Skip to content

FTP Service

This document describes the FTP service implementation used in the laboratory.

The FTP service is provided by vsftpd and is enabled conditionally at container startup.

Service Activation

The FTP service is enabled only if the following environment variable is set:

env:
    FTP_SERVER: 1

If the variable is not set (or set to any other value), the SSH service is not started.

Additionally, the containerlab element requires the following attribute:

runtime: docker

If this attribute is not provided, there is a risk that the FTP service may break not only the container using it, but also other containers.

It is therefore strongly recommended to include it.

Reusability

This allows the same server image to be reused with or without FTP enabled.

User Creation

FTP users are created automatically at startup based on a configuration file.

Source file

Users are defined in:

/labs/config/server/ftp/vsftpd.chroot_list

Example content: 

user5_1
user5_2
user6_1
user6_2
userAdmin

Rules: - Empty lines are ignored - Lines starting with # are ignored - Each valid line represents one FTP user

Default Credentials

All FTP users share the same default password.

Parameter Value
Password pswd

Security concerns

These credentials are intentionally weak. They exist solely for lab and testing purposes.

Home Directories and Isolation

For each FTP user: - A dedicated home directory is created: 

/ftp/<username>
- The user is chrooted to this directory - Users cannot access other users’ files - Shell access is disabled (/sbin/nologin)

Permissions: - User has full control over their own directory - No access outside their chroot

Info

This setup mirrors a simple multi-user internal FTP service.

FTP Behaviour

Once configured, the FTP service is started using the system service manager:

service vsftpd start

FTP traffic: - Uses TCP port 21 - Traverses firewall and routing policies

Observation

FTP traffic on TCP port 21 is unencrypted. This allows students to capture and analyze valid FTP commands and credentials in transit.

How to use

The Alpine client images include lftp, which is used to interact with the FTP service.

Connecting: 

lftp user5_1@internal.enterprise.local # The IP address can also be used

When prompted, enter the default password:

pswd

Once connected, the user is placed directly in their home directory.

The available hostnames are defined in the DNS configuration: - DNS Names Assignment

Info

From the provided topology, the FTP service is available only on the internal_server using the server_vntd image. By default, all servers have a DNS-resolvable hostname.

Uploading Files:

Create a file locally:

echo "hello ftp" > test.txt

Upload it to the server:

put test.txt

Downloading Files:

List files on the server:

ls

Download a file:

get test.txt

Creating Directories:

mkdir docs

Deleting Files or Directories:

Delete a file:

rm test.txt

Delete a directory:

rmdir docs

Modifying Files:

Files can be overwritten by re-uploading them:

put test.txt

Exiting the Session:

exit