Jason Hemann

I like PL, LP, CLP; CPL-curious.

2 minute read

The powers that be here at SHU make some webspace available to faculty and staff here for course-related materials. This is a nice convenient alternative to the LMS system for webhosting, and I wanted to explore what else we could do with it. My contact at the Teaching Learning Center on campus set me up with some space and an account. That I can use as soon as I can log in and get to it. All technology and know-how around campus seems geared toward a pointy-clicky Windows based mode of operation.

Easy command line access requires a little bit of study and configuration.

Firstly, the right tool for the job.

BTW, SFTP =/= FTPS

If you don’t know, SFTP and FTPS are not the same thing. If a person talks to you about “secure FTP”, stop that person immediately and make them clarify to you which they mean. It’s possible that they don’t know either: trust, but verify.

I found the easy way to connect to our server (tltc-web1h-prod.shu.edu) was to simply brew install lftp. Scads of dependencies I needed to download and update all handled for me; man alive package managers are great!

But I run into a problem when I actually try to use this to get to my space now. I can connect, but when I actually try and move around, you run into the following error.

$ lftp -u hemannja,"$PASSWD" ftp://tltc-web1h-prod.shu.edu/hemannja/
cd: Fatal error: Certificate verification: self-signed certificate ...

Certificates and verification

This error message is saying that the server has a self-signed certificate authority, and so my system rightly doesn’t trust it. If this were a nefarious actor, well, it wouldn’t make any sense to take his own word that he’s an honest fella. But I happen to know that I’m really dealing with the machine I think I am, so I want to, for this guy only, accept the certificate that it’s providing me.

So I need to get the certificate that this server is presenting me

$ openssl s_client -connect tltc-web1h-prod.shu.edu:21 -starttls ftp
...
---
Server certificate
-----BEGIN CERTIFICATE-----
123...
...
...456789abcdefgihijklm==
-----END CERTIFICATE-----
subject=...
issuer=...
---

I needed to save that certificate itself as a certificate file. Just the certificate, mind you.

$ cat > ~/tltc_web1h_prod_AES-256.crt
...

Once I had that, I needed to add it so that lftp knew about it.

Luckily this was a solved problem. If you want to add it to your MacOS Keychain, they also have a help page for this.

Updated:

You may also enjoy

Is your shell what you think?

1 minute read

Depending how you installed a new version of bash on your mac, it might surprise you to learn which version of bash you’re using. For instance, if ask for th...

Job hunting advice.

4 minute read

I recently had cause to think about some advice for recent graduates hunting for jobs. This is probably applicable too if you’re laid off and need to find a ...

Living off the land.

3 minute read

We’re mostly cloud computing infrastructure here at SHU, but we do have a department server. On which I’m not an admin (and shouldn’t be!)