Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
214
hpr_transcripts/hpr0181.txt
Normal file
214
hpr_transcripts/hpr0181.txt
Normal file
@@ -0,0 +1,214 @@
|
||||
Episode: 181
|
||||
Title: HPR0181: Setting up vsFTPD
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0181/hpr0181.mp3
|
||||
Transcribed: 2025-10-07 13:01:57
|
||||
|
||||
---
|
||||
|
||||
Music
|
||||
Hi, welcome to Hacker Public Radio. My name is Quattu and I'm going to be talking about
|
||||
FTP, setting up an FTP server. I'm no expert at setting up an FTP server. The experience
|
||||
I've had has been just playing around with it. So don't take my advice or my example is
|
||||
necessarily the most secure setup that you could ever have. I'm no expert on security opening
|
||||
up your computer to the world-wide web could be a very, very bad thing if you don't configure
|
||||
it correctly, as I'm sure you're probably aware. Setting up an FTP server is really no different
|
||||
in many ways than setting up an HTTP server, just a normal web server. It's giving people access
|
||||
to your computer, so you want to make sure that you've got that roped off and locked down and
|
||||
stuff like that. However, FTP is a pretty handy device to have on your computer at times
|
||||
when you're sending very large files to someone. Obviously, there are lots of different ways to
|
||||
do it. There are services like Media Fire or places that will send big files across
|
||||
the network. It'll store it for a temporary time and then you can go download it, things like that.
|
||||
But sometimes it's nothing beats just having the file on a server that's in your control
|
||||
that is being seen by your eyes mostly only and just directing people to that server so they
|
||||
can grab the file and then you can get rid of the file. It's just kind of a handy way sometimes
|
||||
to do it. FTP, as I understand it, dates back to about 1971. This is a very old protocol
|
||||
and it was used back then to sort of protocol to transfer files. At that time, in the beginning,
|
||||
you had to know exactly where the file was in order to go find it. Later on, go for similar tools
|
||||
like that sprung up and kind of helped in when you were searching for files that you might want.
|
||||
They would direct you to the location, the FTP server that they were stored and then you could
|
||||
go grab them. In FTP, there are two types of users. There are the real users, which the system
|
||||
administrator knows and has set up with a user name and a password. Then there are the anonymous
|
||||
users, which ideally would be a user that can log in anonymously and get access to that file,
|
||||
but hopefully, usually you don't want them to be able to upload. Uploading an anonymous
|
||||
letting anonymous people upload obviously would not be a very good idea. One of the biggest
|
||||
FTP server applications out there is called VS FTPD. That is the sense for very secure FTP
|
||||
Damon. It is fairly simple to install and to configure. It is also considered pretty secure.
|
||||
It has become one of the more popular default FTP servers that you will find easily installable
|
||||
in a number of Linux distributions. You may be able to find this in a repo, depending on
|
||||
what distro you are with. If you hunt around for VS FTP or VS FTPD, you should be able to find it
|
||||
probably in a repo and you can download it and install it. You don't only need to do that
|
||||
obviously if you had installed just a normal desktop Linux. If you have installed
|
||||
the server distro of whatever, you know, the server version of whatever distro you are running,
|
||||
then probably you have already got either VS FTP or WUFTP or some application that will provide
|
||||
FTP service. But either way, as long as you have got something, I am going to be doing VS FTP
|
||||
because that is the only one that I have ever used. If it is not in your distro's repo or if you
|
||||
are going to have a repo with your distro, then you can just go directly to their website and that
|
||||
is HTTP colon slash slash VS FTPD.beasts.org. You can download the source code there, compile it,
|
||||
and install it. Now you are going to want to start it up after it is all installed and that would
|
||||
be service space VS FTPD space start. Or you can also, well that is how I did it on my fedora box.
|
||||
So once it is started, then you should be able to log in just from your own computer into the
|
||||
FTP folder, even though you don't have to go out onto the network. Yeah, just do this locally.
|
||||
So you can totally just FTP to your local host. It should give you some kind of welcome message.
|
||||
And then you can type in your username and your password. And that would just be your normal
|
||||
username, your username that you have logged into your computer as and your password that you log in
|
||||
with. And then it should log in successfully. And so now you are connected to your FTP server via
|
||||
the local host. Not that big of a deal, not very helpful, obviously, but at least establishes that
|
||||
the FTP daemon is running. It is aware of itself. It knows that it is allowed to have users,
|
||||
things like that. Now to test it out a little bit further, you can go out onto another computer on
|
||||
that local area network and try the same thing. So you are just going to FTP into whatever IP address
|
||||
the server is. And then it should again ask you for your username and your password. So you are
|
||||
going to use the username and the password of that computer, of that server. Not the one you are
|
||||
sitting on, the one that you just installed VSFTPD on. Type in your username and your password.
|
||||
And ideally it will let you in and you should be in your FTP directory. If that does not work,
|
||||
you should probably check your firewall setting. Certainly on a Fedora box, the firewall is set by
|
||||
default to have ports 20 and 21 closed. So you are going to want to open those up. Now you've got
|
||||
the FTP server open to the rest of your network. And you should be able to log in after that.
|
||||
Okay. So once you have established that it is working as expected, one of the things you will
|
||||
want to do is either enable or disable anonymous login. So if you look in the flash at C,
|
||||
slash VSFTPD slash VSFTPD.conf file, you will find a line pretty early in called anonymous
|
||||
underscore enable equals yes. And local underscore enable equals yes. The anonymous enable line is
|
||||
obviously the one that lets just anyone log in into the server as FTP. And if it is on by default,
|
||||
it is enabled by default. Now if you just comment out that line, it is still on. You need to
|
||||
specifically tell it to turn that off. So you are going to change anonymous underscore enable equals yes
|
||||
to anonymous underscore enable equals no. That will make sure that anonymous login is not permitted.
|
||||
It doesn't take a security expert to know that that is probably a pretty good idea if you are
|
||||
just fooling around with FTP like I am. No reason to have just anyone who happens across your
|
||||
server log in. Even if you think oh well they don't have right access, it will be fine,
|
||||
they can look, they can't touch. If you don't know what you are doing, that would probably be a great
|
||||
line to include to just make sure that it is a little bit more restricted. Now any user with
|
||||
a local account on your machine on the server are going to be able to log in to the FTP as long
|
||||
as you have got local underscore enable set to yes. The exception to that general rule is that all
|
||||
the user accounts listed in slash fc slash vsftpd slash user underscore list,
|
||||
okay they are denied access. So that is kind of handy like if you don't want certain people to be
|
||||
able to log in, then you can include their name in the user list and they will be denied access
|
||||
to the server. So that is kind of handy. You have a fair amount of control over the users
|
||||
in vsfTP. Some other programs kind of let you get really specific with some of the permissions
|
||||
and things like that. VsfTP uses standard units file permissions. So if you want someone to,
|
||||
for instance, not have right access and you are obviously going to make something not
|
||||
writable or if you don't want them to see a file you are not going to make it not readable,
|
||||
things like that. And the standard area for the files is going to be in slash vsftp.
|
||||
That is the directory where everyone will log in to if they are an anonymous user and the
|
||||
anonymous user is going to be under the category of other. So if the file permissions for
|
||||
our slash ftp are like 600, then obviously just the root user is going to be able to read
|
||||
right there. You open it up to read for other users and anonymous log in is going to be able to
|
||||
get in there. Now you can also change, and this is where the control comes in over the users,
|
||||
that what the root directory is within their ftp environment. So the root directory which
|
||||
would technically be a charute environment is slash vr slash ftp. That means that in terms of
|
||||
anonymous person logging in, the computer's root is the computer's slash is really technically your
|
||||
slash vr slash ftp, which is nice because that means that they can't really get outside of that.
|
||||
That is far down in the file system that they can go. Now if someone with a user name and a
|
||||
password, you might want to charute their environment via ftp. Simply because if someone gets their
|
||||
username and their password, then they would have access to your entire computer. So you might want
|
||||
to instead within the vsftpd.conf file, do the line charute underscore local underscore user equals
|
||||
yes. And that's going to charute the local user environment and restrict them only to their home
|
||||
folder, which seems like a really good idea to me. So try that out. That will make sure that they're
|
||||
not wandering around your entire computer's file system via ftp. And you should always keep in
|
||||
mind that ftp is plain text. It's not an ssh process. So everything is sent in the clear. So you
|
||||
really want to make sure that that you're protecting yourself and your users from, you know,
|
||||
themselves and people who might be sniffing traffic, things like that. There are ways to
|
||||
affect the way things are downloaded, whether it's ASCII or binary. Again, that's just a line in
|
||||
the comp file. Just ASCII download enable equals yes or no. There are ways to enable local users to
|
||||
upload, you know, write files. And that is simply write underscore enable equals yes.
|
||||
And local underscore you mask equals 022. And that's going to allow the local users to write to
|
||||
the server. And the UMask is simply setting the file permissions so that it's 644 permissions,
|
||||
which would allow what users to read and write. Everyone else would be read only. So you've got,
|
||||
you know, a lot of a fair amount of control over that kind of stuff. You can do the same thing with
|
||||
anonymous users. But I'm not even going to talk about that because I can only imagine that that
|
||||
seems like a phenomenally bad idea. Especially if you're just playing around with this, like I am,
|
||||
probably not a good idea to allow anonymous users to be writing onto your disk.
|
||||
Now what there is are message files. And I guess some programs really let you go crazy with
|
||||
this kind of stuff that you can just do all kinds of cool sort of almost interactive messages
|
||||
and things like that. The SFTP, just as long as you've got the the Derr message underscore enable
|
||||
option as set as yes. So that is Derr message underscore enable equals yes.
|
||||
Then you will be able to have a dot message file in the root directory of FTP server. So that
|
||||
would be your slash bar slash FTP and then dot message. But you can also have it in other folders
|
||||
within within that within that directory. And the message file can be really anything, you know,
|
||||
I mean, it can just be information on that directory or it could be helpful information
|
||||
about how to install a program or, you know, just whatever. You can also do an FTPD underscore banner.
|
||||
And then you can have, you know, just equals and then whatever banner you want so that when they
|
||||
first initially log in, it could be something that indicates any information that you want or
|
||||
by the same token misinformation, which isn't a bad security stuff in itself.
|
||||
Advertising, you know, what distro you're running and things like that might be great for
|
||||
distro pride, but, you know, the less information or the more misinformation you give people
|
||||
logging into your system, probably, you know, the better.
|
||||
So obviously with with this kind of thing, you're really going to make sure that you're
|
||||
looking at your logs and keeping tabs on your system. Not a good idea to to ignore this if you
|
||||
if you literally have FTP, even if you've just turned it on for a little while, you know,
|
||||
just long enough for your friend to download whatever file you want to send them.
|
||||
You're going to want to make sure that you're keeping keeping a watch on your log files.
|
||||
The logging is enabled by default, as you can imagine, and the log files themselves are in
|
||||
FlashVar, FlashLog, FlashExferLog, as in TransferLog, X-F-E-R-L-O-G.
|
||||
And to look at that, you know, you can just you can more, you know,
|
||||
FlashVar, FlashLog, FlashExferLog, or you can look at it in real time, tail,
|
||||
space, dash, capital F, space, FlashVar, FlashLog, FlashExferLog.
|
||||
And that will show you all the all the activity going on in real time.
|
||||
Another good way of protecting your users from both themselves and sort of you from your users
|
||||
is to set up a timeout times. And this is one of the big reasons that I kind of find having
|
||||
your own FTP server kind of nice because sometimes if I'm doing something on an FTP server where
|
||||
I have a lot of files, a lot of the services out there that you, you know, you find out for like
|
||||
go daddy or someone that's hosting your server and or with that owns the server and you simply
|
||||
have just really basic FTP access to. A lot of times their timeout is just really, really brief.
|
||||
And, you know, by the time you figure out what you want to do, they've already logged you out
|
||||
and you have to log back in. Having said that, it's actually, you know, it's a good security measure.
|
||||
So you might want to think about setting up a timeout so that if someone walks away,
|
||||
forget that they've got an FTP connection open, it's going to close, you know, after a while.
|
||||
So you can set the timeout that it's going to allow while they're connecting or while they're
|
||||
to accept all their login information that, you know, you could do like 60 seconds or something.
|
||||
A connection timeout so that if they're trying to connect and it's not going timeout after 60 seconds.
|
||||
An idle session timeout, that's idle underscore session underscore timeout. You can give them like
|
||||
10 minutes maybe, 600 seconds. You could do data underscore connection underscore timeout
|
||||
so that if there's no progress occurring in the transfer, it'll log out. I like if there's an error
|
||||
in transferring the file or something. So that's all kind of a good security, security, security
|
||||
precaution. And speaking of security, you can find out lots more about FTP and FTP,
|
||||
the anonymous ways of abusing FTP if you go to cert, C-E-R-T. If you go to their FTP
|
||||
information, their documentation on FTP, it's very enlightening. It will give you a good idea
|
||||
of some of the risks out there. Some of the things that you might want to worry about,
|
||||
keep in mind that FTP is in plain text. Everything's just completely, you know, if you're sniffing someone
|
||||
on the network and they're FTPing, you're seeing everything that they're typing in. So
|
||||
you want to make sure that you're not doing that yourself and just keep it in mind if you're
|
||||
sending this kind of information on how to get to your system to people and they're logging in
|
||||
than, you know, quite possibly their username and their password have been seen by someone.
|
||||
So, you know, if I'm out and about usually the way to FTP somewhere is to SSH home and then FTP
|
||||
from the SSH. So, keep that in mind. It's not a secure system. There are variations of it,
|
||||
like FTP, things like that, but it just kind of depends on what the servers configured to do.
|
||||
This is this that I've gone over, normal FTP. So, it's all plain text.
|
||||
And if you are behind a firewall, if your server is behind a firewall and you're trying to
|
||||
FTP, you know, from some remote location, remember that you're probably going to have to configure
|
||||
your router or your modem to forward the ports and the ports are 20 and 21 for FTP. It's probably
|
||||
some way to change that from the default to be more secure. I don't know, haven't done it yet
|
||||
myself. I'm just using 20 and 21 and I'm not leaving it out very often. So, it's one of those
|
||||
things where I'm using it for a brief time and then taking it down, just kind of getting my
|
||||
feet wet. It's kind of interesting, though. You can also keep in mind that if you are logging in from
|
||||
a remote place and you need a DNS address to go to to be able to get to the computer where the
|
||||
FTP server is set up, just keep in mind either no IP or dy in DNS. Those are both services that
|
||||
will provide you a dynamic DNS name and you can hear more about those services in my episode.
|
||||
On SSH, which is a couple of episodes back now. I'm not sure the number off at the top of my head.
|
||||
A couple of quick tips on how to access the FTP server once you have it set up. At least for
|
||||
friends, I find it's all very helpful to be able to tell them that the FTP itself, the site itself
|
||||
can be accessed via Firefox. So, if you're sending a friend who maybe isn't as familiar with
|
||||
the whole online file transfer deal, then they might want to just look into using Firefox.
|
||||
Now, they can access Firefox. I mean, they can access FTP straight from Firefox's URL,
|
||||
just FTP, colon slash slash whatever, and they can get into the FTP server. It'll give them a pop-up
|
||||
dialogue box and they can type in their username and their password and they can see all the files
|
||||
and download what they need to and that'll be a very familiar way for them to do it.
|
||||
Now, if it's a little bit more complex and you want them to be able to upload,
|
||||
then there is a great little add-on to Firefox. At least it was available for Firefox too.
|
||||
It seems to be under development right now for Firefox 3, but it's definitely worth keeping an
|
||||
eye on. And that is at addons.mozilla.org slash EN-US slash Firefox slash add-on slash 5460.
|
||||
And I don't remember exactly what it's called, but it's like FTP upload or something very
|
||||
sort of practical and pragmatic like that. And all it does is add to your file menu an upload
|
||||
file menu item and as long as you're signed into an FTP site that you have rightable access to,
|
||||
you can go there and upload it. For something a little bit more robust,
|
||||
something a little bit more like, for instance, Filezilla. Well, there is Filezilla. But there's also
|
||||
this is currently out for Firefox 3 Fire FTP. And that once you fire that up, it looks basically,
|
||||
I mean, it's practically just like Filezilla. It's got the traditional
|
||||
local side and the remote side and you just transfer your files back and forth as needed.
|
||||
That tends to be a little bit overwhelming for the new user. So either Kotlin to just go
|
||||
straight to it in Firefox or get them familiar with something that's a little bit more robust.
|
||||
But I find Firefox itself is really good just for the new users to be able to grab the file
|
||||
and download it. And that's about it. That's how you set up an FTP server. It's kind of
|
||||
surprisingly easy when you get down to it. It's just sort of installing the application and then
|
||||
configuring the environment. So give it a try. But be safe, be practical about it, be secure,
|
||||
and have fun. Thanks for listening to Hack or Public Radio.
|
||||
Thank you for listening to Hack or Public Radio.
|
||||
HPR is sponsored by Carol.net. So head on over to CARO.NAC for all of us in the
|
||||
Reference in New Issue
Block a user