FTP tips

From Noah.org
Revision as of 05:26, 1 December 2008 by Root (talk | contribs)
Jump to navigationJump to search

FTP is about the worst solution for file transfers. Not only is data transfer unencrypted but even user passwords are sent in the clear when you login. FTP is also a pain in the ass to get through firewalls. So if you want to make a SysAdmin cringe then ask them install an FTP server.

The only way to make FTP somewhat secure is to use a server that supports SSL encryption. This is called FTPS and not to be confused with SFTP. FTPS adds an encryption layer on top of FTP. Of course, this assumes your users are capable of finding, installing, and configuring an FTP client that supports SSL encryption. In my experience, the biggest excuse for management wanting to install an FTP server is to support clients who can most kindly be described as naive users. SSL is optional and never the default in any FTP client I have ever seen, so you have to explain to the user what SSL is and then help them find where their FTP client may have hidden the SSL option. As long as you are willing to go through that trouble you might as well save yourself some effort by refusing FTP connections and forcing the user to find a file transfer client that supports SFTP. SFTP has encryption built-in and is not an option that needs to be configured. Many FTP clients already support SFTP and in my experience simply choosing an SFTP connection is easier for users than trying to configure an FTP connection with the SSL option. So unless you are willing to totally throw security out the window, it's actually easier to just do the right thing and use SFTP.

Fetch is the most popular FTP client for Mac OS X and supports SFTP. When setting up a connection, you simply choose SFTP from the drop-down list called "Connect using:" (OK, Mac people insist on call it a pop-up menu.). Another option besides Fetch is FileZilla. FileZilla is free and supports the Mac.

On Windows your best bet is WinSCP, FileZilla or SmartFTP.

On Linux and BSD you can use FileZilla. Most of the desktops (GNome and KDE) have built-in support for mounting remote directories over SSH/SCP/SFTP.

That said, if you must install an FTP server then probably your best bet is vsftpd. It supports SSL encryption and can force a client to connect using SSL before they can send a password (force_local_logins_ssl).

Note that SFTP stands for the SSH File Transfer Protocol not to be confused with the ancient and abandoned Simple FTP or Trivial FTP (TFTP). SFTP is related to SCP. I have never found an SSH server that does not support both SCP and SFTP. SFTP has no relationship with FTP except that both at File Transfer Protocols.

TFTP Notes for Ubuntu

To move files on and off embedded devices and firewalls you often need a Trivial FTP server. On Ubuntu, install tftpd-hpa:

 apt-get -q -y install tftpd-hpa

Edit configuration (vim /etc/default/tftpd-hpa) to something like this:

 #Defaults for tftpd-hpa
 # The -c option allows clients to write files.
 # Files are read and written from /tmp.
 OPTIONS="-c -l -s /tmp"

Start the TFTP server:

 /etc/init.d/tftpd-hpa start

Now you can get and put files to /tmp. When you are done with the server you should shut it down:

 /etc/init.d/tftpd-hpa stop