Boxes on shelves.

Please Do Not Use FTP

BrianSnelgrove - February 10, 2020
Posted Under: Random Thoughts
Back in the day, FTP was THE way to publish web content. Now I prefer SSHFS and it looks like I am working on my local computer!

 

Unless otherwise noted, all directions are for Debian based systems. Most steps will work for other distributions but some commands may need modifications.
What is FTP anyway?

File Transfer Protocol used to be the defacto method for posting images and files to web servers. A few hosts had control panel tools that would allow you to upload files in addition to using FTP. SFTP, or Secure FTP, is the preferred method now since all data is encrypted as it is being transferred to/from remote computers. Secure Copy Protocol, or SCP, is also used quite often and most clients have the same basic look and feel of classic FTP software. If you are on the same local network you could use Network File System (NFS) but it has a bunch of security issues itself - even Red Hat points them out:

NFS controls who can mount an exported file system based on the host making the mount request, not the user that actually uses the file system. Hosts must be given explicit rights to mount the exported file system. Access control is not possible for users, other than through file and directory permissions. In other words, once a file system is exported via NFS, any user on any remote host connected to the NFS server can access the shared data....
Additionally, if an attacker gains control of the DNS server used by the system exporting the NFS file system, the system associated with a particular hostname or fully qualified domain name can be pointed to an unauthorized machine. At this point, the unauthorized machine is the system permitted to mount the NFS share, since no username or password information is exchanged to provide additional security for the NFS mount.

It sounds like I don't like those options, what would I suggest you ask?

It isn't that I don't like those options, I use one or more of them on an almost daily basis. When I am forced to connect to a remote Linux computer from a Windows computer I use Samba. In my experience it can be a bit finicky to initially set up - I don't set it up very often and I do Google searches for the same issues every time - but once you get it set up on the remote machine that part is rock solid. My problem is with the Windows implementation. You can map network drives, use different user credentials, and tell the system to remember the credentials. Sometimes that works, sometimes it doesn't. 

My suggestion is SSHFS!

It is easy to install on both the Linux client and server. In fact the remote Linux server probably already has everything installed - if you can SSH into it you can use SSHFS. There is a SSHFS client for Windows but I have not tried it so I can't speak to how well it does, or does not, work. Back to Linux, you can install the client and connect to the remote computer in a few simple steps. These are the simplest options but they are oftentimes enough to get you going.

sudo apt udpate && sudo apt install sshfs -y
mkdir ~/remoteMount
sshfs user@remote.server:/ ~/remoteMount

If you want to connect to your home folder on the remote server, or any other directory you have access to for that matter, you can specify it in the connect command.

sshfs user@remote.server:/specify/your/folder ~/remoteMount

Open up your local file manager and navigation to your home directory then open the remoteMount folder. All the files on the remote server are at your point and click fingertips just as if they were on your local computer. One of the great things about this method is it allows you to connect to a remote server by its public IP address. If you can SSH into the server you can quickly and easily access the filesystem from your local file manager. The command may get a little more complex if you have SSH keys to contend with, but still nothing too bad.

sshfs user@remote.server:/ ~/remoteMount -o IdentifyFile=psk_file_name.psk

You can even add "-p portNumber" to the end of the command if your server is configured to listen for SSH commands on a different port. When you are done working you can easily disconnect the mount with a simple command.

fusermount -u ~/remoteMount

Do I think SSHFS is worthwhile?

ABSOLUTELY it is! It is my preferred method of file transfers now. I can still SFTP onesies and twosies here and there but when I am developing and making constant changes to the source code SSHFS is my go-to!

Resources:

Most of this is based on opinion and prior experience so there is not much to list here. Red Hat for the quote and DigitalOcean to help me verify that SSHFS should all be in capital letters. Oh yea, Pixalbay and Pexels for the header image. 



Discussion - all postings are moderated