CIS238/DL 1

Chapter 19 FTP: Transferring Files Across a Network

• FTP Client • JumpStart: Downloading Files Using fip Notes • Anonymous FTP • Automatic Login • Binary versus ASCII Transfer Mode • ftp Specifics • FTP Server (vsftpd) • JumpStart: Starting a vsftpd Server • Testing the Setup • vsftpd.conf: Configuring vsftpd

CIS238/DL 2

Introduction

• ftp has been around as one of the original TCP/IP protocols

• ftp and vsftpd – this chapter will focus more on vsftpd since it is provided with Fedora

• Security – vsftp is secure, ftp is not

• Connections – passive is client initiated connection, active is if server initiates

CIS238/DL 3

FTP Client

• ftp – command line, Linux or Windows

• sftp – secure ftp, part of OpenSSH

• gftp – graphical ftp, supports ftp, SSH, and HTTP

• ncftp – Fedora text-based utility with more features than standard ftp

CIS238/DL 4

Standard ftp screen

CIS238/DL 5

gFTP

CIS238/DL 6

NcFTP

CIS238/DL 7

]umpStart: Downloading Files Using ftp

• Basic commands:– ftp ftp.server.net

– ftp> open ftp.server.net

– ftp> user

– ftp> get (mget)

– ftp> put (mput)

– ftp> prompt

– ftp> hash

– ftp> ascii or binary

– ftp> cd and lcd

– ftp> quit or bye

CIS238/DL 8

Anonymous FTP

• Can use user id of either– anonymous or

– ftp (some systems)

• Enter email address as password if necessary, see automatic login below

• ftp server can use reverse DNS to verify

CIS238/DL 9

Automatic Login

• Place ~/.netrc file in your home directory to allow automatic login:

$ cat .netrc

machine bravo login jimbo password xyz123

• Make readable only by owner!

• Can defeat at ftp server config file

CIS238/DL 10

Binary versus ASCII Transfer Mode

• Binary mode (default for some systems) provides a byte by byte exact transfer

• ASCII (ascii) mode converts end of line characters between Windows and Unix systems– Can also use dos2unix or unix2dos

– Security – always use binary mode

CIS238/DL 11

ftp Specifics

• Format – ftp [-options] server

• Options:– -i interactive

– -g globbing, file name expansion with wild cards

– -v verbose

– -n no automatic login with .netrc

CIS238/DL 12

ftp commands

• Shell command = !command (!ls)• Transfer files:

– append local remote– get remote-file [new local file name]– mget remote-file-list [wild cards allowed]– put local-file [new remote file name]– mput remote-file-list [wild cards allowed]– newer remote-file [new local file name]– reget remote-file [new local file name]

CIS238/DL 13

status

• ascii – sets transfer mode to ASCII• binary – sets transfer mode to binary• close – quits ftp server without leaving ftp• open [server name] – opens new ftp connection• hash – shows hash marks (#) during transfers• prompt – toggles prompts for transfers• passive – toggles between passive and active • user – sign in as different user• quit or bye – exits ftp site and closes ftp

CIS238/DL 14

Directories

• cd - changes directories on ftp server/site

• lcd – changes local directories on your machine

• Do not use ftp> ! cd newdirectory

• Remember that the environment does not change in a spawned process!

CIS238/DL 15

Files

• chmod – to change permissions on files

• delete – to delete remote file(s) if allowed

• mdelete remote-file-list

CIS238/DL 16

Display Information

• dir – like ls but has file option:– dir [remote-dir] file – (file saved on your local system with contents of

the remote directory listing)

• ls – same as dir but with more information• help – shows commands• pwd – print working remote directory• status – status information• verbose – to see all that is happening

CIS238/DL 17

FTP Server (vsftpd)

• The vsftpd package is installed by default on Red Hat systems

• Modes:– Standalone – set listen parameter to “yes”

in vsftpd.conf file

– Normal – use xinetd superserver to start and stop, set to normal by default

CIS238/DL 18

JumpStart: Starting a vsftpd Server

• Make sure service is running:# /sbin/service vsftpd status

vsftpd (pid 3022) is running . . .

• Check permissions in /var/ftp directory# ls –ld /var/ftp

drwxr-xr-x 4 root root 4096 Aug 12 /var/ftp

CIS238/DL 19

vsftpd connection from localhost

CIS238/DL 20

vsftpd connection from remote host

CIS238/DL 21

vsftpd.conf: Configuring vsftpd

• Standalone – listen=yes

• listen_port (default 21)

• listen_address – defaults to any network interface

• max_clients – set to 0 for unlimited

• max_per_ip – set to 0 for any IP address allowed

CIS238/DL 22

Logging in

• userlist_enable – yes further checks userlist_deny, no does not check the list, more secure is no

• userlist_deny – list of users denied access

• userlist_file – name of user list file

• local_enable – allows users in /etc/passwd file to log onto system

CIS238/DL 23

Anonymous Users

• anonymous_enable – yes allows anonymous• no_anon_password – yes won’t ask for password

• deny_email_enable – yes checks if email password

user is denied access to system

• banned_email_file – list of denied users by email

address

CIS238/DL 24

Working Directories and chroot jail

• chroot_list_enable – sets user in jail either in their home directory or in /var/ftp

• chroot_local_user – if set to no local user can move around directory structure

• chroot_list_file – naem of the file if chroot_list_file is set to yes

• passwd_chroot_enable – allows local user to cd to home directory (/home/./jones)

• secure_chroot_dir – empty directory that is not writeable by user ftp, a secure chroot jail

CIS238/DL 25

Messages

• dirmessage_enable – yes displays .message

• banner_file – file that is displayed at login, overrides ftpd_banner

• ftpd_banner – overrides the standard vsftpd greeting banner at connection time

• And speaking of banners:

CIS238/DL 26

Any Questions?