FTP is a standard protocol for transferring files between different systems.It operates at the application layer of the OSI model, similar to HTTP. However, it uses TCP for data transfer. When data is exchanged using FTP, two channels are used at the same moment: the first one (control channel) is used for command and response messages, while the second one (data channel) handles the actual data transfer.
When FTP was first introduced, it was designed as a protocol for transferring data between two computer systems. Today, it is used by both large organizations and individuals on the Internet, as its functionality is ideal for convenient sending of documents. In addition, FTP is a convenient solution for Web services, allowing you to easily upload and download documents from Web servers.
File Transfer Using the FTP Protocol Between Client and Server
During setup, the FTP connection is established automatically. Once connected, clients can interact with the server using FTP commands. Users can choose between two connection types: authorized access or anonymous login.
Upon establishing communication, two channels are automatically created: a command channel and a data channel.
The command channel is used for:
- sharing reports of completed tasks;
- the exchange of responses between the server and the client, and vice versa.
FTP communicates using the NVT ASCII character set, similar to TELNET and SMTP. For FTP, the default command communication port is 21, while the data channel operates through port 20.
Using specific FTP commands, clients can communicate requests to the server. Once a connection is successfully established, users proceed to the authentication process, requiring a username and password.
Some servers allow users to access certain data without authentication. This is facilitated by a default visitor account on the server. The system checks the provided credentials and either grants or denies access. The process of exchange of the required data between the user and the system is carried out, after which the connection is interrupted.
What FTP looks like in the OS GUI
When users want to communicate with a remote system, they can use a terminal, often referred to as the command line, or utilize specialized software. If your OS is Windows, the terminal will look like this:
In the case of using specialized software, all processes are greatly simplified, including work with documents, as such applications have their intuitive interface. This is how the main working menu looks like in one of the most popular tools of this type - FileZilla:
A Guide to FTP Commands for Windows and Linux Command Lines
Let's take a look at several commands that will allow you to easily manage our service using the command line without any additional software:
!- This command allows you to quickly move between the OS and FTP. When you move to the OS, just type 'escape' or press the escape key to move back to the FTP command line;
?- Responsible for monitoring, more specifically displaying help screens;
append- Adds the contents of a local file to a remote file;
cd- Changes the current directory on the remote machine;
delete- Deletes the document;
disconnect- Disconnects the user from the system;
get- Downloads a file from the remote server to the local machine;
mdelete- Eliminates documents in large quantities;
mdir- Allows you to find out what's inside multiple remote directories;
mget- Downloads multiple files from the remote server;
mkdir- Generates a folder;
mls- Allows you to find out what is contained in multiple remote directories;
mput- Enter multiple documents into the system at the same time;
open- Connects to the specified FTP server;
put- Allows you to send 1 document;
pwd- Displays the current directory on the remote machine;;
quit- Terminates interaction with FTP;
recv- Equivalent to the 'get' command, it downloads a file from the remote server.
Best Services to Use for the FTP Protocol
- FileZilla is a completely free and open source software that provides users the functionality to transfer files between the system and a remote recipient. FileZilla comes in client and server formats. The software is suitable for use on Windows, macOS and Linux.
- WinSCP is a free SFTP, WebDAV, S3, SCP and FTP client program that is open source for Windows. It functions only on the mentioned operating system.
- Cyberduck is a client with free cloud functionality and support for Windows and Mac OS X-based systems. The program uses a graphical interface that allows for collaborative control of systems and management of multiple documents in different locations. It is also used for archiving and correction tasks.
- Transmit is a MacOS-only client that allows you to interact with FTP, SFTP, and other standards. The special feature of this program is its intuitive interface and excellent performance indicators.
- CrossFTP is a software for Windows, macOS or Linux systems that allows you to interact with many standards, such as WebDav, SFTP, Amazon S3 and others.
- Nautilus is a resource organizer for Linux-based systems that functions on top of the Gnome desktop shell. One of the features of this software is its integration with the Gnome desktop environment. Suitable for interaction with FTP(S), SMB, NFS, SSH and other standards.
- AndFTP is a typical Android client. It has a relatively difficult interface for beginners, but its functionality is similar to desktop versions, which makes it an excellent solution.
- X-plore File Manager - Presents a client for Android, which is considered to be the main analog of AndFTP.
- FTP-manager - It is a client for iOS, the functionality of which allows you to copy, eliminate and interact with documents. The main advantages of the mentioned client include the features include multi-window support for iPad, the capability to preview various document types, and a specialized editor for modifying program code.
What is the purpose of the secure FTP protocol
When FTP was first created, the developers decided not to spend time on providing a proper level of protection. Therefore, it is considered an insecure standard that is vulnerable to cyber-attacks. The whole point is that in the authentication process, the login and password are transmitted in plain text, and there is no encryption mechanism. Simply put, all information exchanged using this standard may end up in the hands of attackers.
Despite the protection problem, there are several common solutions that allow you to strengthen the security of FTP, such as using FTPS or SFTP.
FTPS is a technique that allows optional encryption for connections. The method was introduced as an option in RFC 2228.
Windows servers started using the mentioned option since the release of IIS 7.0. IIS. This tool library was meant for Windows-based devices only, and its main function is to install a web server.
The toolkit used IIS version 7 to provide the FTPS method as a special add-on that must be pre-installed. In later versions of the toolkit, starting with 7.5, this method is already available by default. Therefore, you can protect your connection in a few steps, and free of charge.
How FTPS works
This standard operates on the client-server principle, which consists of the application of a special control channel and an information channel. They are used in the process of exchanging commands and documents during a client session.
The session is authenticated using a login, password, and a public key certificate. Similar software, such as OpenSSL, allows you to request and easily create this certificate. At the moment when users start to connect to the server, the certificate is initially checked for security, and only then the connection is made. If the service has a certificate that is issued by a trusted certificate authority, then you can be sure of the reliability and security of the service. Thanks to this system, most attacks become simply unprofitable and do not affect the server and the end user.
There are unofficial certificates issued by unverified centers. When logging on to such a service, the client will be shown a warning about the unreliability of the available certificate. A choice is then given to stay on the server.
The authentication process works based on certificates - X.509. They have in them a public encryption key and data about the owner. The public key serves two functions: encrypting the data and authenticating it. The public key works directly with the private key. It is a separate part and is responsible for decoding the data.
Also used to secure the connection is SFTP, or Secure FTP over SSH, which operates at the application layer of the OSI model. It is a component of SSH and is not directly related to the FTP process. SSH technology is used to encode information, and the connection is made on port 22. This distinguishes this protocol from FTPS, which typically uses different ports such as 21 for control commands. Authentication is performed either by login and password or by SSH key.
How to create an FTP server on Linux
To set up an FTP server in Linux, follow this procedure:
Perform an update of the operating system. To do this, type the following command:
sudo apt update.
Install vsftpd. To perform this procedure, type the following:
sudo apt intall vsftpd.
Check the correct functioning of the server. To do this, perform the following operation:
sudo systemctl status vsftpd. If the installation procedure is successful, the status active will be displayed in the control panel window.
Let's add the service to the autoloader. Use the following command:
sudo systemctl enable vsftpd.
And what about macOS?
The picture is somewhat different on macOS machines. In macOS Sierra, the FTP access service has been removed from the OS.
You can integrate it into the system yourself, but this is not the best option. Since, from one point of view, there is a possibility of malware infiltrating the computer. In addition, every time you update the system, you will regularly receive requirements to reinstall it. Given the above, it is advisable to prefer third-party applications.
The difference between working with FTP and HTTP
As previously mentioned in this article, the two protocols under discussion operate on the foundation of TCP, which is the most widely used transport standard. Nonetheless, there are numerous distinctions between the operations of these protocols, which we will now outline. Below are the primary differences.
- It is a set of rules that dictate how web pages are transmitted to other machines over the Internet;
- It is assumed to install only 1 network connection for receiving and transmitting information;
- It uses port 80 with the Transmission Control Protocol;
- The URL must consist of HTTP characters;
- Authentication is not required;
- Ideal when transferring small file sizes.
- It is a set of rules that manage the transmission and reception of files over the Internet;
- It uses separate channels for data and control commands;
- It operates over the TCP protocol and uses ports 20 (for data) and 21 (for control);
- In this case, the URL starts with the word FTP;
- Authorization is required, but allows communication in anonymous mode;
- Efficiency when transferring large file sets
Is the FTP Protocol Still Relevant Today?
To conclude the story about the FTP standard, we should add the purposes for which it is used nowadays. Although FTP is a convenient method for exchanging data, its aging nature and security vulnerabilities have affected its relevance. Currently, it lags behind more secure variants, such as SFTP.
This is confirmed by the cases when the protocol is abandoned. As it was with macOS, so it was with the Chrome browser, whose creators eliminated its support in the 95th edition of Chrome. However, FTP is still in demand for local use, as well as for retrieving various old Internet archives.