Lab 5: Filezilla Server Secure Setup CTEC1767 Data Communications & Networking I 2018 Spring Installation

Lab 5: FileZilla Server Secure Setup CTEC1767 Data Communications & Networking I 2018 Spring Installation

FileZilla software uses the GNU General Public License (GPL), which makes it free software -- both free as in "no charge for the software" and free as in "you can do what you want with the software -- including modifying the code". Installation (2)

We are just using the default installation settings, but you have the option of installing the source code -- required by the GPL. Installation (3)

Because FileZilla Server is 32-bit software, it installs in "Program Files (x86)" on a 64-bit version of Windows. Installation (4)

FileZilla Server consists of two programs -- one is the FTP server itself; the other is the server management interface, which also uses TCP/IP to connect (the default port is 14147). Installation (5)

The FTP server can run as a Windows service (the default), or started and stopped manually. Installation (Complete)

Click on Close to exit the installer. Normal Server Startup Server Startup -- Connection Dialog

The administration interface starts up (the FTP server is already running).

The default is localhost, which means "this PC", but you can also connect to other PCs running FileZilla Server, over the network.

Click on Connect. Adminstration Interface

Use the menu and/or toolbar to manage the server

Server messages and FTP communications appear here

Active Connections appear here General Settings

Timeouts to zero.

If this were a public FTP server, the timeouts can be used to prevent clients from "hogging" the server, and to mitigate some types of attacks. Add a User

When you Edit Users, the "General" page appears by default.

Click on Add, below the "Users" box.

In Lab 5, we are not using groups; groups would normally be created before any users. Creating the FTP directory and test file

I'm using the Command Prompt to create the FTP folder.

Next, I create a test file using Windows Notepad.

Finally, I view the contents of my test file with the type command. Selecting a Folder The folder is first creating using Windows Explorer or the Command Prompt (see previous slide.)

Under the "Shared folders" page, click on Add (covered up here... see the arrow... under the "Shared folders" box).

Add Here, I am using D:\FTP button as my folder. Folder Permissions These are permissions for FTP Clients, and are enforced by the FTP Server.

(Of course, Windows [NTFS] permissions may override these.)

The H means that this folder is the "home" folder (FileZilla allows you to map several folders to a user's FTP site.)

Command-Line FTP Client

IP address of my PC running FileZilla Server

Server greeting (220)

I type in my user name I type in my password -- characters are not echoed Server asks for password (331)

Server replies that both I enter the dir command my username and password Server replies with the directory are correct (230) listing, showing the test file

I enter the get command to download the test file Server sends the test file (the speeds here are I enter a local command (start -- which actually I enter the quit command inaccurate because the launched Notepad++ on my PC) data is so small) Server closes the connection (221) Server shows the FTP "Conversation"

The messages in black are server diagnostic messages; the messages in green are server responses using FTP; the messages in blue are client requests using FTP. Setting up Secure FTP (FTPS)

From the Edit menu, go to Settings, then to the FTP over TLS* settings page.

First, check Enable FTP over TLS Support (FTPS), then click on Generate new certificate...

*TLS = "Transport Layer Security" https://en.wikipedia.org/wiki/Transport_Layer_Security Setting up FTPS (2a)

Next, enter the certificate information -- this will be shown to any FTPS clients.

Click on Browse to choose the name and location of your certificate file (see next slide).

Finally, click on Generate certificate and, after a short time, your certificate key will be generated and saved. Setting up FTPS (2b)

First, choose a filename and location for the certificate file.

Make sure that it is not saved in any directory that is accessible by an FTP client. Setting Up FTPS (2c)

Click OK to return to the Settings page. Setting up FTPS (3)

The last thing to do is Disallow plain unencrypted FTP.

(We are not doing this in Lab 5, but you can also set a Key password that you share with trusted FTPS users.)

FTPS Configured

The server will still accept FTP connections on port 21, but now opens up port 990 for FTPS connections. Plain FTP Fail The server will still accept FTP connections on port 21, but this only exists as a courtesy for FTP clients. Connect here: enter FileZilla Client Host (hostname or IP The Site address), Username, Manager is Password, FileZilla FTP under the File and optional Port Client is menu. number -- then click available for Quickconnect. Windows, Mac, and Linux.

Your computer's The FTP site will be shown here It can use FTP, filesystems are shown after you connect and log in FTPS, or SFTP here. successfully. (FTP over SSH -- see Lab 6) FileZilla Client: Site Manager

If you frequently use a FTP site, store the settings here.

Click on New Site, or click on an existing site profile under "My Sites".

Click on OK to store settings, or Connect to both store settings and connect to the site.

FTPS Connection: First Time

Upon initiating an FTPS connection from your client, the server will present you with the certificate.

Check Always trust certificate in future sessions if you plan to use this site frequently.

Click OK to accept the certificate and connect.

FTPS Session: Client view

Diagnostic messages are shown here

I double-clicked on the test file to download it; the "FileZilla Server" upload is FileZilla FTP I double-clicked shown here, too. Client can on the transfer large "FileZilla Server" files in the file to upload it to background, my FTP site; so it works the test file was with the downloaded here, Windows too. System Tray FTPS Session: Server view

Plain FTP Fail (see previous slide)

FTPS Connection: Client makes connection request; Server sends welcome message; User authenticates; Server reports capabilities to client.

Active connections shown here (first is plain FTP client; second is FileZilla FTPS client) FTPS Session: Server view (2)

FTPS Connection (continued): Server reports capabilities to client; Server sends contents of FTP site root directory (/)

FTPS Connection #2 To download the test file FTPS Session: Server view (3)

FTPS Connection #2 (continued): Downloading test.txt in ASCII mode

FTPS Connection #2 (continued): Uploading FileZilla_Server- 0_9_60_2.exe in binary mode The End.