- Login with Linux FTP username and password
- 5 Answers 5
- где fedora хранит пароли от фтпшек?
- Recovering saved password in Filezilla [closed]
- 4 Answers 4
- Related
- Hot Network Questions
- networking notes blog
- I want to share a little of everything of computing, networking, virtualization and anything an IT guy would do with his spare time.
- Recover the FTP password via TCPDUMP
Login with Linux FTP username and password
You should also remember that the commandline of a given process is visible to all the other users on the system. Therefore, giving your password as a part of the commandline may be a serious security issue.
5 Answers 5
then user your_username or user anonymous
I posted this answer since ftp ftp://username:password@my.domain.com did not work for me.
Usage: < ftp | pftp >[-46pinegvtd] [hostname] -4: use IPv4 addresses only -6: use IPv6, nothing else -p: enable passive mode (default for pftp) -i: turn off prompting during mget -n: inhibit auto-login -e: disable readline support, if present -g: disable filename globbing -v: verbose mode -t: enable packet tracing [nonfunctional] -d: enable debugging This isn’t that useful because it requires interactive usage. I might as well just type ‘ftp user@yourserver’.
Yes, but how do you login, this connects, but it doesn’t login it just drops you into a ftp> client shell.
The best option is to use a .netrc along with something like gpg for security purposes.
I’ve written a general purpose script for this, which I may upload later, but it boils down to:
or optionally with a passphrase on the commandline and an output destination:
gpg --passphrase -o .netrc.gpg -c .netrc Not shown here, but you could additionally use asymmetric keys (if you have them setup) with gpg to make this even more secure.
Then when you are ready to login
gpg .netrc.gpg # or gpg --passphrase -o .netrc .netrc.gpg ftp yourservername rm .netrc machine google.com login password
I actually keep a local hash and the original copy of these files on a different computer than the one I that I use the .netrc files on, and verify the hash of the .netrc and the script that I run, but that is above and beyond the OP’s original question.
This is the best answer, although it can be improved: (1) user credentials within a single command line will be stored in shell history => security issues. (2) .netrc works also without gpg => security issues. Also check that the .netrc file has correct permissions: chmod 600 .netrc (3) a shell function as wrapper around the decrypt, ftp call, and removal of decrypted .netrc would be helpful. Thank you for your great answer!
So instead of the FTP password the user has to type the GPG passphrase? Also, if an attacker has write access to your personal files there are tons of ways of revealing your credentials as soon as you’re using them. In that scenario GPG only really helps against an attacker with read-only access. Which is really rare, I guess?
@Konrad So I’m less sure about the local files attach, but, no, and no, I think? passphrase is only for people who want that, it is a bit silly to trade a password for a password, however you can map many separate passwords to one password. Asymmetric you don’t have to worry about any passphrase. Then you just use the first command, not the second (well you do, but just once). Your concerns about local are not warranted, gpg takes care of its own local file permissions. And if you are rooted it doesn’t matter.
где fedora хранит пароли от фтпшек?
для одной задачи выдали рута, к фтпхе продолжает конектится под обычным юзером, внутри наутилуса опции «забыть логин/пароль к фтп» не нашёл, подразумеваю, что где то текстовый док лежит с параметрами, так? где?
посмотри в seahorse (в меню гнома называется passwords and keys), скорее всего там пассворд стакается.
данного пункта в меню у меня нет
У тебя gnome? Попробуй погуглить про gnome-keyring, где он складывает пароли (или маны к нему поглядеть).
Как вариант, поставь этот самый seahorse, если я правильно понимаю, он подтянет содержимое keyring и в нем можно будет удалить пассворд.
ой там началось такое короче, введите пароль от ключницы и прочее, я удалил связку и всё
пароль от ключницы по дефолту тот же что и у юзера.
в наутилусе потерся логин/пароль на фтп?
пароль от ключницы по дефолту тот же что и у юзера.
в наутилусе потерся логин/пароль на фтп?
только вылезла одна трабла. оказывается админ закрыл для рута доступ через фтп. через терминал в формате ssh root@xx.x.x.xxx сработало, однако через наутилус не канает. Я визуально теряюсь в коде если через mc, привык через саблим работать. У меня есть пара логин/пароль от рута, и пара логин/пароль от простого юзера, которому нужно открыть права на доступ и редактирование в указанной папке. Как это сделать, корректно?
Для Наутилуса надо sftp:// в начале строки
Для ftp-клиента, для авто логина существует файл .netrc, можно его попробовать.
грац, ато я уже костыль выгадал. Кароч через ssh в терминале от рута конектишься и тогда простой юзер в наутилусе получает права рута, или хз, но теперь фтпха открывается с корня
через ssh в терминале от рута конектишься
Так может тогда монтировать через fuse, параллельно авторизацию ssh по ключу сделать, чтоб пароли не светить.
дай чё то покурить по теме, а потом разъяснишь, ибо пасс не светить — важно!
Recovering saved password in Filezilla [closed]
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Unfortunately I can not remember the password of FTP server, but it is saved in FileZilla Site Manager (Ubuntu). How can I view the saved password?
find . -iname «filezilla» gives /home/[username]/.config/filezilla in my case. Then take the sitemanager.xml and look for the Pass element. It might be base64 encoded; base64 decoders are available en masse.
4 Answers 4
Export your Site Manager information and you’ll find them in plain text:
File > Export > Export Site Manager entries It exports everything in XML like this:
ftp.example.com 21 0 0 root mypass [etc]But in my case password is saved under base64 encoding. Respective «pass» entry is as like as below :-
You can decode it using a tool like this: ostermiller.org/calc/encode.html but be aware that it’s safer to write your own script for knowing 100% that nobody stores the decoded result.
All passwords are stored in plain text in this file:
/home/username/.filezilla/recentservers.xml And for newer versions of filezilla and ubuntu, /home/username/.config/filezilla/recentservers.xml If the passwords are base64 encoded, https://www.base64decode.org/ can be used to get the original password.
Ubuntu Linux FileZilla SiteManager file:
If you didn’t store your passwords in the Site Manager, but only used ‘Quick connect’, you can still retrieve them from the history: they are stored in filezilla.xml in the following directory :
Windows XP/2K: “C:\Documents and Settings\username\Application Data\FileZilla”
Windows Vista: “C:\Users\username\AppData\Roaming\FileZilla\”
Related
Hot Network Questions
Site design / logo © 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA . rev 2023.7.13.43531
By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.
networking notes blog
I want to share a little of everything of computing, networking, virtualization and anything an IT guy would do with his spare time.
Recover the FTP password via TCPDUMP
I always keep my frequently used files in my FTP server, at the same time, and i have my password saved in my FTP client in my laptop as well. So when i need to login to my FTP server from another machine, i was like “hmm…. what was my password now?”
Since FTP is run via plain text, there is no encryption at all. So i have recovered my password via TCPDUMP and the username and password are “everyone”.
netuser@HK1401-KVM:~$ sudo tcpdump -n -vvv -i enp6s0 -A -f “port 2121” | grep -i “ user \| pass ”
E..7|!@.v.&….”..b….I…….3P…_… USER everyone
E..L.E. …..b….”.I…..3….P.>x.0..331 Pass word required for everyone
E..7|#@.v.&….”..b….I…….WP…V… PASS everyone
E..k.I. …..b….”.I…..W….P.>x….230-Welcome user everyone@ to 127.0.1.1 FTP server.
E..E.M. …..b….”.I……….P.>x….230 User everyone logged in
Let me break down the syntax.
sudo – to run the tcpdump in super user mode, it is not necessary if running with root.
tcpdump – this is the program name.
“-n” – to stop resolve and show the IP address with domain name.
“-vvv” – to display more packet data on the screen.
“-i enp6s0” – to run the tcpdump on the interface of enp6s0 only.
“-A” – to display the packet in ASCII (think of it as human readable form)
“-f “port 2121″” – to capture the packets that is related to port 2121 only. (this is my ftp server port.)
“| grep -i “ user \| pass “” – to filter out the screen output with any lines that has the either user or pass as the keyword.
This track can be down with other non encrypted network transfer as well. Hope this can serve with anyone who need to recover their own password. Cheers.