, , ,

Stylized Linux terminal prompt

The File Transfer Protocol is older than most of our readers, but it’s still going strong. FTP doesn’t have the security of a modern protocol, but you may need to use it anyway. Here’s how to do it.

Warning: Don’t Use FTP Over the Internet

Let’s make this clear right from the outset: The File Transfer Protocol (FTP) dates back to the early 1970s and was written without any regard to security. It does not use encryption for anything. Login credentials like your username and password, as well as the data you download or upload, are transferred in clear text. Anyone along the way can view your secrets. However, FTP still has its uses.

If you’re transferring files within your network, you should be safe–as long as no one on the network is packet-sniffing and eavesdropping on any sensitive documents as you transfer them. If your files aren’t confidential or sensitive in any way, moving them around your internal network with FTP should be fine. Linux has the standard ftp command line program to deal with precisely that scenario.

But definitely don’t use the ftp command to access external resources across the internet. For that, use the sftp command line program, which uses the secure SSH File Transfer Protocol. We’ll introduce both of these programs in this tutorial.

To clarify just why you never want to use FTP over the Internet, take a look at the below screenshot. It shows the FTP password in plaintext. Anyone on your network or between you and the FTP server on the Internet can easily see the password is “MySecretPassword.”

Without the encryption, a malicious actor could modify files you’re downloading or uploading in transit, too.

Network packet trace with clear text password

The ftp Command

Assuming you have a valid account on an FTP site, you can connect to it with the following command. Throughout this article, substitute the IP address in the commands with the IP address of the FTP server you’re connecting to.


Read the remaining 46 paragraphs