Some tips for using lftp/vsftpd

Lftp is a nice linux command line ftp client and vsftpd is a ftp server!

Lftp has features like mirroring a directory from or to a server, has a command queue and other advanced features... I recommend "man lftp" after you have installed it.

It can be downloaded from http://lftp.yar.ru/ and compiled from source (for the latest version) or installed via "apt-get install lftp". To check if binary lftp package is available for your debian you can use "apt-cache search lftp".

If you want to use SSL encryption with lftp it has to be compiled with the following options (in the lftp source folder):
./configure --without-gnutls --with-openssl or the other way round if you want to use gnutls library.
./configure --with-gnutls --without-openssl

I compiled it with openssl because i noticed that trnasfer was quite slow having data crypted with gnutls. However also with openssl it was not much faster so i came to the conclusion that encrypting data stream takes too much processor power on a slow pc.

To encrypt the data stream add the following command to /etc/lftp.conf:
set ftp:ssl-protect-data yes or no to turn it off.

The lftp variables can be displayed with "set -a" in lftp console.

As far as i can remember i needed the following library to compile:
apt-cache search readline <- gave me libreadline5-dev
apt-get install libreadline5-dev

If you get the error "gnutls_record_recv: A record packet with illegal version was received.", you can fix it by adding the option set ftp:ssl-data-use-keys true to your /etc/vsftp.conf file!

If you get certificate errors, add the line
set ssl:verify-certificate no to your lftp.conf file.

Multiple commands can be executed sequentially using the "queue
"
command.

If you want to mirror a complete directory tree, use
mirror /
Have fun with lftp!

lftp caches directory listings. Clearing the cache can be done with:
cache flush
After that, you can refresh the directory with ls again.

If you need encrypted communication between Filezilla and vsftpd, the following lines are recommended:
#secure ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

You can force local_data and logins ssl, if you want to require each user use a encrypted communication.