On Dec 6, 2006, at 2:04 AM, Duncan Robertson wrote:
On Tue, 2006-12-05 at 10:49 -0700, Nate Duehr wrote:Duncan Robertson wrote:The problem is ftp is pretty crap, then you end up having to troubleshoot all sorts of annoying ftp client / firewall hassles, passive VS non passive, telling people to use filezilla because a web browser is areally crap ftp client when used through a proxy.. etc etc.. Not to mention trying to use secure ftp through a firewall.Blaming the protocol for the network's failings or the training (not) given to the end-users is silly. NateIf the network has failings I look forward to details of your solution (being that chunk of the internet I don't have any control over). It would be wonderful to use ftp in the way it was intended. Blaming the ftp protocol for the network's failings it would be like blaming the smtp protocol because it's design allows it to be abused by spammers. And yes, I agree, a course in debugging firewall/NAT/proxy issues for the ftp protocol would be handy for everybody before they are allowed use an internet connected computer. Duncan
I usually point end-users at some kind of GUI client that most mimics the behavior they're used to from their Windows or other machines, which handles doing PASV automatically. Send 'em a couple of screen shots on how to set it up to connect to the server, and call it a day.
If their network truly won't support PASV FTP, then something is seriously broken and they really need to get their network administration folks to look into it... if they are not without clue.
Tangentially, I have found that most folks (even those who claim not to know much about how to use computers at all) seem to get along fine with WinSCP for using SCP/SFTP, which should work just as well if not a bit slower than an FTP client on the same network.
If the local admins had some kind of frontal lobotomy done and can't get their network to pass PASV FTP properly, it's a nice backup plan. And the "scponly" package can come in useful if you don't want them to have a real login on the system.
But if PASV FTP won't work, the chances of SCP/SFTP working are pretty low. They're just on a horribly broken network. Ask them if they're getting what they paid for and turn 'em loose on that admin who's still recovering from the lobotomy... he needs the practice to regain his skills.
(And yes, this is all somewhat tongue in cheek and there are other reasons it might not work -- broken proxies for one, if they're using those, but proxies are generally a broken design idea to start with anyway -- broken is broken. They should FIX it, or find someone who can.)
-- Nate Duehr nate@natetech.com