Understanding FTP and Its Variants

FTP (File Transfer Protocol) is a standard network protocol used for transferring files between a client and server on a computer network. As a junior system administrator, it's crucial to understand the different variants of FTP and their implications for security and network configuration.

Plain FTP

Plain FTP is the original, unencrypted version of the protocol. It typically operates on port 21 for control connections and port 20 for data transfers. However, it's important to note that plain FTP is inherently insecure, as it transmits data and login credentials in clear text.

Implicit FTPS

Implicit FTPS is an early attempt to secure FTP connections using SSL/TLS. It uses port 990 for control connections and assumes that the connection should be encrypted from the start. While more secure than plain FTP, it's considered deprecated and may not be supported by all modern FTP clients.

Explicit FTPS (aka FTPES)

Explicit FTPS (also known as FTPES) is the current standard for secure FTP transfers. It uses the same port as plain FTP (21) but allows the client to request encryption during the authorization phase (using the AUTH command). This method is more flexible and widely supported by all modern FTP clients.

Active vs. Passive FTP

Understanding the difference between active and passive FTP is crucial for proper network configuration.

Active FTP (PORT)

In active mode, the client opens a port and waits for the server to connect back to it. This can cause issues with firewalls and NAT (Network Address Translation) devices.

Passive FTP (PASV)

Passive mode allows the client to initiate both connections to the server, which is generally more firewall-friendly.

Pro Tip: Always use passive FTP unless both client and server are on the same physical LAN. Active FTP often fails when routing is involved due to firewall and NAT complications.

Security Considerations

When setting up an FTP server, consider the following:

Use FTPES whenever possible for enhanced security.
Configure your firewall to allow passive FTP connections by forwarding all ports in your server's "passive port range".
Regularly update your FTP server software.

Remember, while FTP is a powerful tool for file transfer, some of its limitations may make it unsuitable for transmitting data securely and efficiently. Unless a protocol of the FTP family is your only options, SFTP - which is a subsystem of SSH-2, and not at all related to FTP(E/S) - is almost always your best option.

How to be notified of new releases

Setup on Windows (GUI)

Setup on Windows (CLI)

Setup on Linux

Updating/upgrading Syncplify Server!: the general rule

Upgrading from v4/v5 to v6

How to move/migrate your software to a different machine/VM

How to recover (decrypt) old v4/v5 encrypted VFSs

High-Availability (HA) general concepts

High-Availability (HA): how to setup

Licensing and license codes: a complete overview

How to fix "Invalid OTP" error during setup

Where is the manual?

Using network shares (UNC paths) with Syncplify Server! v6+ on Windows

Using network shares (UNC paths) with Syncplify Server! v6+ on Linux

How to backup your Syncplify.me Server! v4/v5

Insecure warning in your browser? It might be OK...

Virtual File System (VFS) Encryption

Overriding permissions on folders/directories

How to change a SuperAdmin password

How to reset the SuperAdmin (SA) password in v4/v5

How to disable 2FA for a SuperAdmin account

How to auto-fix problems with the Web/REST system service

True 2FA/MFA over SSH2/SFTP via keyboard-interactive authentication and Google Authenticator

How to use the SFTP Virtual File System (VFS)

How to use the S3 Virtual File System (VFS)

How to use the Azure blob storage Virtual File System (VFS)

How to use Google cloud platform's object storage Virtual File System (VFS)

How does the block-list (Protector!) work?

Block-list, allow-list, and safe-list

Authenticating users via PKI

Customizing SFTP and FTP(E/S) greetings and banners

How to override permissions on subfolders inside the user’s Home VFS

FATAL ERROR: Connection reset by peer (could not connect to server)

Virtual File Systems (VFS) with quotas

Solved: insecure FTP data connection (TLS session resumption)

Parametric home directories (VFS)

Cannot connect: "unexpected message type 30 (expected one of [34])" reason found in log file

How to backup your Syncplify Server!'s database

Unsupported public key authentication algorithm SshRsa (ssh-rsa)? Here's how to fix it.

How to import many users at once from a CSV file

How to email a list of uploaded files

VFS.ImportFile and VFS.ExportFile

Preventing upload of EXE files

No, we are not affected by Log4j vulnerability (CVE-2021-44228)

How Syncplify.me Server! prevents SSHPsycho attacks

W3C log file format and UTC timestamps

Firewalls and FTP external IP address for PASV

Where do I download the old v4/v5 installers?

Why PGP is an extremely bad choice for a file server's at-rest encryption, and how to do it right

Timeout logging into the SuperAdmin or Admin UI? This is how you may fix it.

Understanding FTP and Its Variants

SFTP and SCP: Secure File Transfer Protocols

Understanding FTP and Its Variants

Plain FTP

Implicit FTPS

Explicit FTPS (aka FTPES)

Active vs. Passive FTP

Active FTP (PORT)

Passive FTP (PASV)

Security Considerations