The HEASARC Transition from FTP to FTPS

As part of a general Federal policy that requires all network communications to be encrypted, the HEASARC will be phasing out access to unencrypted HEASARC FTP services in the next few months. We expect to disable unencrypted FTP access as of September 20, 2019.

After the phaseout, the HEASARC will still support TLS-encrypted FTP, aka, FTPS. Note that FTPS should not be confused with SFTP, which, despite its similar name, is not related to traditional FTP. Specifically the HEASARC will support explicit, passive-mode FTPS connections. Implicit FTPS is not supported, nor is active mode FTP.

Implications of This Transition for the User

Browsers

Most web browsers (Chrome, Firefox, etc) do not support FTPS; however, users should normally be able to replace FTP URLs with HTTPS-based URLs, e.g.,

   ftp://heasarc.gsfc.nasa.gov/rosat/data ->
   https://heasarc.gsfc.nasa.gov/FTP/rosat/data

Note that for the HEASARC you must specify the additional FTP directory when transforming an FTP URL to HTTPS. Thus, if you have been browsing the HEASARC archive directly by entering FTP URLs into a browser, you will need to specify the https://heasarc.gsfc.nasa.gov/FTP version after the changeover.

Scripts

Existing scripts are likely to require some modification to handle FTPS. In some cases, the change to HTTPS URLs noted above might be all that is needed -- i.e., just switch to the secure HTTP protocol. If that is not feasible or desirable, many tools (e.g., CURL and recent versions of WGET) support FTPS, but generally these require that the user specify specific arguments to initiate an SSL-based session. Scripts using WGET or CURL with HEASARC FTP URLs will likely need to be modified to specify that an SSL session is to be used. Note that the URL that is used with WGET or CURL will usually still be specified as ftp://heasarc.gsfc.nasa.gov even after the transition to FTPS.

CFITSIO

The HEASARC has updated the CFITSIO library so that it will transparently handle both FTP and FTPS in versions of HEASoft 6.26 and greater (released May 21, 2019). When the updated library is given an FTP URL, it will first attempt one protocol and if that fails will attempt the other. In principle, FTOOLS linked with the updated library -- and scripts that use them -- should not need to be changed because of the transition.

What You Can Do

We strongly urge users to check for any FTP dependencies in their scripts and processes that access the HEASARC. The HEASARC web site already supports FTPS, so you can update WGET/Curl style scripts immediately. The HEASARC's development site, HEASARCDEV, has already transitioned and only supports FTPS. Users for whom this site is visible can test whether their scripts work in the FTPS-only environment. We have also set up a FTPS only web site at
   gs66-lambdaftp.ndc.nasa.gov
which has the entire ROSAT archive mounted. E.g., you can try the command
   curl --ftp-ssl -o sv.fits.Z ftp://gs66-lambdaftp.ndc.nasa.gov/rosat/data/pspc/processed_data/200000/rp200686n00/rp200686n00_im1.fits.Z
to retrieve a particular ROSAT image. You should be able to check whether the FTPS software you plan to use is compatible with the HEASARC's installation.

If you have questions or encounter problems, please use the HEASARC's Feedback form to let us know.



HEASARC Home | Observatories | Archive | Calibration | Software | Tools | Students/Teachers/Public

Last modified: Tuesday, 21-May-2019 16:34:16 EDT

HEASARC support for unencrypted FTP access will be ending on September 20, 2019. Please see this notice for details.