HostedDB - Dedicated UNIX Servers
-->
Internet Security Professional Reference:Understanding TCP/IP
Previous Table of Contents Next


The client host that ftp is to communicate with is normally provided on the command line. If so, ftp will immediately try to connect with the ftp server on that system. If a connection is established, then the user must log in to access the system. Logging in can be achieved either by having a valid account on the system, or through accessing a server that allows anonymous ftp access. Accessing an ftp server through anonymous mode is illustrated in the following: 

$ ftp ftp.widgets.ca
Connected to chelsea.widgets.ca.
220 chelsea.widgets.ca FTP server (SunOS 4.1) ready.
Name (ftp.widgets.ca:chare): anonymous
331 Guest login ok, send ident as password.
Password:
230 Guest login ok, access restrictions apply.
ftp> quit
221 Goodbye.
$

Note:  When configuring a server for anonymous ftp access, be sure to create the file /etc/ftpusers. This file contains a list of usernames, one per line, who are not allowed to access the ftp server. On any ftp server that supports anonymous ftp, access to the server as the root user should not be permitted.

By not restricting access through certain accounts, anyone, once one machine is compromised, can gain access to the anonymous ftp server and complete the transaction shown in the following example: 

$ ftp ftp.widgets.ca
Connected to chelsea.widgets.ca.
220 chelsea.widgets.ca FTP server (SunOS 4.1) ready.
Name (ftp.widgets.ca:chare): root
331 Password required for root.
Password:
230 User root logged in.
ftp> cd /etc
250 CWD command successful.
ftp> lcd /tmp
Local directory now /tmp
ftp> get passwd passwd.ccca
local: passwd.ccca remote: passwd
200 PORT command successful.
150 ASCII data connection for passwd (198.73.138.2,1138) (736 bytes).
226 ASCII Transfer complete.
753 bytes received in 0.01 seconds (74 Kbytes/s)
ftp> quit
221 Goodbye.
$

The user who made this connection now has your password file. This type of connection can be prevented by creating the /etc/ftpusers file, as shown in the following: 

# cd /etc
# s -l ftpusers
-rw-r--r--  1 root           10 Oct 10 20:53 ftpusers
# cat ftpusers
root
uucp
#

Now when a user tries to access the system by using the root account, he does not get the chance to enter a root password because ftp informs him that root access through ftp is not allowed, as shown in the following: 

$ ftp ftp.widgets.ca
Connected to chelsea.widgets.ca.
220 chelsea.widgets.ca FTP server (SunOS 4.1) ready.
Name (ftp.widgets.ca:chare): root
530 User root access denied.
Login failed.
ftp> quit
221 Goodbye.
$

Another problem with ftp is the.netrc file that enables users to automate a file transfer. The reason this file is a problem is because users can insert login and password information in the file. The ftp client aborts the use of the file if it finds that it is readable by anyone other than the owner, but even that is not enough because the file can still leave security holes wide open.

The .netrc file resides in the user’s home directory and can contain information for accessing more than one system. Consider the sample .netrc file shown here:

$ cat .netrc
machine yosemite.widgets.ca login chare password yippee
default login anonymous password chare@widgets.ca

The file format of the .netrc file is to include the information for each machine on a single line. The first entry of this file, for example, shows the connection to a machine called yosemite.widgets.ca. When this machine name is provided as an argument to ftp, the .netrc file is checked, and the login information here is used to access the system. The second entry is used as the default. If the system is not found explicitly, then use the anonymous entry to allow for anonymous access to the ftp site.

As mentioned, the ftp command does perform a security check on the .netrc file. If the file is readable by anyone other than the owner, the connection is not established. This is illustrated in the following:

$ ftp yosemite.widgets.ca
Connected to yosemite.widgets.ca.
220 yosemite.widgets.ca FTP server (Version 5.60 #1) ready.
Error - .netrc file not correct mode.
Remove password or correct mode.
Remote system type is Unix.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.
$ ls -l .netrc
-rw-r--r--   1 chare    group        103 Oct 10 21:16 .netrc
$

In the preceding example, the connection to yosemite is not made because the permissions on the .netrc file are incorrect. After the permissions are changed, the connection can be established without incident, as shown in the following: 

$ ls -l .netrc
-rw-r--r--   1 chare    group        103 Oct 10 21:16 .netrc
$ chmod 600 .netrc
$ ls -l .netrc
-rw------   1 chare    group        103 Oct 10 21:16 .netrc
149$ ftp gateway.widgets.ca
Connected to gateway.widgets.ca.
220 gateway.widgets.ca FTP server (Version 5.60 #1) ready.
331 Password required for chare.
230 User chare logged in.
Remote system type is Unix.
Using binary mode to transfer files.
ftp>

Tip:  It’s a good idea to teach users who want to use the .netrc file about security. By improperly setting the permissions on the file, users can prevent themselves from accessing the remote machine using the auto-login features, but can still allow someone else access by giving that person their login name and password.


Previous Table of Contents Next