FTP is an acronym for File Transfer Protocol. As the name suggests, FTP is used to transfer files between computers on a network. You can use FTP to exchange files between computer or access online software archives. Keep in mind, however, that many FTP sites are heavily used and require several attempts before connecting. The most commonly used ftp package is VSftp, which stand for ‘very secure file transfer protocol’.
File Transfer Protocol (FTP), is a standard Internet protocol, is the simplest way to exchange files between computers on the internet. You can use FTP to exchange files between computer accounts and transfer files for an account and desktop computer, or access online software archives.
Active FTP
Active FTP works as follows:
- Client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Commands such as 'ls' and 'get' are sent over this connection.
- Whenever client requests data over the control connection, the server initiates data transfer connections back to the client. The source port of these data transfer connections is always port 20 on the server, and the destination port is a high port on the client.
- Thus the 'ls' listing that you asked for comes back over the "port 20 to high port connection", not the port 21 control connection.
- FTP active mode data transfer therefore does this in a counter intuitive way to the TCP standard as it selects port 20 as its source port (not a random high port > 1024) and connects back to the client on a random high port that has been pre-negotiated on the port 21 control connection.
- Active FTP may fail in cases where the client is protected from the Internet via many to one NAT (masquerading). This is because the firewall will not know which of the many servers behind it should receive the return connection.
Passive FTP
Passive FTP works as follows:
- Client connects to the FTP server by establishing a FTP control connection to port 21 of the server. Your commands such as 'ls' and 'get' are sent over that connection.
- Whenever the client requests data over the control connection, the client initiates the data transfer connections to the server. The source port of these data transfer connections is always a high port on the client with a destination port of a high port on the server.
- Passive FTP should be viewed as the server never making an active attempt to connect to the client for FTP data transfers.
- Passive FTP works better for clients protected by a firewall as the client always initiates the required connections.
Setup File Transfer Server
VSFTP keeps its configuration in vsftpd.conf, which can be access by executing the command below:
#nano /etc/vsftpd/vsftpd.conf
Most of the frequently used options are already inside the configuration file. All administrator needs to do is to add or remove the comment (#) at the beginning of the lines to activate or deactivate the options.
Each option is bind to values or directives, which will affect how VSFTP works. Different options results in different form of ftp server. Try exploring each of the options in the configuration file when possible.
FTP user List
You can restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd.ftpusers file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access.
#nano /etc/vsftpd.ftpusers
Anonymous Upload
VSFTPD allows only anonymous FTP downloads to remote users. But if you would like to allow remote users to be able to write data to your FTP server, it is recommended that you create a write only directory within /var/ftp/pub. This will enable users to upload but not access other files uploaded by other users.
# mkdir /var/ftp/pub/upload
Chmod 722 /var/ftp/pub/upload
Authorized FTP Users with Read only Access to a directory
1. Enter into text editor mode for vsftpd.conf by typing the following command.
# nano /etc/vsftpd/vsftpd.conf
2. Disable anonymous FTP by editing the following line to
# anonymous_enable=NO
3. Enable local individual logins by editing the following line to
#local_enable=YES4.
Change the following to disallow write_enable
#write_enable = NO
4. Change the following to disallow write_enable
#write_enable = NO
5. Start the VSFTP services
#service vsftpd start
6. Create a user group and shared directory
#groupadd ftp-users
#mkdir /home/ftpFolder
7. Make directory accessible to ftp-users group
#chmod 750 /home/ftpFolder
#chown root:ftp-users /home/ftpFolder
8. Add users and make their default directory /home/ftpFolder
#useradd –g ftp-users –d /home/ftpFolder user1
#passwd user1
9. Copy files to be downloaded by users into/home/ftpFolder
Change the permission of the files in the /home/ftpFolder directory for read only access by the group
#chown root:ftp-users /home/ftpFolder *
#chmod 740 /home/ftpFolder *
Test FTP Functionality
A simple test procedure that ensures that the FTP is working properly
#ftp 192.168.1.1
#
ftp>
If you have disable the upload transfer. You will not be able to upload files into the instructor computer
# put testfile
#testfile
List the directory and download the file.
#ls
-rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm
#get -rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm.tmp
227 Entering Passive Mode (192,168,1,100,44,156)
150 Opening BINARY mode data connection for vsftpd-1.1.0-1.i386.rpm (76288 bytes).
226 File send OK.
76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec)
#exit
No comments:
Post a Comment