The aim of this guide
is to describe the process required to setup a TFTP server on a Linux
PC. The main reason I
require a TFTP server is for backing up configuration files and IOS's
from Cisco devices.
Trivial File Transfer Protocol (TFTP) is a simple protocol to transfer files. It has been implemented on top of the User Datagram Protocol
(UDP) using port number 69. TFTP is designed to be small and easy to
implement, therefore, lacks most of the features of a regular FTP. TFTP
only reads and writes files (or mail) from/to a remote server. It cannot
list directories, and currently has no provisions for user
authentication.
There are plenty of free TFTP server daemons available for download for Windows machines, but at home I run Linux, and wanted to setup a dedicated machine just for copying Cisco IOS's and configs onto.
TFTP is far from secure, so I do NOT recommend leaving this port open on a machine which has access to the Internet.
Also it should be noted
that this guide is intentionally command line as that is where the
magic happens!
I normally sudo su
which will log you in with root privileges and prevent you from
continually entering your password.
This is not best practice, but its my guide and I'm lazy. If you prefer, insert a “sudo” in front of every command and skip the sudo su command.
This will install the serversudo suapt-get update && apt-get install tftp-hpa tftpd-hpa
The default location
for for TFTP files is /var/lib/tftpboot. You can set a different
location later if you'd like, but you must chmod and chown
the directory you choose.
sudo mkdir /var/lib/tftpbootsudo chown nobody.nogroup /var/lib/tftpbootsudo chmod 777 /var/lib/tftpboot
Edit the TFTP server configuration file to put the service in daemon mode and set a custom directory you may have chosen above.
You can do this using command line text editors like Vi or Emacs but I just use Gedit
You can do this using command line text editors like Vi or Emacs but I just use Gedit
gedit /etc/default/tftpd-hpa
This is where you can
customise you TFTP server.
I chose to create my
servers root directory in my home directory.
In my case that is
/home/anon/
I called my root directory TFTProot.
I called my root directory TFTProot.
So my tftpd-hpa file looks like this;
# /etc/default/tftpd-hpa
RUN_DAEMON="yes"
OPTIONS="-l -s /home/anon/TFTProot"
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/home/anon/TFTProot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure
RUN_DAEMON="yes"
OPTIONS="-l -s /home/anon/TFTProot"
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/home/anon/TFTProot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure
Save the file and then be sure to create the directory required;
mkdir /home/anon/TFTProotchown anon.anon /home/anon/TFTProotchmod 777 /home/anon/TFTProot
As your logged in as
root, the directory will also belong to root so chown the directory
to your login account and group.
I also made the
directory world rightable.. (probably not best practice, but it
worked for me and avoided the dreaded “TFTP error 1”)
Once my directory
structure was in place I restarted the daemon;
/etc/init.d/tftpd-hpa restart
You should now have a
working TFTP server up and running.
Don't take my word for
it, check...
netstat
-a |grep tftpudp
0 0 *:tftp
*:*
Or another way to check would be to scan your PC. You can scan the loopback IP address using nmap like this;
nmap
-sU 127.0.0.1
Starting
Nmap 5.21 ( http://nmap.org ) at 2012-01-31 21:17 GMT
Nmap
scan report for localhost.localdomain (127.0.0.1)
Host
is up (0.13s latency).
Not
shown: 994 closed ports
PORT
STATE SERVICE
68/udp
open|filtered dhcpc
69/udp
open|filtered tftp
135/udp
open|filtered msrpc
A few notes about usage.
Before you can send a file to the tftp server, it needs to exist in the tftp directory.
I'm not sure why, or if I'm doing something wrong, but I found the secret to a successful transfer is to create a empty file first.
I'm not sure why, or if I'm doing something wrong, but I found the secret to a successful transfer is to create a empty file first.
touch filenamechmod 777 /home/anon/TFTProot/filenamels -al-rwxrwxrwx 1 root root 0 2012-01-31 21:37 filename
Incidentally, if anyone
reading this knows of a better way, I would be intrigued to know how?
It is at this point we
are ready to send the file from our Cisco device;
router#copy run tftp Address or name of remote host[]?192.168.2.2 Destination filename [router-config]? filename !! 3974 bytes copied in 1.492 secs (2664 bytes/sec) router#
At this point your running-config should be in the directory you've created.
No comments:
Post a Comment