A FTP server provides interactive access for DOOR users to beamtime directories using the FTP protocol. It allows you to browse and download beam time data using any suitable FTP client. Access is granted according to the working group definitions in the Gamma Portal. As we are using a secure implementation of the FTP protocol, you might have to configure your client. You can find configuration examples below, see Configuring FTP clients.The FTP server uses a port range of 30000 - 32000 to transfer data. These ports need to be open for outgoing traffic at the receiving site, wich is usually the case.
To access your data:
Use a suitable FTP client to connect to psftp.desy.de. We tested our setup using filezilla,lftp anf fireftp. See Configuring FTP clients below for some information on these clients.
Use your DOOR account to authenticate to the FTP server. DOOR user names and passwords are case sensitive.
Testing the service without having done a beam time yet:
Access to psftp.desy.de is encrypted to protect your privacy. To connect to the server for the first time, you need to accept the servers certificate and - depending on the client you use - the certificates of the signing organizations. We tested the following clients and describe the steps to take.
Note: On windows systems, we recommend using filezilla instead of winSCP due to lower performance and frequent reconnects of win SCP.
lftp needs to be configured by the user to trust the certificate chain:
mkdir ~/.lftp/certs # Add the trust chain for DFN issued certificates # NOTE: This can only be done from a IPv4 aware system. # From a IPv6 only system, this currently does not work. curl https://pki.pca.dfn.de/dfn-ca-global-g2/pub/cacert/chain.txt > ~/.lftp/certs/desy.pem # Activate them: echo 'set ssl:ca-file "~/.lftp/certs/desy.pem"' >> ~/.lftp/rc
The servers welcome message might hint to maintenances or other events of interest. If you do not see the message, you can add a line containing debug 3 to your lftp configuration file, ~/.lftp/rc. An example file might look as follows:
set ssl:ca-file "~/.lftp/certs/desy.pem" debug 3
The server is now IPv6 enabled. On some client OSes (e.g. Redhat 6, openSUSE at least with 42.3), lftp gets stuck after the login prompt. Here is how you can check if your client is affected. The solution is to put the following line to your lftp configuration file (~/.lftp/rc) :
set dns:order 'inet inet6'
which would then look like
set ssl:ca-file "~/.lftp/certs/desy.pem" set dns:order 'inet inet6' debug 3
NOTE: fireFTP is not available with the latest versions of firefox, starting with Quantum (v 57.0). The developer has discontinued the product (see http://fireftp.net/).
To use it with psftp.desy.de, you need to import the certificate chain into your browser. To do this, go to https://pki.pca.dfn.de/desy-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=download_cacert and import the certificates presented there into firefox by simply clicking on them. Then start fireftp.
With large number of files and directories, fireftp will take a huge amount of time setting up and use up large amounts of RAM. With a 8.7 million file beamtime, the setup phase took more than 24 hours with more than 7 GB memory consumption.