CCC (Clear Command Channel)
The CCC IBM® i FTP server subcommand changes the transmission mode in a control connection from the encrypted mode to the clear text mode.
FTP server subcommand
CCC
When the FTP server receives a Clear Command Channel (CCC) subcommand, it first checks whether the current user has the authority to perform the CCC command. If the user has the authority, it then accepts the command by sending a confirmation message back to the FTP client side. Then the FTP server changes the transmission mode in a control connection from the encrypted mode to the clear text mode.
You can secure sensitive information including your user name and password by sending them in the encrypted mode in the control connection. Then, you can use the CCC subcommand to change the transmission mode to the clear text mode, and then send the port and IP information.
- This might result in file and directory names on the FTP server to be subject to interception. It is possible that such names themselves contain sensitive or confidential information.
- IP address and port information transferred in the control connection can be easily intercepted by hackers.
- Other direct TCP attacks on an FTP server or using an FTP server to attack other systems are completely eliminated when TLS is used. Some of those attacks are now again possible when the control connection reverts to the clear-text mode.
Because of these concerns, the use of the CCC subcommand is controlled using the i5/OS Function Usage interface. The default setting for the CCC subcommand is *DENIED for the FTP server.
You must specify *ALLOWED for the QIBM_QTMF_SERVER_REQ_10 function through the Application Administration folder in System i® Navigator or by using the Change Function Usage (CHGFCNUSG) command. By doing so, you can allow an individual user that is logged on to the FTP server to use the CCC subcommand to end the protection of the control connection.
CHGFCNUSG FCNID(QIBM_QTMF_SERVER_REQ_10) USER(user) USAGE(*ALLOWED)