What is FTP
FTP stands for File Transfer Protocol and it is used as one of the most common means of copying files between server and client over a TCP based network like Internet. FTP is the most used protocol over internet to transfer files.
Any Linux system can operate as an FTP server. It has to run only the server software—an FTP daemon with the appropriate configuration. Transfers are made between user accounts on client and server systems.
FTP Ports
FTP uses TCP ports for communication between client and server. It uses two ports Control and Data
FTP Control Channel, TCP Port 21: This port is used for commands that we send and then get back the response from ftp server. It is called control channel and uses port 21.
FTP Data Channel, TCP Port 20: This port is used for the data transfers between the client and server.
Types of FTP
FTP connection types
Basic FTP: Plain and unencrypted FTP that works over port 21. Most web browsers support basic FTP.
FTPS: Implicit SSL/TLS encrypted FTP that works just like HTTPS. Security is enabled with SSL as soon as the connection starts. The default FTPS port is 990.
FTPES: Explicit FTP over SSL/TLS. This starts out as plain FTP over port 21, but through special FTP commands is upgraded to TLS/SSL encryption. This upgrade usually occurs before the user credentials are sent over the connection. FTPES is a somewhat newer form of encrypted FTP (although still over a decade old), and is considered the preferred way to establish encrypted connections because it can be more firewall friendly.
Active and Passive FTP
Active FTP
The client connects from a random unprivileged port (greater than 1024) to the FTP server's control port 21. It sends the PORT command, specifying what client-side port the server should connect to. This port will be used later on for the data channel and is different from the port used in this step for the command channel.
The server connects from port 20 to the client port designated for the data channel. Once connection is established, file transfers are then made through these client and server ports
The problem in active FTP is that it may fail in cases where the client is protected from the Internet via many to one NAT (masquerading) or firewall. This is because the firewall will not know which of the many servers behind it should receive the return connection.
Passive FTP
The client connects to the FTP server by establishing an FTP control connection from a random port (greater than 1024) to port 21 of the server. The client also initiates the data transfer connections to the server. client will issue the PASV command. The result of this is that the server then opens a random unprivileged port (P > 1024) and sends P back to the client in response to the PASV command. The client then initiates the connection from another random port to port P on the server to transfer data.
Passive FTP should be viewed as the server never making an active attempt to connect to the client for FTP data transfers. Because client always initiates the required connections, passive FTP works better for clients protected by a firewall.
Regular vs Anonymous FTP
Regular FTP
Regular FTP allows Linux users to copy files to and from their home directories with an FTP client using their Linux usernames and passwords as their login credentials. For system security you can configure the type of access of a user or group, or enable and restrict a user using config file.
Anonymous FTP
Anonymous FTP allows a user to login using anonymous username. Once logged in to FTP server, you have access to only the default anonymous FTP directory. It is mostly used in Web sites that need to exchange files with numerous unknown remote users for downloading or uploading.
No comments:
Post a Comment