Secure FTP server

Linode Staff

Question: am I safe to give out FTP access from an FTP server I run on the Linode to people who could be running exec commands at will? Could they ever access the filesystem root with a nefarious command? Is my FTP server secure?

1 Reply

Just to clarify, are you using FTP or SFTP when you attempt to make these connections? In general, FTP alone is something I can't recommend since it has a number of security flaws, the most severe being that it sends packets unencrypted in plaintext which can easily be read by passive tools like packet sniffers. I can strongly recommend using SFTP instead as a different option. You should always be able to make an SFTP connection by using syntax similar to the following:

     sftp username@yourIPaddress 

Additionally, to further secure your connection, you should be able to create sftp jails. For a little more information regarding how to do this, I'm including some of our documentation below which should help:

If your FTP server is more publicly facing, it would absolutely benefit from a number of proper security controls as well, such as strong file-level encryption, permissions, robust logging, firewalls, and whitelists or blacklists. Though I don't think that remote code execution will be a major threat if you follow good security practices, it's worth putting the time and effort into this security, and making sure that you have a number of strong controls in place for a defense-in-depth approach. For a little more information regarding how you might do this, I'm including some additional documentation
on a few of these topics below which I hope might help:


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct