Duplicity does not work with lftp+ftps backend

Question

Trying to backup Ubuntu 18.04.1 server using duplicity to a FTPS (FTP over SSL) server. The password is stored in the FTP_PASSWORD environment variable as suggested. The duplicity command is:

duplicity /path/to/backup ftps://user@hostname/some/dir

The problem is that this translates into the following when it turns around and calls lftp

open -u 'user,pass` ftps://hostname

This will not work until you change the open command to (without the ftps:// prefix on the hostname:

open -u 'user,pass` hostname

What I cannot figure out is either:

How to tell duplicity not to build up the open command with the ftps:// prefix.
How to get lftp to work with the prefix

Note: The FTPS server works fine with other FTP clients, and even works properly with lftp as long as I build up the open command correctly.

score 2 · Answer 1 · answered Oct 20 '19 at 17:34

I had the same problem that lftp worked fine with ftps when I just wrote the hostname. Duplicity whereas did fail with some TLS unexpected packet errors.

Solution was: instead of writing ftps:// write ftpes://

duplicity /path/to/backup ftpes://user@hostname/some/dir

This changes how and when credentials will be encrypted by lftp.

ede-duply.net · Answer 2 · 2018-11-18T10:50:08.340

0

that seems wrong, https://lftp.yar.ru/lftp-man.html clearly states urls are viable

   open [OPTS] site

   Select  a  server  by host name, URL or bookmark. When an URL or bookmark
   is given, automaticallycally change the current working directory to the
   directory of the URL.  Options:

   ...
        --user user       use the user for authentication
        --password pass   use the password for authentication
        --env-password    take password from LFTP_PASSWORD environment variable
        site              host name, URL or bookmark name

also

   cmd:default-protocol (string)
          The value is used when `open' is used with just host name without
          protocol. Default is `ftp'.

so removing ftps:// simply makes lftp connect via ftp which is probably not what you want.

i'd suggest you to enable duplicity max. verbosity '-v9' and find out why lftp fails to connect via ftps://

..ede/duply.net

edited Nov 18 '18 at 10:50

answered Nov 18 '18 at 10:41

ede-duply.net

518
2
5

Thanks. I can see exactly what duplicity is setting up, because it builds a temp file with all of the LFTP commands (passed using `-c` to lftp). I'm going to have to experiment with some other FTPS servers besides the one that I was targeting. – tgharold Nov 21 '18 at 13:53
After digging some more: `ftpsite.example.com` and `ftp://ftpsite.example.com` both cause `lftp` to connect over port 21. Whereas `ftps://ftpsite.example.com` causes `lftp` to try and connect over port 990. This particular server does not support port 990. – tgharold Nov 26 '18 at 15:27
1

Worse, when you tell duplicity to attach to `ftp://somesite`, it puts `set ftp:ssl-allow false` into the command file being passed to `lftp` via the `-c` switch. Which overrides a possible fix of putting `set ftp:ssl-allow true` in the `~/.lftprc` file. – tgharold Nov 26 '18 at 15:44

Duplicity does not work with lftp+ftps backend

2 Answers2