通过代理 FTP 的 RCurl getURL

RCurl getURL with FTP over proxy

在 R 中,我尝试使用 RCurl 从 ftp 服务器获取数据。服务器已激活显式加密。下面是使这项工作成功的许多尝试之一,但我总是得到 530 登录名或密码不正确! 使用另一个客户端(如 WinSCP)时,用户名/密码仍然有效。欢迎任何帮助!

library(RCurl)

# CURL_SSLVERSION_TLSv1_1 <- 5L
# CURL_SSLVERSION_TLSv1_2 <- 6L

opts <- curlOptions(
  proxy         = "http://my.proxy/",
  proxyport     = 8080,
  dirlistonly = TRUE,
  sslversion = 6L,
  ftp.use.epsv = FALSE,
  ssl.verifypeer=TRUE
  
)

 dat <- getURL("ftp://myUser:myPaas@ftps.myServer.com/", .opts = opts )

这里是 winscp 设置的一些屏幕截图(仅德语 OS 可用)

连接屏幕:

协议屏幕:

WinSCP 连接字符串:

Here is the output having verbose = TRUE added

*   Trying 10.x.x.x...
* Connected to 10.x.x.x (10.x.x.x) port 8080 (#0)
> GET ftp://User:Pass@ftp.myserver.com/ HTTP/1.1
 Host: ftp.myserver.com:21
 Accept: */*
 Proxy-Connection: Keep-Alive

< HTTP/1.1 403 Forbidden
< Server: squid/3.5.20
< Mime-Version: 1.0
< Date: Thu, 15 Nov 2018 11:12:24 GMT
< Content-Type: text/html;charset=utf-8
< Content-Length: 3898
< X-Squid-Error: ERR_FTP_FORBIDDEN 530
< Vary: Accept-Language
< Content-Language: en
< WWW-Authenticate: Basic realm="FTP ftp.myserver.com"
< X-Cache: MISS from Proxy-xxxxxx
< X-Cache-Lookup: MISS from Proxy-xxxxx:8080
< Via: 1.1 Proxy-xxxxxx (squid/3.5.20)
< Connection: keep-alive
< 
 * Connection #0 to host 10.x.x.x left intact

这是 WinSCP 日志:

. 2018-11-15 17:09:15.999 Verbinde mit ftp.MyServer.com ...
. 2018-11-15 17:09:15.999 HTTP proxy command: CONNECT ftp.MyServer.com:21 HTTP/1.1

. 2018-11-15 17:09:15.999 Host: ftp.MyServer.com:21

. 2018-11-15 17:09:16.014 Verbindung mit dem Proxy hergestellt, führe Handshakes aus ...
. 2018-11-15 17:09:16.039 HTTP proxy response: HTTP/1.1 200 Connection established
. 2018-11-15 17:09:16.039 HTTP proxy headers: 

. 2018-11-15 17:09:16.039 

. 2018-11-15 17:09:16.039 Verbunden mit ftp.MyServer.com, TLS Verbindung wird ausgehandelt...
< 2018-11-15 17:09:16.059 220 Welcome to FTP MyServer
> 2018-11-15 17:09:16.059 AUTH TLS
< 2018-11-15 17:09:16.093 234 Using authentication type TLS
. 2018-11-15 17:09:16.179 Verifying certificate for "MY Server" with fingerprint xx:yy:zz.............. and 18 failures
. 2018-11-15 17:09:16.179 Certificate common name "ftp.MyServer.com" matches hostname
. 2018-11-15 17:09:16.179 Certificate for "MY Server" matches cached fingerprint and failures
. 2018-11-15 17:09:16.179 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA, ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
. 2018-11-15 17:09:16.216 TLS Verbindung hergestellt. Warte auf die Willkommensnachricht...
> 2018-11-15 17:09:16.216 USER MyUser
< 2018-11-15 17:09:16.216 331 Password required for MyUser
> 2018-11-15 17:09:16.216 PASS **********
< 2018-11-15 17:09:16.236 230 Logged on

这是包含更多信息的 R 控制台日志:

 *   Trying 10.101.0.32...
 * Connected to 10.101.0.32 (10.x.x.x) port 8080 (#0)
 > GET ftp://MyUser:@ftp.MyServer.com/ HTTP/1.1
 Host: ftp.MyServer.com:21
 Accept: */*
 Proxy-Connection: Keep-Alive
 
 < HTTP/1.1 401 Unauthorized
 < Server: squid/3.5.20
 < Mime-Version: 1.0
 < Date: Fri, 16 Nov 2018 08:25:46 GMT
 < Content-Type: text/html;charset=utf-8
 < Content-Length: 3898
 < X-Squid-Error: ERR_FTP_FORBIDDEN 530
 < Vary: Accept-Language
 < Content-Language: en
 < WWW-Authenticate: Basic realm="FTP MyServer ftp.MyServer.com"
 < X-Cache: MISS from Proxy-xxxx
 < X-Cache-Lookup: MISS from Proxy-xxxx:8080
 < Via: 1.1 Proxy-xxxx (squid/3.5.20)
 < Connection: keep-alive
 < 
 * Ignoring the response-body
 * Connection #0 to host 10.x.x.x left intact
 * Issue another request to this URL: 'ftp://ftp.MyServer.com'
 * Found bundle for host ftp.MyServer.com: 0xafea17a
 * Re-using existing connection! (#0) with host 10.x.x.x
 * Connected to 10.x.x.x (10.x.x.x) port 8080 (#0)
 * Server auth using Basic with user 'Nordex'
 > GET ftp://MyUser:@ftp.MyServer.com/ HTTP/1.1
 Authorization: Basic Tm9yZGV50g==
 Host: ftp.MyServer.com:21
 Accept: */*
 Proxy-Connection: Keep-Alive
 
 < HTTP/1.1 401 Unauthorized
 < Server: squid/3.5.20
 < Mime-Version: 1.0
 < Date: Fri, 16 Nov 2018 08:25:46 GMT
 < Content-Type: text/html;charset=utf-8
 < Content-Length: 3947
 < X-Squid-Error: ERR_FTP_FORBIDDEN 530
 < Vary: Accept-Language
 < Content-Language: en
 * Authentication problem. Ignoring this.
 < WWW-Authenticate: Basic realm="FTP MyServer ftp.MyServer.com"
 < X-Cache: MISS from Proxy-xxxx
 < X-Cache-Lookup: MISS from Proxy-xxxx:8080
 < Via: 1.1 Proxy-xxxx (squid/3.5.20)
 < Connection: keep-alive
 < 
 * Connection #0 to host 10.x.x.x left intact

WinSCP 向代理发送 CONNECT 命令:

. 2018-11-15 17:09:15.999 HTTP proxy command: CONNECT ftp.MyServer.com:21 HTTP/1.1

当 RCurl 发送 GET 命令时:

> GET ftp://User:Pass@ftp.myserver.com/ HTTP/1.1

在 cURL 中,您使用 CURLOPT_HTTPPROXYTUNNEL option 使其使用 CONNECT:

make libcurl tunnel all operations through the HTTP proxy (set with CURLOPT_PROXY). There is a big difference between using a proxy and to tunnel through it.

Tunneling means that an HTTP CONNECT request is sent to the proxy, asking it to connect to a remote host on a specific port number and then the traffic is just passed through the proxy.

在 RCurl 中,对应于 httpproxytunnel。所以应该这样做:

opts <- curlOptions(
  proxy           = "http://my.proxy/",
  proxyport       = 8080,
  httpproxytunnel = 1,
  ...
)