FTP is a protocol used to transfer files between different hosts over the TCP. The ftp connection is initiated when the ftp client connects to the ftp server. The connection is opened by the ftp server on port 21.
There are two different types of connection that can be established between the ftp client and the ftp server. The two different types of connections are “active” and “passive” connections and they are determined by the ftp client.
Active ftp connection:In active ftp the server initiates the connection.The client from a random port greater than port 1023 connects to the server’s port 21.
Passive ftp: In passive ftp the problem of the server initiating the connection is solved.The client opens two unprivileged ports i.e., x greater than 1023 and x+1. The client initiates connection from port x to the server’s port 21.After connection is initated the client instead of allowing the server to connect to the client the client sends the PASV command to the server. The server then opens a random port s that is greater than 1023. Passive ftp is the widely used mode for ftp connection and is decided by the ftp client.
The below Details explain how the different ftp modes operate:
Active FTP : Command connection :ftp client port >1023 ––>>> ftp server 21
data connection : ftp client port >1023 <<<––ftp server 20
Passive FTP : command connection: ftp client >1023 –->>> ftp server 21
data connection :ftp client >1024 ––>>> ftp server >1023
Installation of vsftpd on centos
vsftpd is a light-weight ftp server software .
Normal ftp lacks proper security. The vsftpd is an alternative to normal ftp.
vs ftpd stands for “very secure ftpd”.
Let us go through the steps to install vsftpd on a centos server:
We can install vsftpd through the yum repository.
We can issue the below command:
#yum -y install vsftpd
We can also install the ftp client from the yum repository.
#yum install ftp
The configuration file for vsftpd is /etc/vsftpd/vsftpd.conf .
We can then edit the vsftpd configuration file and make the necessary changes.
We can disable the anonymous ftp login thus reducing security related vulnerabilities.
We can enable the local_enable parameter.
We can enable the chroot jail shell so that users will be jailed to their chroot (i.e., users are restricted to their home directories) and thus increase the security of the server.
We can enable the vsftpd daemon to be automatically be started during the server boot process.
#chkconfig vsftpd on
If the ftp port is closed by the firewall we can open if through the below command:
#iptables -I INPUT 4 -m tcp -p tcp -m conntrack –ctstate NEW –dport 21 -j ACCEPT
We then save the iptables rule.
#service iptables save
Also make sure that we have disabled SELINUX in the server.
Edit the selinux configuration file i.e., /etc/selinux/config
and replace the parameter SELINUX=enforcing with the parameter SELINUX=disabled
We can create a folder to store ftp files for a user.
In this example I am creating a user named “sara”. I amcreating the folder /home/sara/ftp for Sara to store her ftp data.
We first create a hoem directory for sara to store the ftp data.
#mkdir -p /home/sara/ftp
We then create the user “sara” with the home directory /home/sara/ftp sara
#useradd -d /home/sara/ftp sara
You can create some random files to test the server.
#touch /home/sara/ftp/photo1 /home/sara/ftp/letter
You can open a webbrowser and open the ftp path to the remote server.
The format is ftp:IP_address_of_ftp_server.
We can use 3rd party ftp software l to upload or download data from the ftp server.
Filezila and winscp are examples of such freely available 3 rd party software.
Filezilla is freely downloadable from the below website:
Winscp can be dowloaded freely from the below website:
Latest posts by Rounak Jain (see all)
- Massive Launch, AMD EPYC 32/64 Core, Intel Xeon SP, 36TB RAID, E3 w/12TB HDD, Titan X GPU SRV - June 25, 2018
- Optimizing Your Website with Some Holiday Cheer SEO - December 12, 2017
- Why Your Website Should Always Be A Good Host - October 30, 2017