FTP server in the Cloud: Difference between revisions

Jump to navigation Jump to search

FTP server in the Cloud (view source)

Revision as of 18:26, 22 December 2016

56 bytes added ,  7 years ago
no edit summary
No edit summary
Line 5: Line 5:


=Better alternatives to FTP=
=Better alternatives to FTP=
If you have the freedom to choose an alternative to FTP consider the follow options if you need:
If you have the freedom to choose an alternative to FTP, consider the following options.


; Anonymous FTP :
* If you are considering anonymous FTP...
:; Read only access : Use HTTP, see [[Creating a Webserver on CC-Cloud]]
** ...for read-only access : Use HTTP. See [[Creating a Webserver on CC-Cloud]]
:; Read/write access: Providing anonymous write access to your server is a very bad idea. Anyone could upload a file, with the potential for it to be a malicious script or executable.
** ...for read/write access: The security risks of accepting anonymous incoming file transfers are very great. Please [[Technical support|contact us]] and describe your use case so we can help you find a secure solution.
; Authenticated FTP: If you are authenticating FTP users, a better and easier alternative is [[SFTP]].<br/>Another alternative is [https://en.wikipedia.org/wiki/FTPS FTPS], which is an extension of FTP which uses [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] to encrypt data sent and received. When authenticating users via passwords the transmitted data should be encrypted or else there is a possibility that an eavesdropper could discover the password. In addition it is generally a bad idea to allow password logins on your VM as there are often many automated brute-force password attempts made on any machine connected to the internet. Instead use ssh-key authentication (see [[SSH Keys]]). [[SFTP]] can be configured to use ssh-key authentication.
* If you plan to authenticate FTP users (that is, require usernames and passwords)...
** ...a safer and easier alternative is [[SFTP]].  
** Another alternative is [https://en.wikipedia.org/wiki/FTPS FTPS], which is an extension of FTP which uses [https://en.wikipedia.org/wiki/Transport_Layer_Security TLS] to encrypt data sent and received.  
When authenticating users via passwords the transmitted data should be encrypted or else an eavesdropper could discover the password. We strongly recommend that you not allow password logins to your VM, as automated brute-force attempts to crack passwords can be expected on any machine connected to the internet. Instead, use ssh-key authentication (see [[SSH Keys]]). [[SFTP]] can be configured to use ssh-key authentication.


=Setting up FTP=
=Setting up FTP=
If you do not have freedom to choose an alternative see one of the below guides which best matches your operating system
If you do not have freedom to choose an alternative to FTP, see the guide below which best matches your operating system
*[https://help.ubuntu.com/lts/serverguide/ftp-server.html Ubuntu guide]
*[https://help.ubuntu.com/lts/serverguide/ftp-server.html Ubuntu guide]
*[https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-centos-6--2 CentOS 6 guide]
*[https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-on-centos-6--2 CentOS 6 guide]
The ports that FTP uses must be open on your VM (see [[OpenStack#Security Groups]] for information about opening these ports into your VM). FTP uses port 21 to initiate file transfer requests, but the actual transfer can take place on a randomly chosen port above port 1025, though the details of this can vary depending on the mode with which FTP operates in, for example Port 20 can also be involved (see this [http://www.techrepublic.com/article/how-ftp-port-requests-challenge-firewall-security/5031026/ article] for more details on ports used by FTP). This means that to allow FTP access on your VM you must open port 21 and very likely also ports 1025 and above. This large range of open ports is part of the reason other protocols are preferred to FTP.
The ports that FTP uses must be open on your VM; see [[OpenStack#Security Groups]] for information about opening ports. FTP uses port 21 to initiate file transfer requests, but the actual transfer can take place on a randomly chosen port above port 1025, though the details of this can vary depending on the mode with which FTP operates in. For example, port 20 can also be involved. See [http://www.techrepublic.com/article/how-ftp-port-requests-challenge-firewall-security/5031026/ this article] for more details on ports used by FTP. This means that to allow FTP access on your VM you must open port 21, possibly port 20, and probably ports 1025 and above. Every open port represents a security risk, which is why other protocols are preferred to FTP.


[[Category:CC-Cloud]]
[[Category:CC-Cloud]]
</translate>
</translate>
Rdickson
Bureaucrats, cc_docs_admin, cc_staff
2,879

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/7048"

Navigation menu