FTP server in the Cloud: Difference between revisions
No edit summary |
No edit summary |
||
(8 intermediate revisions by 3 users not shown) | |||
Line 2: | Line 2: | ||
<translate> | <translate> | ||
<!--T:1--> | <!--T:1--> | ||
<i>Parent page: [[Cloud]]</i> | |||
=Better alternatives to FTP= <!--T:2--> | =Better alternatives to FTP= <!--T:2--> | ||
If you have the freedom to choose an alternative to FTP, consider the following options | If you have the freedom to choose an alternative to FTP, consider the following options: | ||
<!--T:3--> | <!--T:3--> | ||
* If you are considering anonymous FTP... | * If you are considering anonymous FTP... | ||
** ...for read-only access : Use HTTP | ** ...for read-only access : Use HTTP (see [[Creating a web server on a cloud]]). | ||
** ...for read/write access: The security risks of accepting anonymous incoming file transfers are very great. Please [[Technical support|contact us]] and describe your use case so we can help you find a secure solution. | ** ...for read/write access: The security risks of accepting anonymous incoming file transfers are very great. Please [[Technical support|contact us]] and describe your use case so we can help you find a secure solution. | ||
* If you plan to authenticate FTP users (that is, require usernames and passwords)... | * If you plan to authenticate FTP users (that is, require usernames and passwords)... | ||
** ...a safer and easier alternative is [[SFTP]]. | ** ...a safer and easier alternative is [[SFTP]]. | ||
** Another alternative is [https://en.wikipedia.org/wiki/FTPS FTPS], which is an extension of FTP which uses [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] to encrypt data sent and received. | ** Another alternative is [https://en.wikipedia.org/wiki/FTPS FTPS], which is an extension of FTP which uses [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] to encrypt data sent and received. | ||
When authenticating users via passwords the transmitted data should be encrypted or else an eavesdropper could discover the password. We strongly recommend that you not allow password logins to your VM, as automated brute-force attempts to crack passwords can be expected on any machine connected to the internet. Instead, use ssh-key authentication (see [[SSH Keys]]). [[SFTP]] can be configured to use ssh-key authentication. | When authenticating users via passwords, the transmitted data should be encrypted or else an eavesdropper could discover the password. We strongly recommend that you not allow password logins to your VM, as automated brute-force attempts to crack passwords can be expected on any machine connected to the internet. Instead, use ssh-key authentication (see [[SSH Keys]]). [[SFTP]] can be configured to use ssh-key authentication. | ||
=Setting up FTP= <!--T:4--> | =Setting up FTP= <!--T:4--> | ||
If you do not have freedom to choose an alternative to FTP, see the guide | If you do not have freedom to choose an alternative to FTP, see the guide which best matches your operating system: | ||
*[https://help.ubuntu.com/lts/serverguide/ftp-server.html Ubuntu guide] | *[https://help.ubuntu.com/lts/serverguide/ftp-server.html Ubuntu guide] | ||
*[https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-centos-6--2 CentOS 6 guide] | *[https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-centos-6--2 CentOS 6 guide] | ||
The ports that FTP uses must be open on your VM; see [[Managing_your_cloud_resources_with_OpenStack#Security Groups | this page]] for information about opening ports. FTP uses port 21 to initiate file transfer requests, but the actual transfer can take place on a randomly chosen port above port 1025, though the details of this can vary depending | The ports that FTP uses must be open on your VM; see [[Managing_your_cloud_resources_with_OpenStack#Security Groups | this page]] for information about opening ports. FTP uses port 21 to initiate file transfer requests, but the actual transfer can take place on a randomly chosen port above port 1025, though the details of this can vary depending in which mode FTP operates. For example, port 20 can also be involved. This means that to allow FTP access on your VM, you must open port 21, possibly port 20, and probably ports 1025 and above. Every open port represents a security risk, which is why other protocols are preferred to FTP. See [http://www.techrepublic.com/article/how-ftp-port-requests-challenge-firewall-security/5031026/ this article] for more details on ports used by FTP. | ||
<!--T:5--> | <!--T:5--> | ||
[[Category: | [[Category:Cloud]] | ||
</translate> | </translate> |
Latest revision as of 21:22, 6 July 2023
Parent page: Cloud
Better alternatives to FTP[edit]
If you have the freedom to choose an alternative to FTP, consider the following options:
- If you are considering anonymous FTP...
- ...for read-only access : Use HTTP (see Creating a web server on a cloud).
- ...for read/write access: The security risks of accepting anonymous incoming file transfers are very great. Please contact us and describe your use case so we can help you find a secure solution.
- If you plan to authenticate FTP users (that is, require usernames and passwords)...
When authenticating users via passwords, the transmitted data should be encrypted or else an eavesdropper could discover the password. We strongly recommend that you not allow password logins to your VM, as automated brute-force attempts to crack passwords can be expected on any machine connected to the internet. Instead, use ssh-key authentication (see SSH Keys). SFTP can be configured to use ssh-key authentication.
Setting up FTP[edit]
If you do not have freedom to choose an alternative to FTP, see the guide which best matches your operating system:
The ports that FTP uses must be open on your VM; see this page for information about opening ports. FTP uses port 21 to initiate file transfer requests, but the actual transfer can take place on a randomly chosen port above port 1025, though the details of this can vary depending in which mode FTP operates. For example, port 20 can also be involved. This means that to allow FTP access on your VM, you must open port 21, possibly port 20, and probably ports 1025 and above. Every open port represents a security risk, which is why other protocols are preferred to FTP. See this article for more details on ports used by FTP.