Warning: Don’t Use FTP Over the Internet
Let’s make this clear right from the outset: The File Transfer Protocol (FTP) dates back to the early 1970s and was written without any regard to security. It does not use encryption for anything. Login credentials like your username and password, as well as the data you download or upload, are transferred in clear text. Anyone along the way can view your secrets. However, FTP still has its uses.
If you’re transferring files within your network, you should be safe–as long as no one on the network is packet-sniffing and eavesdropping on any sensitive documents as you transfer them. If your files aren’t confidential or sensitive in any way, moving them around your internal network with FTP should be fine. Linux has the standard ftp command line program to deal with precisely that scenario.
But definitely don’t use the ftp command to access external resources across the internet. For that, use the sftp command line program, which uses the secure SSH File Transfer Protocol. We’ll introduce both of these programs in this tutorial.
To clarify just why you never want to use FTP over the Internet, take a look at the below screenshot. It shows the FTP password in plaintext. Anyone on your network or between you and the FTP server on the Internet can easily see the password is “MySecretPassword.”
Without the encryption, a malicious actor could modify files you’re downloading or uploading in transit, too.
The ftp Command
Assuming you have a valid account on an FTP site, you can connect to it with the following command. Throughout this article, substitute the IP address in the commands with the IP address of the FTP server you’re connecting to.
Warning: You should only use the ftp command to connect to servers on a trusted local network. Use the sftp command, covered below, for transferring files over the internet.
The FTP server responds with a welcome message. The wording of the greeting will vary from server to server. It then asks for the username of the account you are logging into.
Notice that the IP address of the site you’re connecting to is displayed, followed by your Linux user name. If your account name on the FTP server is the same as your Linux user name, simply press the Enter key. This will use your Linux user name as the account name on the FTP server. If your Linux user name and the FTP account name are different, type in the FTP account user name and then press Enter.
Logging In to the FTP Server
You will be prompted to enter your password for the FTP site. Enter your password and press Enter. Your password is not displayed on the screen. If your FTP user account name and password combination are verified by the FTP server, you are then logged into the FTP server.
You will be presented with the ftp> prompt.
Looking Around and Retrieving Files
First, you’ll probably want to get a listing of the files on the FTP server. The ls command does just that. Our user sees the file gc.c is on the FTP server, and he wants to download it to his own computer. His computer is the “local computer” in FTP parlance.
The command to retrieve (or “get”) a file is get. Our user, therefore, issues the command get gc.c. They type get, a space, and then the name of the file they wish to retrieve.
The FTP server responds by transferring the file to the local computer and confirming the transfer took place. The size of the file and the time it took to transfer are also shown.
To retrieve multiple files at once, use the mget (multiple get) command. The mget command will ask you to confirm whether you want to download each file in turn. Respond by pressing “y” for yes and “n” for no.
This would be tedious for a great number of files. Because of this, collections of related files are usually stored on ftp sites as single tar.gz or tar.bz2 files.
RELATED: How to Extract Files From a .tar.bz2 or .tar.gz File on Linux
Uploading Files to the FTP Server
Depending on the permissions that have been granted to your FTP account you might be able to upload (or “put”) files to the server. To upload a file, use the put command. In our example, the user is uploading a file called Songs.tar.gz to the FTP server.
As you probably expect, there is a command to put multiple files to the FTP server at once. It is called mput (multiple put). Just like the mget command did, mput will ask for a “y” or “n” confirmation for the uploading of each file, one by one.
The same argument for putting sets of files into tar archives applies for putting files as it does for getting files. Our user is uploading multiple “.odt” files with the following command:
Creating and Changing Directories
If your user account on the ftp server permits it, you may be able to create directories. The command to do this is mkdir . To be clear, any directory you create with the mkdir command will be created on the ftp server and not on your local computer.
To change directories on the ftp server, use the cd command. When you use the cd command the ftp> prompt will not change to reflect your new current directory. The pwd (print working directory) command will show you your current directory.
Our ftp user creates a directory called music, changes into that new directory, confirms where they are by using the pwd command then uploads a file to that directory.
To quickly moved to the parent directory of the current directory use the cdup command.
Accessing the Local Computer
To change the directory on the local computer, you can use the lcd command at the ftp> prompt. It is, however, easy to lose track of where you are in the local filesystem. A more convenient method of accessing the local filesystem is to use the ! command.
The ! command opens a shell window to the local computer. You can do anything in this shell that you can in a standard terminal window. When you type exit you are returned to the ftp> prompt.
Our user has used the ! command and entered a shell window on the local computer. They have issued an ls command to see what files are present in that directory and then typed exit to return to the ftp> prompt.
Renaming Files
To rename files on the FTP server use the rename command. Here our FTP user renames a file with rename and then uses the ls command to list the files in the directory.
Deleting Files
To delete files on the FTP server use the delete command. To delete several files at once, use the mdelete command. You will be asked to provide a “y” or “n” confirmation for the deletion of each file.
Here our FTP user has listed the files to see their names and then chosen one to delete. They then decide to delete them all.
Using the sftp Command
Readers familiar with the IP addressing system will have noticed that the 192.168 address of the FTP server used in the above examples is an internal IP address, also called a private IP address. As we warned at the beginning of this article, the ftp command should only be used on internal networks.
If you want to connect to a remote or public FTP server use the sftp command. Our user is going to connect to an SFTP account called demo on the publicly accessible FTP server located at test.trebex.net.
When they connect, they are informed that the connection has been established. They are also informed that the authenticity of the host cannot be verified. This is normal for the first connection a new host. They press “y” to accept the connection.
Because the user account name (demo) was passed on the command line they are not prompted for the user account name. They are prompted only for the password. This is entered, verified and accepted, and they are presented with the sftp> prompt.
The FTP commands we have described above will work just the same in an SFTP session, with the following exceptions.
To delete a file use rm (FTP uses delete) To delete multiple files use rm (FTP uses mdelete) To move to the parent directory use cd . . (FTP uses cdup)
Our user has used a few commands in their SFTP session. They have use ls to list the files, and cd to change into the pub directory. They have used the pwd to print the working directory.
There are other options to transfer files in the Linux world, notably scp (secure copy), but we’ve focused on FTP and SFTP here. Used in the applicable scenarios these two commands will serve you and your file storage and retrieval needs well.