FTP Server

FTP server

protocol

• file transfer over TCP/IP
• created in 1971
• RFC 3659 (1985)
• FTPS is a secure variant
• well known ports 21 for commands and 20 for data

networking

modes

• active : client tells server which port to connect back : can cause issue with client firewalls

• passive : server tells client which port to connect = most common for containerized FTP servers port

• 21 for control

• but we need to map a passive port range (ex 20000-20009:20000-20009)

persistency

security

Note

user name and password are transmitted unencrypted in FTP if using an account with sudo rights with ftp, do it over ssh or an other secure protocol (POPs)

• server should chroot users to their home directory
• FTPS configuration (over SSL/TLS)
• strong password policies
• firewall rules : only trusted IPs

Options

vstpfd

Very Secure FTP Daemon

Pure-FTPd

ProFTPD

more flexible but complex to configure

Configuration

Default vsftps config is very restrictive

cf

• https://www.linuxtricks.fr/wiki/vsftpd-le-fichier-de-configuration-vsftpd-conf

relaunch server after modifs sudo service vsftpd reload

SSL

Testing

• check connected users ps -aef | grep vsftpd

clients

use cases

• backup website
• upload content

FileZilla (UI)

LFTP (CLI)

• mirror to update from local site or make a local copy
• put to update a file

# -e to pass a command
# mirror creates an exact copy
# -e erase non existing files
# -R from local to remote
# -x to ignore
lftp ftp://login:password@host -e "mirror -e -R -x <ignoredDir> /var/www/site / ; quit" 

cf

• https://doc.ubuntu-fr.org/lftp

logs

• logs sudo tail -f /var/log/vsftpd.log

ports

• lsof to check ports the FTP is listening on

Sources

Gemini https://fr.wikipedia.org/wiki/File_Transfer_Protocol https://doc.ubuntu-fr.org/vsftpd https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-debian-10