Red Hat Linux curl command using explicit TLS

Question

I am in a Red Hat Linux 7.1 environment.

I am trying to write a curl command that uses explicit tls encryption to send a file or a goup of files to the 'target' server.

I understand Filezilla can do this however I don't want to use Filezilla.

Here is what I have so far that works when encryption at the 'target' is turned off:

$fl      = File-name to send to target Server
$usrn    = User-name
$pswd    = Password
$trgtsvr = Target-server Name/IP
$trgtdir = Target-folder path for Target-server Name/IP
$sntdir  = 'Sent' folder on Source Server 
$lgfl    = Logfile name for std output & error to be dumped into

curl --cacert --ftp-ssl -k -T $fl -u $usrn:$pswd ftp://$trgtsvr:2121$trgtdir &>> $sntdir/$lgfl

Now with this set up, I've had success when encryption is turned off on the target server.

Using the same variables, this is the command I have tried:

curl --tlsv1 -T $fl -u $usrn:$pswd ftp://$trgtsvr:2121$trgtdir &>> $sntdir/$lgfl

And this is the response I'm getting:

curl: (67) Access denied: 530

And I am just baffled as to why.

I am certain that what I am missing is blindingly obvious. So be gentile with me.

530 usually means 'not logged in', or some variant of authentication missing / failed. Can you trace out the FTP commands on the control connection? I'd guess `-v` or `--trace` will do that. — Rup, Oct 31 '18 at 00:22
log- file: % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0curl: (67) Access denied: 530_ — ajtorre27, Oct 31 '18 at 00:42
TRACE PART 1:== Info: About to connect() to xxx.xxx.com port 2121 (#0) == Info: Trying ###.###.###.###... == Info: Connected to xxx.xxx.com (###.###.###.###) port 2121 (#0) <= Recv header, 34 bytes (0x22) 0000: 32 32 30 2d 46 69 6c 65 5a 69 6c 6c 61 20 53 65 220-FileZilla Se 0010: 72 76 65 72 20 30 2e 39 2e 36 30 20 62 65 74 61 rver 0.9.60 beta 0020: 0d 0a .. <= Recv header, 60 bytes (0x3c) 0000: 32 32 30 2d 77 72 69 74 74 65 6e 20 62 79 20 54 220-written by T 0010: 69 6d 20 4b 6f 73 73 65 20 28 74 69 6d 2e 6b 6f im Kosse (tim.ko — ajtorre27, Oct 31 '18 at 00:47
TRACE PART 2: 0020: 73 73 65 40 66 69 6c 65 7a 69 6c 6c 61 2d 70 72 sse@filezilla-pr 0030: 6f 6a 65 63 74 2e 6f 72 67 29 0d 0a oject.org).. <= Recv header, 49 bytes (0x31) 0000: 32 32 30 20 50 6c 65 61 73 65 20 76 69 73 69 74 220 Please visit 0010: 20 68 74 74 70 73 3a 2f 2f 66 69 6c 65 7a 69 6c https://filezil 0020: 6c 61 2d 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 0d la-project.org/. 0030: 0a . => Send header, 17 bytes (0x11) 0000: 55 53 45 52 20 61 70 70 72 69 73 65 76 61 6e 0d USER xxxxxxxxx. 0010: 0a — ajtorre27, Oct 31 '18 at 00:49
TRACE PART 3: <= Recv header, 73 bytes (0x49) 0000: 35 33 30 20 54 68 69 73 20 73 65 72 76 65 72 20 530 This server 0010: 64 6f 65 73 20 6e 6f 74 20 61 6c 6c 6f 77 20 70 does not allow p 0020: 6c 61 69 6e 20 46 54 50 2e 20 59 6f 75 20 68 61 lain FTP. You ha 0030: 76 65 20 74 6f 20 75 73 65 20 46 54 50 20 6f 76 ve to use FTP ov 0040: 65 72 20 54 4c 53 2e 0d 0a er TLS... == Info: Access denied: 530 == Info: Closing connection 0 — ajtorre27, Oct 31 '18 at 00:49
Thanks - I wasn't expecting it to do a complete hex dump, but you can at least see the full error in there: "530 This server does not allow plain FTP. You have to use FTP over TLS." So the flags you're using to start TLS aren't, for some reason. I don't know curl well enough to know why sorry. Best guess `--tlsv1` just chooses which TLS version to use if necessary, but you still need `--ssl` to actually trigger a secure connection. — Rup, Oct 31 '18 at 00:52
Hi hanshenrik - I might go that route if I can not get 'curl' working. I'll have to have autoexpect installed. sftp isn't really script-able with out a process wrapped around it (sftp) like autoexpect because it's designed to be interactive. — ajtorre27, Oct 31 '18 at 15:19

Red Hat Linux curl command using explicit TLS

0 Answers0