Introduction
In Unix-type systems, the FTP (File Transfer Protocol) protocol has for decades been the easiest way to move files between computers. Although safer alternatives such as SFTP or rsync are available today, FTP remains present on many servers, embedded devices and automation scripts due to its low resource consumption and wide support. This article reviews the ftp client available in Linux, explains its operation, displays the most useful commands and provides tips for using it safely and efficiently.
What is FTP and how does it work?
FTP works using two TCP channels: a control channel that carries commands and responses, and a data channel that carries the content of the files. When the client connects to the server's port 21, it is first authenticated with a username and password (or anonymously) and can then send orders such as LIST, RETR or STOR. The data channel can be opened in active mode, where the server starts the customer connection, or in passive mode, where the client opens the server connection, which is more friendly with firewalls and NAT. Although information travels in flat text, the simplicity of the protocol has kept it in place in environments where confidentiality is not a critical requirement.
Installing the ftp client in Linux
Most distributions include the package called ftp. In Debian and its derivatives is installed with:
sudo apt update && sudo apt install ftp
In Red Hat, CentOS and Fedora:
sudo dnf install ftp
In openSUSE:
sudo zypper install ftp
In Arch Linux and derivatives:
sudo pacman -S ftp
After installation, just writeftpin the terminal to enter the interactive mode or directly indicate the host:ftp usuario@ejemplo.com. If you want to avoid automatic login attempt, you can add the -n option and provide user and password within the session by commanduser.
Basic use of the ftp command
Once connected, the prompt changes toftp>. The most common commands include:
lsordir: shows the content of the remote directory.cd: change directory on the server.lcd: change directory in the local machine.get nombre: download a file from the remote to the local.mget patrón: download several files that match a pattern (e.g.,mget *.log).put nombre: upload a local file to the remote.mput patrón: upload several files using comodines.delete nombre: removes a file on the server.rename origen destino: renombra or move a file inside the server.byeorquit: close the session and return to the shell.
To prevent the client from asking for each file when using mget or mput, you can specify the -i option before you log in or use the commandpromptinside ftp to disable interaction. The command alsobinarysets the binary transfer mode, essential when moving executable files, images or compressed files, whileasciiis used for text files and can make end-of-line conversions according to the system.
Advanced options and tricks
The ftp client accepts several command line options that modify their behavior:
-d: activates the debugging mode, showing all the exchange of control packages and data, useful for debugging connection problems.-g: disable the expansion of wildcats in the local argument, preventing the shell from interpreting characters as * before ftp sees them.-i: disables interaction during multiple transfers, equivalent to executionpromptin session.-n: inhibits automatic login attempt, forcing the user to provide credentials by commanduser.-v: Vertical mode, displays server responses during the session.
To transfer a full directory tree, ftp does not have an integrated recursive command. A common strategy is to create a script that gets the remote list withls, process withawkorwhile readand then rungetorputfor each entry. Another approach is to use tools such aslftporwgetwith your mirror options, which do support recursivity and can retry failed transfers.
In environments where automation is required, you can create a .netrc file that stores login and password safely (with 600 permissions) and then invoke ftp without the need to write the password on the command line. Also, environment variables such as FTP _ PASSIVE can be used to force passive mode without having to typepassiveevery time.
Security and modern alternatives
The main limit of FTP is that both credentials and data travel without encryption, making them susceptible to sniffing in unreliable networks. The following techniques can be applied to mitigate this risk without leaving FTP:
- Tuning the connection through SSH: a local tunnel is opened (
ssh -L 2121:servidorftp.com:21 usuario@hostssh) and then the ftp client is connected tolocalhost:2121. - Wrap FTP in TLS using stunnel or stud, obtaining FTPS (FTP over SSL / TLS), which figures the control channel and, optionally, the data channel.
- Restrict access to FTP service to reliable IP addresses using firewalls or TCP wrappers.
However, the recommended practice today is to migrate to protocols designed for safety from the source:
- SFTP (SSH File Transfer Protocol), which operates on the same SSH encrypted channel and does not require additional ports.
- SCP, also based on SSH, is suitable for copying individual files.
- Rsync on SSH, which also allows incremental transfers and compression on demand.
On embedded devices, routers or legacy systems where SSH overhead is prohibitive, FTP remains a viable option as long as the network is physically protected or a VPN is used.
Conclusion
The ftp command in Linux is a classic, light and widely available tool for file transfer. Knowing your basic commands, non-interaction and debugging options, and how to automate your use by scripts or .netrc files allows you to take advantage of it in scenarios where simplicity and compatibility are paramount. When the confidentiality and integrity of the information are critical, it is enough to add a layer of encryption using tunneling or FTPS, or to move to alternatives such as SFTP or rsync on SSH. In this way, FTP knowledge remains a valuable piece of the repertoire of any administrator or developer working in Unix / Linux environments.
