FTP/FTPS protocol support
2.15.0+ Buru SFTP Server also supports the FTP protocol in addition to the SFTP protocol.
Authentication methods
Users are authenticated using password only, even when two-factor authentication is required. Password authentication must be enabled or required for the user.
User’s path mappings are shared for both SFTP and FTP protocols.
Enabling FTP and FTPS
In order to enable FTPS protocol, you need to assign at least one X.509 certificate to the FTP binding. For testing purposes, you can use a self-signed certificate (see below).
Using the web administration tool
-
Add a X.509 certificate
Navigate to “Server configuration” - “FTP settings” - “FTP certificate groups”.
If you already have an existing X.509 certificate, click “Add existing certificate” button and specify the certificate location.
If you don’t have a certificate yet, you can generate a self-signed certificate using the built-in certificate generator. Click the “Add new self-signed certificate” button, enter the certificate subject (e.g.
CN=my-domain.com) and click on Create. The certificate file will be saved toftp/certificatessubdirectory in the server’s configuration directory. -
Add typical bindings
On the same page, in the FTP endpoint configuration section, click on the “Add default endpoints” button and save the settings.
-
Enable the FTP/FTPS protocols for users
On the same page, either enable FTP/FTPS for all users using the FTP enabled for users by default selector, or navigate to
Users - <user> - FTP / SFTP path mappings and enable the FTP protocol for the specific user.
-
Restart the service so the changes take effect
Using the command line
-
(Optional) Generate a self-signed certificate using
burusftp certgenmkdir C:/ProgramData/Rebex/BuruSftp/ftp/certificates burusftp certgen -s "CN=my-domain.com" C:/ProgramData/Rebex/BuruSftp/ftp/certificates/my-domain-certificate -
Add the certificate to a certificate group in the
config.yamlconfiguration file# ... ftp: # ... certificateGroups: # default certificate group - certificates: - 'C:/ProgramData/Rebex/BuruSftp/ftp/certificates/my-domain-certificate.pfx' -
Add FTP bindings. Example configuration:
# ... ftp: # ... bindings: # explicit FTP or FTP over TLS, any IPv4 endpoint, port 21 - port: 21 ipAddress: 0.0.0.0 mode: explicit # using default certificate group # explicit FTP or FTP over TLS, any IPv6 endpoint, port 21 - port: 21 ipAddress: "::" mode: explicit # implicit FTP over TLS, any IPv4 endpoint, port 990 - port: 990 ipAddress: 0.0.0.0 mode: implicit # implicit FTP over TLS, any IPv6 endpoint, port 990 - port: 990 ipAddress: "::" mode: implicit # ... -
Enable the FTP/FTPS protocols for users
Enable the FTP/FTPS protocol for selected user using
burusftp user updatecommand:burusftp user update <user> --ftp enabledAlternatively, enable the protocols for all users using a configuration setting:
# ... ftp: # ... enabledForUsersByDefault: true -
Restart the Buru SFTP Server service
Supported FTP/FTPS modes
| Implicit | Explicit (any) | Explicit (TLS) | Explicit (plain) | |
|---|---|---|---|---|
| Typical port number | 990 | 21 | ||
| Encrypted | Yes | Depends on client | Yes | No |
| Requires TLS certificate | Yes | No | ||
| Configuration mode | implicit |
explicit |
explicitTls |
explicitPlain |
explicit and explicitPlain modes in untrusted networks, as the data may be transmitted unencrypted.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.