Chapter 19 FTP: Transferring Files Across a Network

1
Chapter 19 FTP Transferring Files Across a
Network

• FTP Client
• JumpStart Downloading Files Using fip Notes
• Anonymous FTP
• Automatic Login
• Binary versus ASCII Transfer Mode
• ftp Specifics
• FTP Server (vsftpd)
• JumpStart Starting a vsftpd Server
• Testing the Setup
• vsftpd.conf Configuring vsftpd

2
Introduction

• ftp has been around as one of the original TCP/IP
  protocols
• ftp and vsftpd this chapter will focus more on
  vsftpd since it is provided with Fedora
• Security vsftp is secure, ftp is not
• Connections passive is client initiated
  connection, active is if server initiates

3
FTP Client

• ftp command line, Linux or Windows
• sftp secure ftp, part of OpenSSH
• gftp graphical ftp, supports ftp, SSH, and HTTP
• ncftp Fedora text-based utility with more
  features than standard ftp

4
Standard ftp screen
5
gFTP
6
NcFTP
7
umpStart Downloading Files Using ftp

• Basic commands
• ftp ftp.server.net
• ftpgt open ftp.server.net
• ftpgt user
• ftpgt get (mget)
• ftpgt put (mput)
• ftpgt prompt
• ftpgt hash
• ftpgt ascii or binary
• ftpgt cd and lcd
• ftpgt quit or bye

8
Anonymous FTP

• Can use user id of either
• anonymous or
• ftp (some systems)
• Enter email address as password if necessary, see
  automatic login below
• ftp server can use reverse DNS to verify

9
Automatic Login

• Place /.netrc file in your home directory to
  allow automatic login
• cat .netrc
• machine bravo login jimbo password xyz123
• Make readable only by owner!
• Can defeat at ftp server config file

10
Binary versus ASCII Transfer Mode

• Binary mode (default for some systems) provides a
  byte by byte exact transfer
• ASCII (ascii) mode converts end of line
  characters between Windows and Unix systems
• Can also use dos2unix or unix2dos
• Security always use binary mode

11
ftp Specifics

• Format ftp -options server
• Options
• -i interactive
• -g globbing, file name expansion with wild cards
• -v verbose
• -n no automatic login with .netrc

12
ftp commands

• Shell command !command (!ls)
• Transfer files
• append local remote
• get remote-file new local file name
• mget remote-file-list wild cards allowed
• put local-file new remote file name
• mput remote-file-list wild cards allowed
• newer remote-file new local file name
• reget remote-file new local file name

13
status

• ascii sets transfer mode to ASCII
• binary sets transfer mode to binary
• close quits ftp server without leaving ftp
• open server name opens new ftp connection
• hash shows hash marks () during transfers
• prompt toggles prompts for transfers
• passive toggles between passive and active
• user sign in as different user
• quit or bye exits ftp site and closes ftp

14
Directories

• cd - changes directories on ftp server/site
• lcd changes local directories on your machine
• Do not use ftpgt ! cd newdirectory
• Remember that the environment does not change in
  a spawned process!

15
Files

• chmod to change permissions on files
• delete to delete remote file(s) if allowed
• mdelete remote-file-list

16
Display Information

• dir like ls but has file option
• dir remote-dir file
• (file saved on your local system with contents of
  the remote directory listing)
• ls same as dir but with more information
• help shows commands
• pwd print working remote directory
• status status information
• verbose to see all that is happening

17
FTP Server (vsftpd)

• The vsftpd package is installed by default on Red
  Hat systems
• Modes
• Standalone set listen parameter to yes in
  vsftpd.conf file
• Normal use xinetd superserver to start and
  stop, set to normal by default

18
JumpStart Starting a vsftpd Server

• Make sure service is running
• /sbin/service vsftpd status
• vsftpd (pid 3022) is running . . .
• Check permissions in /var/ftp directory
• ls ld /var/ftp
• drwxr-xr-x 4 root root 4096 Aug 12 /var/ftp

19
vsftpd connection from localhost
20
vsftpd connection from remote host
21
vsftpd.conf Configuring vsftpd

• Standalone listenyes
• listen_port (default 21)
• listen_address defaults to any network
  interface
• max_clients set to 0 for unlimited
• max_per_ip set to 0 for any IP address allowed

22
Logging in

• userlist_enable yes further checks
  userlist_deny, no does not check the list, more
  secure is no
• userlist_deny list of users denied access
• userlist_file name of user list file
• local_enable allows users in /etc/passwd file
  to log onto system

23
Anonymous Users

• anonymous_enable yes allows anonymous
• no_anon_password yes wont ask for password
• deny_email_enable yes checks if email password
• user is denied access to system
• banned_email_file list of denied users by email
• address

24
Working Directories and chroot jail

• chroot_list_enable sets user in jail either in
  their home directory or in /var/ftp
• chroot_local_user if set to no local user can
  move around directory structure
• chroot_list_file naem of the file if
  chroot_list_file is set to yes
• passwd_chroot_enable allows local user to cd
  to home directory (/home/./jones)
• secure_chroot_dir empty directory that is not
  writeable by user ftp, a secure chroot jail

25
Messages

• dirmessage_enable yes displays .message
• banner_file file that is displayed at login,
  overrides ftpd_banner
• ftpd_banner overrides the standard vsftpd
  greeting banner at connection time
• And speaking of banners

26
Any Questions?