Duplicacy with FTPS

There’s a router called FritzBox which is very widely used, at least in Germany and the Netherlands, as far as I know. It supports attaching disks to its USB port(s), and then making them available for internet access for pre-configured users. Access is via FTP or FTPS (or SMB, yikes…).

For backup on each other’s sites, I’d like to use this with a friend who has the same FritzBox. All we need is to give each other a hard disk, set up proper access, and configure Duplicacy. right? Eh, well, not quite…

The problem: Duplicacy does not support FTP (AFAICT, and I’m aware of the fact that the user+pw travels in plaintext). I’ve tried SFTP, but that generates protocol errors. As I understand it, FTPS is not SFTP (FTP via SSH), but FTP over SSL/TLS.

Are there plans to support FTPS? (FTP is definitely not very attractive, since anyone could drop in and start messing with the encrypted backups, e.g. delete them…).

Currently there isn’t a plan to support FTPS, but this can change if more users want it…

Since you mentioned SMB, is it possible to use the local disk backend (using the SMB network path as the storage url)?

I would use FTPS if it were available.

No - I’m accessing a remote system, SMB is blocked by the ISP.

(PS: my fix is now to use a different backup setup with a RasPi)

IPSs are right to block SMB. I’d fully expect FTP to be affected as well since not all of them can understand the TLS extension for FTP.

The sensible approach would be not to expose any services to the outside world at all, except VPN; and then access your device through secure tunnel via any protocol you like, including SMB

As an alternative – Duplicacy supports SFTP with key based authentication – this is as secure as it gets – any reason this is not suitable for you?

1 Like

Exactly - SFTP is what I use now, with an added Raspberry Pi behind the router/fw.
I agree that SMB and plain FTP are too insecure for direct internet use.

But my original point was that the FritzBox router itself has FTPS support (and a USB port to connect a stick/disk), which is why I brought up the issue of FTPS support. If duplicacy had supported FTPS, then I would not have switched to the extra RasPi setup.

No big deal, water under the bridge. As I’ve said, I have a good setup now.
And FWIW, I’ve started documenting my solution here.

2 Likes

I have similar problem as jcw (although he’ve found a solution for himself). I and a friend of mine both have a QNAP NAS that supports remote access via FTPS and we’d like to backup our data to the other site. Unfortunately QNAP doesn’t let SFTP access to users apart from the admin, so FTPS seems to be the only way to go. Any idea?

Can QNAP run docker or QEmu? If so, just deploy your own file server.

Otherwise — VPN+(SMB or FTP)

I think I’ll go with the second option, it seems a more “standard” approach.

Totally agree. It is the industry standard. I do that myself for quite a while now. Exposing any service beyond vpn to the world is exposing yourself to additional risk for no reward whatsoever.

I have a remote IIS server and would love to connect to it over SFTP, but it isn’t supported. I’m currently using Duplicati, but would love to try Duplicacy if FTPS support is ever added.