|© 2001 − 2023, Dr. Jürgen Rathlev
You can find more information about FTP on
- Password: Click the button at the right to enter a fixed password
which will be used to establish the FTP server connection automatically.
If you leave the password blank for greater security, you must manually enter
the password each time on starting the backup.
- Destination directory: The destination directory can be specified manually
or, if the connection data (server name, username, etc.) are correct, selected in a dialog
after clicking the button .
It may contain one or more placeholders for date and time which can be
selected from a list by clicking .
If a password is specified in the dialog, the connection to the FTP server will
be established automatically.
- Secure data connection: Data transfer
is encrypted using TLS/SSL (FTPS):
For a secure connection the option Require is recommended.
The FTP server must support one of the TLS versions 1, 1.1 or 1.2
- None: All data will be transferred unencrypted.
- If available (explicit): On connecting, the server will be interrogated
as to whether it supports TLS/SSL. If so, the data transfer
will be encrypted (explicit method), otherwise unencrypted.
- Require (explicit): It is expected that the server supports
TLS/SSL (explicit method). If not, the connection will be canceled.
- Always (implicit): All data transfers
will be encrypted using the special port 990 (implicit method). If the server
does not support this method, then connection will fail.
- Use passive mode: Using passive mode, the server will
define the port for data transfer, otherwise the client will define this.
- Force UTF-8 encoding:
Some servers support a file transfers using
but do not announce this capability after establishing the connection.
This is inconsistent with the specification of
RFC2640 Section 3.2
but in this special case you can force the encoding of the client side to UTF-8
by checking this option.
If, in addition, the server must also be switched to UTF-8, use the option
Send OPTS command for UTF-8 described below.
- Use IPv6: Some servers require a connection using the
protocol. Click this option to switch to the IPv6 address mode.
- More options:
The following options (see screenshot above right) are only required if problems
arise from the FTP connection
Unfortunately the available servers do not all follow the recommendations (RFCs) for the
consistently. The following options are a workaround for these shortcomings.
- Send OPTS command for UTF-8:
A server supporting UTF-8 must inform the client about this after establishing
the connection and automatically switch to this mode (see
RFC2640 Section 3.2).
Unfortunately there are servers indicating the support of UTF-8, but nevertheless requiring
an OPTS command to enable it. If this is the case, this option must be selected.
- Force EPRT/EPSV for IPv6:
If the connection to the FTP server was established using the IPv6 protocol (see above),
the data transfer usually requires the EPRT and EPSV commands, instead of
PORT and PASV used for IPv4. By default, the server should inform the client
about this in reply to the feature request (FEAT command). Unfortunately
there are servers that do not follow this recommendation. If this is the case, you must
switch over to this manually by clicking this option.
- Use HOST command: Many Internet providers use the
same FTP server IP for all users. The HOST command is used to assign
the user's server space.
- Time zone
On time-zone spanning FTP connections it is sometimes necessary to adjust the
time offset manually for reliable timestamp comparisons.
- Write communication log to file:
For debugging purposes, the communication with the FTP server can be logged.
The log is written into the file PbFtp.log located in the same directory
as the other log files (see here).
Use the Action menu to view or delete this file.
Clicking the Advanced settings button will open the following page.
- Change to lower/upper case: Unix/Linux systems differentiate
between lower- and upper-case characters in filenames.
You can specify whether you wish to change all file and directory names to lower
or upper case prior to data transfer.
- Allow quoted filenames: Filenames with spaces will cause
errors on an FTP transfer. Some servers allow filenames within quotation marks
(as is common under Windows).
- Character encoding: As there are still FTP servers that do not support UTF-8 encoding,
you can specify that certain characters are to be replaced by a numeric code
as is usual in URL addresses (e.g. a space = %20).
- Use Proxy server: If a proxy gateway is required to
connect to the FTP server, you can specify the desired settings here.
- Establishing the connection:
- Maximum number of attempts: Specify the maximum
number of attempts to connect to the FTP server. If this fails, the
backup will be canceled.
- Maximum waiting time to establish the connection: Specify the maximum time
to wait for a reply from the FTP server after sending the connect command.
If establishing the connection fails, further attempts will be made until
the maximum number is reached (see above).
- Controlling the connection:
- Maximum waiting time for server response: Specify the maximum time
to wait for a response from the FTP server after sending a command.
- Send keep-alive command during data transfer: With some FTP servers or
firewalls it can happen that during lengthy data transfers the control
channel will be closed due to inactivity. Enabling this option, a small
data packet will be sent periodically to prevent this issue.
Verification of server certificate
If a secure connection is selected (see above), the data
transfer is encrypted using the TLS/SSL method.
Additional security can be achieved by checking the server's encryption certificate.
This can be done either by the user via a visual assessment or automatically by comparing
the digital fingerprints.
When a secure connection is established, the server certificate
(X.509) is downloaded.
It contains, among other things, information about the issuer and its validity, as well as a digital
Before the backup starts, the user is shown this information so that he can evaluate whether
the certificate is trustworthy. If he knows the digital fingerprint of the server certificate,
it can be stored in the program to allow automatic verification when the connection
is established by comparing it with the downloaded one.
- Verify server certificate: If this box is checked a certificate verification will be
performed on login.
- Interactively by user: On login, a dialog (see Fig. on the right) is opened
in which the most important features of the certificate are displayed. The green dot
indicates that the certificate is still valid. When the validity time has expired,
the color changes to red. Based on these information, the user can decide whether he considers the
certificate to be trustworthy. If not, he should cancel the connection by clicking the No button.
If the certificate is OK, the fingerprint can be copied to the clipboard by clicking
the button at the bottom right to paste it into the FTP settings (see below) for
- Automatic comparison of fingerprints: When selecting this option, the
digital fingerprint of the server must be known. One way to determine it is described
in the previous section. The format must look like in the displayed example
(hex values separated by colons). It corresponds to the output of the OpenSSL program
with the command
...\openssl x509 -noout -fingerprint -md5 -inform pem -in <certificate>.crt.
If it has been copied to the clipboard as described above, it can be pasted into
the field very easily by clicking the corresponding button.
J. Rathlev, D-24222 Schwentinental, November 2023