The HEASARC Transition from FTP to FTPS

As part of a general Federal policy that requires all network communications to be encrypted, the HEASARC will be phasing out access to unencrypted HEASARC FTP services in the next few months. Unencrypted FTP access may be terminated as soon as July 31, and is unlikely to be supported past September 30, 2019.

After the phaseout, the HEASARC will still support TLS-encrypted FTP, aka, FTPS. Note that FTPS should not be confused with SFTP, which, despite its similar name, is not related to traditional FTP. Specifically the HEASARC will support explicit, passive-mode FTPS connections. Implicit FTPS is not supported, nor is active mode FTP.

Implications of This Transition for the User

Browsers

Most web browsers (Chrome, Firefox, etc) do not support FTPS; however, users should normally be able to replace FTP URLs with HTTPS-based URLs, e.g.,

   ftp://heasarc.gsfc.nasa.gov/rosat/data ->
   https://heasarc.gsfc.nasa.gov/FTP/rosat/data

Note that for the HEASARC you must specify the additional FTP directory when transforming an FTP URL to HTTPS. Thus, if you have been browsing the HEASARC archive directly by entering FTP URLs into a browser, you will need to specify the https://heasarc.gsfc.nasa.gov/FTP version after the changeover.

Scripts

Existing scripts are likely to require some modification to handle FTPS. In some cases, the change to HTTPS URLs noted above might be all that is needed -- i.e., just switch to the secure HTTP protocol. If that is not feasible or desirable, many tools (e.g., CURL and recent versions of WGET) support FTPS, but generally these require that the user specify specific arguments to initiate an SSL-based session. Scripts using WGET or CURL with HEASARC FTP URLs will likely need to be modified to specify that an SSL session is to be used. Note that the URL that is used with WGET or CURL will usually still be specified as ftp://heasarc.gsfc.nasa.gov even after the transition to FTPS.

CFITSIO

The HEASARC is updating the CFITSIO library so that it will transparently handle both FTP and FTPS. When the updated library is given an FTP URL, it will first attempt one protocol and if that fails will attempt the other. We anticipate having the updated CFITSIO library available no later than May 15, 2019. In principle, FTOOLS linked with the updated library -- and scripts that use them -- should not need to be changed because of the transition.

What You Can Do

We strongly urge users to check for any FTP dependencies in their scripts and processes that access the HEASARC. The HEASARC web site already supports FTPS, so you can update WGET/Curl style scripts immediately. The HEASARC's development site, HEASARCDEV, has already transitioned and only supports FTPS. Users for whom this site is visible can test whether their scripts work in the FTPS-only environment. We have also set up a FTPS only web site at
   gs66-lambdaftp.ndc.nasa.gov
which has the entire ROSAT archive mounted. E.g., you can try the command
   curl --ftp-ssl -o sv.fits.Z ftp://gs66-lambdaftp.ndc.nasa.gov/rosat/data/pspc/processed_data/200000/rp200686n00/rp200686n00_im1.fits.Z
to retrieve a particular ROSAT image. You should be able to check whether the FTPS software you plan to use is compatible with the HEASARC's installation.

If you have questions or encounter problems, please use the HEASARC's Feedback form to let us know.



HEASARC Home | Observatories | Archive | Calibration | Software | Tools | Students/Teachers/Public

Last modified: Friday, 05-Apr-2019 12:22:06 EDT

HEASARC support for unencypted FTP access will be ending possibly as early as July 31, 2019. Please see this notice for details.