FTP and sFTP

Created: 16.05.2023

This is about … .

FTP

Port 20: for data exchange Port 21: establishing connection and command channel

Active mode

No firewall in between. The server initiates a connection for data transfer. That means more risk for the client.

Steps

Client 🐝 opens a port, say, 1069.

img

The client 🐝 then informs the server ðŸŒļ via the PORT 1069 command over the server’s 21st port.

img

The server connects to this port and sends the data from its 20th port.

img

Why is it more risky for the client? Because the client 🐝 is open for connections for some time. Most often, the firewall blocks most of the connections not initiated by the client. To allow this mode to work, one must allow the inbound connection, which might be risky. Also, the client 🐝 is sharing its IP address and port number. What if the server is not untrusted? What if these requests are logged somewhere?

Passive mode

This mode is usually used when the client 🐝 has a firewall that blocks incoming connections. It means less risk for the client and more risk for the server ðŸŒļ.

Steps

The client 🐝 sends a PASV to the 21st port of the server ðŸŒļ basically saying “I want to use the passive mode”.

img img

img

img

📘 BTFM

ABOR
LIST
DELE
MKD
PWD
QUIT
...

References

Expand… Something here