Linux for Network Engineers: How to Set Up a TFTP Client/Server

By July 10, 2019Linux

TheTrivial File Transfer Protocol (TFTP) was standardized in 1981, according to the RFC 1350. The goal of the designers was to build an FTP that is small in size and memory footprint, yet easy to implement. For that reason it has found extensive usage in many applications, such as the network booting protocols PXE and BOOTP.

TFTP Limitations

Its simplicity comes with some serious tradeoffs. TFTP is not able to list, delete, or rename files like more advanced FTP services can do. More importantly it’s INSECURE! All data is transferred unencrypted over UDP, so don’t use it to transfer any sensitive information or receive date from unverifiable sources.

By1981 network standards, this wasn’t so much of a concern; that’s why today, TFTP is mostly used in LANs where you have control over all of the parameters that could compromise security. Think about it as the ‘telnet’ of remote access protocols.

TFTP Installation

There are a few implementations of TFPT. You can search Debian repositories for TFTP packages by using the following command:

This may give a long list, but you can easily identify the ones that are actual TFTP packages.

You can install the TFTP server with:

If you are on Windows or MAC OS, you can find online TFTP clients or servers for your machine.

TFTP Server Configuration

Once you install the TFTP server, it will start running as a daemon and ready to receive and send files. By default the TFTP uses port 69. tftpd-hpa uses the directory “/srv/tftp” for uploading and downloading. To change that, you must edit the following configuration file:

The “- -secure” option adds security to TFTP by limiting all transactions in the TFTP_DIRECTORY. In addition, files can be uploaded in “/srv/tftp” only if they already exist in that directory and are publicly writable. If you want to allow TFTP clients to upload new files in “/srv/tftp” then you need to add the “- -create” option like this: TFTP_OPTIONS=”- -secure – -create”. After you edit “/etc/default/tftpd-hpa”, restart the tftp server with “service tftpd-hpa restart”.

TFTP Download/Upload File

I created the following text file in “/srv/tftp”:

On the client side I start a tftp interactive session and I download it as follows:

On the client side, I can upload a file with the following commands:

If you get the following error when uploading:

It can mean one of the following:

  1. The file “hello_client.txt” doesn’t exist on the servers “/srv/tftp” directory
  2. The “- -create” option is not enabled on the server (see above)
  3. The file “hello_client.txt” exists on the server but it’s not publicly writable

TFTP is a handy and lightweight server which is useful to upload and download files, but it comes with some important limitations that you have to keep in mind. You may have used TFTP if you’ve ever remotely booted a machine with PXE or BOOTP.