Frequently Asked Questions

Download a full copy of CrushFTP 4. Copy the CrushFTP4.app, WebInterface, and Plugins folders and replace your existing ones. On Windows, copy the CrushFTP.exe, CrushFTP.jar, WebInterface, and Plugins folder.

(Technically, in OS X, the CrushFTP.jar file is all that needs replacing out of the CrushFTP4.app. Its inside the CrushFTP4.app/Contents/Resources/Java/ folder / package.)

If you have made changes to any of the WebInterface files, be sure you keep a copy of them before overwriting your changes.

Check the ftp aware router option in the preferences. If its on, turn it off, if its off, turn it on and test again. If that doesn't take care of it

this issue is likely a port mapping issue. Check what ports you have mapped on your router for passive (PASV).

If you haven't done this at all, then map a range of ports like 2000-2010, or 2000-2100. Then in the preferences, set the same range there. (Either use a comma or a dash to separate the start and end ports. ex: 2000-2100.) Finally test again. There is also a helpfule Diagnostics web page on my website. It can perform various tests for you and give you suggestions on what is causing the issue.

On OS X, right click the CrushFTP4.app, and choose show package contents. Then browse down to CrushFTP4.app/Contents/Resources/Java/Backup/.

On windows, the backup folder is located at the same location as the CrushFTP.exe program.

An FTP server provides a way for you, or others (if you allow them) to get to files on your machine. It does this in a secure way that limits what a user can do based on the permissions and access you grant them. You could for instance make a folder that is a "Drop" folder where users can upload files into it, but they can't see files that are in it. They can't see files they have uploaded, or files others have uploaded. By default, FTP does not use encryption which in theory could be bad if someone were to be watching your network traffic. CrushFTP supports FTPS and SFTP to do encrypted file transfers giving you total security and peace of mind.

Actually, CrushFTP started as just an FTP server. Its now a server that can handle most widely used protocol. More than any other server. It allows for easy setup, monitoring, and user management across all server items or protocols. See below for what each protocol is, and what makes CrushFTP unique in what it has to offer.

It has more features than any other FTP server out there, and has more options on how you can access your files. (FTP, FTPS, HTTP, HTTPS, SFTP, WebDAV, WebDAVS) It utilizes modern technologies to provide some of these advanced services such as XML, XSLT, and Javascript / Ajax.

It allows you to speed up transfers by factors of 100 in many cases, and at the worst by around a factor of 2. It will run on any OS, so if your situation changes and you want to place it on another machine or OS, you can do so with minimal effort. The developer gives you direct email access to himself with incredible speed on email turn around...and all for free.

CrushFTP's rich set of plugin support allows 3rd part developers to extend it giving you even more features. A few incredible plugins include the CrushSQL, CrushLDAP, Magic Directory, and LaunchProcess plugins...all free with CrushFTP4. In addition, if you are a developer, or have a developer friend, the source code for most of the plugins is given away for free allowing you to add your own customization on top of the current code.

The virtual directory system in CrushFTP is a simple collection of XML files on your hard drive, which means a machine crash won't corrupt your entire user database.

CrushFTP comes with a WebInterface that is professionally designed, with many advanced features including the ability to handle drag and drop uploading, or downlaoding a folder of files as a single .zip. This isn't your "typical" web file managment system. Its well ahead of its time.

The built in WebDAV support allows for easy integration as another disk drive directly in the OS X Finder. Work with files as you would if it were on your local hard drive.

You most certainly can. When you install CrushFTP as a service on OS X, it does this for you. The command its using is : "java -jar CrushFTP.jar -d". The -d option indicated daemon mode.

If you have CrushFTP3 isntalled as a service, choose remove bootup service from its file menu. Then run CrushFTP4. Choose import users fromt he file menu, and locate your CrushFTP3 users. Thats basically it! Of course, don't forget to purchase your upgrade license. Prices are on my pricing page.

Check to see where you tried to do this at. If the user you logged in with has a single folder as part of their virtual file system (VFS), then they

will by default start inside that folder when they login. That folder will need to have the appropriate permission assigned ot it in the user manager. At no time do OS X permissions and ownership affect things. The Usermanager is always the controller for permissions.

If they have several folders in their VFS, then they actually start at "/" instead of being inside one of the folders. This means

they cannot upload to "/" as that location is a virtual representation and not a real location to store files. Thye must first

change into one of the directories before they can upload.

FTP stands for File Transfer Protocol. It allows users to connect to a server and manage files on the server. FTP normally runs on port 21. Running it on another port may cause trouble as many routers understand FTP and "help" you with it provided you are running it on port 21.

If its on another port, users may have trouble connecting to you.

FTP uses one connection as the "control" connection where all commands are sent. It uses a second connection called the "data" connection where all data is transferred. This is where file listings are sent as well as file uploads and downloads. This second "data" connection is negotiated between the client and the server for what IP and port to use. There are two modes for this. Active and Passive. In active mode, the FTP client tells the FTP server to connect back to it to make the data connection. In Passive mode, the FTP client asks the server for its IP and a port to connect to, and then connects to it for the "data" connection. So FTP at the very least always uses two connections.

SFTP stands for SSH File Transfer Protocol. It is not based on the FTP protocol, but is instead its own proprietary protocol. Its encrypted, but the protocol greatly

impeeds performance by using lots of CPU, and limiting the maximum speeds that can be attained with it. It works great for small files. SFTP unlike FTP uses only one connection as well. It normally runs on port 22.

It is normal FTP, but inside a SSL connection. The connection is at no time insecure. The protocol is rarely used anymore because of the availability of FTP (explicit SSL). It must run on its own separate port from normal FTP. (Usually port 990.) Just like FTP, FTPS uses two connections. All the same info about FTP applies, except it is now encrypted.

It is normal FTP, with some or all of the connection encrypted. Its much more flexible than implicit SSL. It can share the same port as FTP (21).

When a user logs in, there FTP client asks the server if it supports Explicit SSL mode before it sends the user / pass. If the server does, then the connection is encrypted. The user and password is sent, and the connection continues with all future communication encrypted.

The client can request that when files are transfered that the data connection either be encrypted or not. Implicit SSL always encrypts data transfers.

Just like FTP, FTPS uses two connections. All the same info about FTP applies, except it is now encrypted. FTP explicit SSL runs on the same port 21 as FTP.

HTTP is the normal protocol for web pages. http://server_ip:port/ The WebInterface supports sending pages as XML or HTML so that a browser can display them. XML pages are faster as the server only sends a small XML file and the browser handles building the HTML to display. HTTP normally runs on port 80. Only one connection is used for HTTP unlike FTP. HTTP is always not speed inhibited like SFTP is.

WebDAV is a protocol based on HTTP. Everything about the above HTTP protocol applies to WebDAV. Think Apple's iDisk that they provide with .Mac. It allows a user to mount a virtual disk on their desktop in the OS X Finder that they can use based on the access you have granted them. The Finder supports FTP as well, but only to download, not to upload. With WebDAV, the Finder supports upload and download.

HTTPS is HTTP, but the connection is encrypted with SSL. At no time is the connection not encrypted. It normally runs on port 443.

It is WebDAV, but using a HTTPS connection.

OS X limits what applciations can use a port below 1025. Unix machines, and Linux machines do as well. Because of this, you must authenticate CrushFTP to run it with elevated privileges so that it can run a server on ports below 1025. FTP is port 21, SFTP is port 22, HTTP is port 80, HTTPS is port 443. So all of those protocol, if using their default port, require elevated privileges. In addition

to install a startup service, an application must be running with elevated privileges as well.

If you have not created an account in the user manager named "anonymous" then the user anonymous cannot login.

The user anonymous is no different than any other user except it allows any password for a connection. Simply create a user named "anonymous" in the user manager and they will be able to login.

Yes and no. There are robots out there scanning the internet for default usernames and passwords. Provided you aren't using a blank password for a username named "admin", or a simplicstic password like "password" you are safe. As a general rule, never have an account like user:test, pass:test exposed on the internet or a robot will find it and start uploading files to it.

If you have Skype running, turn off the option in skypes preferences to use port 80/443. Otherwise, disable any other web servers you have running so CrushFTP can take over. This includes the "FTP Access" option in the Sharing System Preferences on OS X.

(I am going to use GoDaddy for my example, but the same would be similar for other certificate authorities as well.)
I purchased a cheap chained certificate from godaddy. I chose the "Tomcat" type of certificate as CrushFTP works the same way as tomcat for certificates. I substituted "crushftp" instead of "tomcat" though. It really doesn't matter however.

PART 1
Here are the commands I issued from an OS X terminal:

(" [ " indicates the beginning of a line, and " ] " indicates the end. You should not enter those two characters in terminal though.

[ keytool -genkey -alias crushftp -keyalg RSA -keystore crushftp.keystore ]
***enter a password here...REMEMBER it!
***re-enter password
What is your first and last name?
***be sure to enter the domain name as it will appear in the browser. DO NOT enter your name.
[Unknown]: www.crushftp.com
What is the name of your organizational unit?
***use something meaningful
[Unknown]: server
What is the name of your organization?
***if you are an individual, enter your name, otherwise enter your companies name
[Unknown]: Ben Spink
What is the name of your City or Locality?
***enter the appropriate city
[Unknown]: YourCityHere
What is the name of your State or Province?
***enter the state un-abbreviated
[Unknown]: YourStateHere
What is the two-letter country code for this unit?
***enter the country code
[Unknown]: US
Is CN=www.crushftp.com, OU=server, O=Ben Spink, L=YourCityHere, ST=YourStateHere, C=US correct?
***type "yes" if the above is accurate and correct
[no]: yes
Enter key password for -crushftp-
***do yourself a favor and use the same password (just hit return, or re-key it.)
(RETURN if same as keystore password):

PART 2
That was the easy part. You now have a cert waiting to be signed. Now we get a certificate request that we give to GoDaddy to generate our certificate.

(" [ " indicates the beginning of a line, and " ] " indicates the end. You should not enter those two characters in terminal though.

[ keytool -certreq -keyalg RSA -alias crushftp -file crushftp.csr -keystore crushftp.keystore ]
Enter keystore password:
***enter your password you used from above.

Now you take this resulting "crushftp.csr" file and copy its contents and paste into GoDaddy's CSR request page.

***KEEP your "crushftp.keystore" file! You must have it to finish the steps once you get your certificate from GoDaddy.

PART 3
After completing the cert request through GoDaddy, you will be given a link to download your certificate package. This .zip file expands into a folder with the following files:
gd_bundle.crt
gd_cross_intermediate.crt
gd_intermediate.crt
www.crushftp.com.crt

(Instead of www.crushftp.com.crt, you will have one corresponding to your domain.)
You still need one more file. Go to GoDaddy to get their root certificate:
https://certificates.starfieldtech.com/Repository.go

Download the "valicert_class2_root.crt" file. Place it in the same folder with all the other certificates.

Copy in your "crushftp.keystore" file created above in Part 1. Be sure to use a COPY in case anything goes wrong!

Now use OS X terminal again to finish building your fully trusted certificate.

(" [ " indicates the beginning of a line, and " ] " indicates the end. You should not enter those two characters in terminal though.

***import the root certificate
[ keytool -import -alias root -keystore crushftp.keystore -trustcacerts -file valicert_class2_root.crt ]
***enter your password from above
Trust this certificate? [no]: yes
***enter "yes"
Certificate was added to keystore

***import the "cross" certificate
[ keytool -import -alias cross -keystore crushftp.keystore -trustcacerts -file gd_cross_intermediate.crt ]
***enter your password from above

***import the "intermediate" certificate
[ keytool -import -alias intermed -keystore crushftp.keystore -trustcacerts -file gd_intermediate.crt ]
***enter your password from above

***finally import your signed certificate which updates your pre-existing unsigned certificate
[ keytool -import -alias crushftp -keyalg RSA -keystore crushftp.keystore -trustcacerts -file www.crushftp.com.crt ]
***substitute your certificates name instead of "www.crushftp.com.crt"
***enter your password from above

Now the resulting crushftp.keystore is a complete signed certificate chain. Place this file where ever you like, but that might as well be in the CrushFTP folder. Then go to the preferences of CrushFTP. Choose encryption on the left, then SSL. Browse and locate your crushftp.keystore file.

For the passwords, enter in the password you used above everywhere. Set both the keystore password and the cert password. They should be the same as long as you followed directions above.

Lastly, either restart CrushFTP, or choose stop all servers, start all servers to make the server items load the new certificate.

If you already have a certificate for Apache, you may be able to convert it to a Java keystore and use it with CrushFTP. I provide this information untested, but it in theory looks like it would work.
Install Apache Cert

CrushFTP supports a few command line arguments. You can access them via "java -jar CrushFTP.jar -help". Mainly you will be issuing "java -jar CrushFTP.jar -a username password". This will make an admin user in the default "users/lookup_21/" folder of CrushFTP. You may then login using remote administration from another machine to control the server with a GUI.
Use the HTTP protocol for controlling the server as you could have firewall / routing issues if you use PASV without the server being first configured. (catch-22) The default port CrushFTP is listening on for HTTP is port 8080.

You can alternatively configure the server, and an admin user on a local machine with a GUI, then transfer it all to the headless server. Don't configure access to folders in the user manager when using this method as they will be invalid on the headless server once you transfer it.

Start CrushFTP in daemon mode with "java -jar CrushFTP.jar -d". Be sure the current working directory is the same as the CrushFTP.jar file. Do not do something like this : "java -jar /files/CrushFTP4/CrushFTP.jar -d" or you will get preferences files being written to your current working directory...and potentially other bad behavior. If java is not in your path, you can do something like "/usr/java/jre_1_5_10/bin/java -jar CrushFTP.jar -d" instead.

Most likely the server is set to have the browser render the XML/XSLT. Change this setting to be server side in order to work with Safari. A bug in Safari causes this issue. The bug has been fixed in nightly builds of Safari, but that doesn't solve the issue for current Safari users. So until the bug is fixed in Safari, you will need to leave rendering server side, or use another browser.

Win2k3 uses permissions a little more strictly than other Windows versions. As a result, when you install CrushFTP as a service, the service won't be able to read/write to the CrushFTP folder. Just change the windows permissions on the CrushFTP folder to grant full control so the account running the service and read and write to the folder.

IIS by default will bind to all IPs on the machine. So if you have multiple IP's and want CrushFTP on one, and IIS on the other, do the following:
Download and install the Windows Server 2003 Support Tools
From a command prompt, run :

httpcfg set iplisten -i *your_iis_ip_goes_here*
net stop http /y
net start w3svc

Java on these older machines performs very slowly at a verification step of the CrushFTP application. As a work around, I have provided a version of CrushFTP that will not do this step and will speed up launch times from several minutes to probably around 30 seconds or less. The only side affect of this is that you cannot do web browser based remote administration of the CrushFTP server. This was the only reason this verification step was necessary was to support that ability.
To fix, select "Check for Update" from the CrushFTP file menu. Then hold down the "control" key and click the button "check for update". The window will turn orange confirming you are getting the alternate build. Click "Yes" to re-download the current version.
Your application start times will now be normal on the older hardware. This work around is being provided as Apple has no intention of going back and fixing the issue.