FTP

For your information

FTP access is only available for buckets in pools ru-1 and ru-7.

When working with buckets, you must use TLS/SSL Explicit encryption (TLS/SSL Explicit encryption).

The FTP protocol uses two connections:

• a control connection — this is used to transmit commands and responses, which are text strings;
• a data transfer connection.

S3 uses only passive data transfer mode. The connection establishment and data transfer process is initiated exclusively from the client side.

Appends to files are not supported — when attempting to do so, a 426 response code will be returned.

Connection data

To connect to S3 via FTP, use:

• FTP host in the required pool;
• port 21 (control port);
• port range 10100-12000 (data ports).

Authentication is performed using an S3 key — the Account Owner or a user with the iam.admin role must issue a key to a service user. When connecting via FTP, the Access key and Secret key from the key are used as the username and password, respectively.

Configure FTP

1. Configure access to S3.
2. Connect via FTP.

1. Configure access to S3

Access can be configured by the Account Owner or a user with the iam.admin role.

1. Create a service user with a role with S3 access, except for the s3.bucket.user role — FTP connection will not work with it.

   If you are using a service user with the s3.user or object_storage_user role, a bucket policy must be configured in the bucket, and its rules must allow access to this user.

2. Issue an S3 key to the user.

2. Connect via FTP

To connect via FTP, you can only use clients that support secure connections via TLS/SSL (FTPS).

Windows

Total Commander

1. Open Total Commander.
2. In the Net menu, select Connect to FTP server.
3. Click Add.
4. On the General tab in the Session field, enter any name (e.g., Servercore).
5. In the Host name field, enter the FTP host in the required pool.
6. Select the SSL/TLS checkbox.
7. In the User name field, enter the value of the Access key field from the S3 key.
8. In the Password field, enter the value of the Secret key field from the S3 key.
9. Select the Passive mode (like Web browser) checkbox.
10. Open the Advanced tab.
11. In the Encoding field, select UTF-8.
12. Click OK. The profile will be saved.
13. Click Connect.

FAR Manager

1. Open FAR Manager.

2. To open the navigation menu:

   • for the left panel — press Alt + F1;
   • for the right panel — press Alt + F2.

3. In the navigation menu, select NetBox.

4. Press Enter.

5. Press Shift + F4. The new connection creation screen will open.

6. In the File Protocol field, select FTP.

7. In the Encryption field, select TLS/SSL Explicit encryption.

8. In the Host name field, enter the FTP host in the required pool.

9. In the Port number field, enter 21.

10. In the User name field, enter the value of the Access key field from the S3 key.

11. In the Password field, enter the value of the Secret key field from the S3 key.

12. Click OK.

13. Select the created profile.

14. Press Enter.

WinSCP

1. Open WinSCP.
2. In the File protocol field, select FTP.
3. In the Encryption field, select TLS/SSL Explicit encryption (TLS/SSL Explicit encryption).
4. Enter the host name — the FTP host in the required pool.
5. In the Port number field, enter 21.
6. Enter the user name — the value of the Access key field from the S3 key.
7. Enter the password — the value of the Secret key field from the S3 key.
8. Click Advanced.
9. Select the Environment section.
10. In the UTF-8 encoding for filenames field, select On.
11. Click OK → Save.
12. Enter a connection name.
13. If you want to save the password, select the Store password checkbox.
14. Optional: select the Create desktop shortcut checkbox.
15. Click OK → Login.

FileZilla

1. Open FileZilla.
2. In the File menu, select Site Manager.
3. Click New site.
4. On the General tab in the Host field, enter the FTP host in the required pool.
5. In the Port field, enter 21.
6. In the Encryption field, select Require explicit FTP over TLS (explicit).
7. In the Logon Type field, select Normal.
8. In the User field, enter the value of the Access key field from the S3 key.
9. In the Password field, enter the value of the Secret key field from the S3 key.
10. Open the Transfer Settings tab.
11. In the Transfer mode field, select Passive.
12. Open the Character set tab.
13. Select the Force UTF-8 character set.
14. Click OK.
15. In the Transfer menu, select Transfer type → Binary.
16. In the File menu, select Site Manager.
17. Select the created site.
18. Click Connect.

Linux

Nautilus

1. Open any directory using Nautilus.
2. In the File menu, select Connect to Server.
3. In the Server Address field, enter ftps://<ftp_host>. Specify <ftp_host> — the FTP host in the required pool.
4. Click Connect.
5. Select Registered user.
6. Enter your username — the value of the Access key field from the S3 key.
7. Enter the password — the value of the Secret key field from the S3 key.
8. Optional: select the Remember forever checkbox.
9. Click Connect.

FileZilla

1. Open FileZilla.
2. In the File menu, select Site Manager.
3. Click New site.
4. On the General tab in the Host field, enter the FTP host in the required pool.
5. In the Port field, enter 21.
6. In the Encryption field, select Require explicit FTP over TLS (explicit).
7. In the Logon Type field, select Normal.
8. In the User field, enter the value of the Access key field from the S3 key.
9. In the Password field, enter the value of the Secret key field from the S3 key.
10. Open the Transfer Settings tab.
11. In the Transfer mode field, select Passive.
12. Open the Character set tab.
13. Select the Force UTF-8 character set.
14. Click OK.
15. In the Transfer menu, select Transfer type → Binary.
16. In the File menu, select Site Manager.
17. Select the created site.
18. Click Connect.

Working with FTP

Authorization

Command	Arguments	Description
USER	Access key from S3 key	Transfer username
PASS	Secret key from S3 key	Transfer password

Security

Command	Arguments	Description
AUTH	Not required	Establish a secure TLS connection. Arguments will be ignored
PROT	P / C	Set protection mode. P for Private, C for Clean. By default, P will use TLS
PBSZ	Buffer size	Set the protection buffer size. The server will respond with 200 OK

Misc

Command	Arguments	Description
FEAT	Not required	Display a list of supported additional functions
SYST	Not required	Display the server operating system
NOOP	Not required	No operation; the server will respond with 200 OK
OPTS	As per RFC2389	Transfer additional options to the server

File access

Command	Arguments	Description
SIZE	Filename	Get file size
STAT	Not required	Get connection statistics
MDTM	Path	Get the file modification date and time
RETR	Filename	Download a file. Works only after switching to passive mode using the PASV command. Resuming downloads is supported
STOR	Filename	Upload a file in passive mode
APPE	Filename	Tell the server to accept a remote file. The command will work only if the file does not already exist in storage. If the file exists, an error will be returned
DELE	Filename	Delete a file
RNFR	Filename	Select file for renaming
RNTO	New filename	Set a new filename. Only after a file has been selected with the RNFR command
ALLO	Size in bytes	Return a response regarding available space. Regardless of the argument, the response will be 202 OK
REST	Offset in bytes	Command to “rewind” to a specific position in a file. Required for resuming downloads using RETR

Working with buckets

Command	Arguments	Description
CWD	Directory name	Change to the specified directory
PWD	Not required	Show the current working directory
CDUP	Not required	Go to the parent directory
NLST	Not required	Return a directory file list in a more concise format than LIST. Only in passive connection mode
LIST	Path	Display contents of the current or provided directory. Both relative and absolute paths are supported
MLSD	Path	Display contents of the current directory. The main difference from LIST relates to timestamps with one-second precision; time is specified in UTC
MKD	Directory name	Create a directory
RMD	Directory name	Delete a directory

Establishing a connection

Command	Arguments	Description
TYPE	A / I	Change data transfer mode. There are two options: ASCII (A) or Binary (I). Any argument is ignored; the command is used for backward compatibility. Only Binary mode is supported
PASV	Not required	Switch to passive data transfer mode
EPSV	Not required	Initiate a data transfer connection in passive mode. The server will respond with the connection port number
EPRT	Protocol version / address / port	Initiate a data transfer connection. The command is exclusively for active data transfer mode, so for this command, the server will report that active mode is not supported
PORT	Not required	Switch to active data transfer mode. The command is exclusively for active data transfer mode, so for this command, the server will report that active mode is not supported
QUIT	Not required	Disconnect from the server