Chapter 15. FTP
15.1. The File Transport Protocol
sftpfrom the OpenSSH suite of tools. For information about configuring OpenSSH, refer to the chapter titled OpenSSH in System Administrators Guide. For more information about the SSH protocol, refer to Chapter 20, SSH Protocol.
15.1.1. Multiple Ports, Multiple Modes
- active mode
- Active mode is the original method used by the FTP protocol for transferring data to the client application. When an active mode data transfer is initiated by the FTP client, the server opens a connection from port 20 on the server to the IP address and a random, unprivileged port (greater than 1024) specified by the client. This arrangement means that the client machine must be allowed to accept connections over any port above 1024. With the growth of insecure networks, such as the Internet, the use of firewalls to protect client machines is now prevalent. Because these client-side firewalls often deny incoming connections from active mode FTP servers, passive mode was devised.
- passive mode
- Passive mode, like active mode, is initiated by the FTP client application. When requesting data from the server, the FTP client indicates it wants to access the data in passive mode and the server provides the IP address and a random, unprivileged port (greater than 1024) on the server. The client then connects to that port on the server to download the requested information.While passive mode resolves issues for client-side firewall interference with data connections, it can complicate administration of the server-side firewall. Limiting the range of unprivileged ports offered for passive connections in the FTP server's configuration file is one way to reduce the number of open ports on a server and simplify the task of creating firewall rules for the server. Refer to Section 15.5.8, “Network Options” for more about limiting passive ports.