTP connection is established on port 21 of the server, subsequent file transfers might be initiated using a wide range of ports between 1024 and 65534.

The built-in firewall service in Mac OS X Server has a setting for allowing FTP connections, but it only mentioned port 21. Could that be the problem? Does an FTP connection always require other ports to be open in addition to port 21? I have no idea, but the page mentioned does seem to indicate that this is a problem on Mac OS X Server 10.2 when both the FTP service and the firewall service are on.

It strikes me as rather unlikely that something so obvious (that you cannot use the FTP service and the firewall service at the same time without major fiddling) would not even be mentioned once in the Mac OS X Server documentation. But you never know…

I also attended a meeting with Apple representatives (including Mac OS X engineers) in Halifax a couple of months ago, and took this opportunity to put the question to a couple of Apple folks. They didn’t have any specific information about this, but one of them did mention that I might want to try using Kerberos authentication instead of the standard form of password authentication for the FTP service.

Well, I’ve tried all kinds of things, and still can’t get the FTP service to work. Right now, I can’t even get a connection anymore. Even though I try to connect using my admin user name and password, I get the following error message from the FTP server:

530 No login allowed without authorization.

This whole thing is particularly problematic for me, because, as regular Betalogue readers know, I am still on a modem connection, and FTP is the most effective form of file transfer in low bandwidth situation. For the past few months, I have been using AFP instead to transfer files to and from the Xserve — but it’s rather painful, because AFP has a lot of overhead (it also transfers file icons, etc.), and is very slow on a modem connection. Since AFP connections are integrated into the Finder, trying to use AFP over a modem connection tends to lock up the Finder with the spinning pizza for extended periods of time. It’s all very frustrating.

Then today, once again, I decide to try and explore the issue a bit further. I do yet another search on Apple’s Discussions forum on Mac OS X Server 10.3 Usage and, within five minutes, I find this thread, in which one contributor states:

sftp runs as a sub-service to ssh. It has no bearing on ftp and is not dependent on the ftp server running on your machine.

My reaction: “What? All that time I have been trying to get FTP to work, and I don’t even need it?” Of course, SSH works just fine between my home office machine and the Xserve, over the modem connection. And I can use Transmit for SFTP transfers as well as FTP transfers. So I launch Transmit, changing the setting for my Xserve URL from “FTP” to “SFTP”, and try connecting again… And it works!

Good grief. All that time I have been struggling to try and get FTP to work, and I didn’t even need to! (I might need to grant some of my users FTP access to the server in the future, but I can probably arrange it so that they use SFTP instead of regular FTP as well.)

Oh well. That’s another long-standing Panther Server problem solved for me then! Goodbye AFP, hello SFTP!

Comments are closed.

Leave a Reply

Comments are closed.