Secure FTP server

Linode Staff

Question: am I safe to give out FTP access from an FTP server I run on the Linode to people who could be running exec commands at will? Could they ever access the filesystem root with a nefarious command? Is my FTP server secure?

1 Reply

Just to clarify, are you using FTP or SFTP when you attempt to make these connections? In general, FTP alone is something I can't recommend since it has a number of security flaws, the most severe being that it sends packets unencrypted in plaintext which can easily be read by passive tools like packet sniffers. I can strongly recommend using SFTP instead as a different option. You should always be able to make an SFTP connection by using syntax similar to the following:

     sftp username@yourIPaddress 

Additionally, to further secure your connection, you should be able to create sftp jails. For a little more information regarding how to do this, I'm including some of our documentation below which should help:

https://www.linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/

If your FTP server is more publicly facing, it would absolutely benefit from a number of proper security controls as well, such as strong file-level encryption, permissions, robust logging, firewalls, and whitelists or blacklists. Though I don't think that remote code execution will be a major threat if you follow good security practices, it's worth putting the time and effort into this security, and making sure that you have a number of strong controls in place for a defense-in-depth approach. For a little more information regarding how you might do this, I'm including some additional documentation
on a few of these topics below which I hope might help:

https://www.linode.com/docs/security/securing-your-server/
https://www.linode.com/docs/tools-reference/linux-users-and-groups/
https://www.linode.com/docs/security/using-fail2ban-for-security/
https://www.linode.com/docs/uptime/logs/use-logrotate-to-manage-log-files/

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct