TFTP-9000 ServerAs the Alta3 Research office network grows, I decided it was prudent to explore/develop how to bring up a TFTP (Trival File Transfer Protocol) server, primarily for use with our Avaya 46xx stations. In this post, I’ll explain how I moved the TFTP service from an Avaya G350, to an Ubuntu 12.04 LTS server.

Before I get started, some basic things about TFTP. TFTP is typically used for diskless boots (routers and phones), and across UDP port 69. TFTP offers no way to ‘list’ files available from the server. The protocol also lacks any security authentication, therefore, TFTP should never be implemented, except behind a secure LAN.

Legacy contends that TFTP server should always reference the directory /tftpboot, however the on the Linux file tree, it probably belongs referencing /srv/tftp, or /var/lib/tftpboot. Use the directory you’ll remember the best. If security is some concern, you could place this directory within its own partition of limited size.

The directory itself will need permissions / owner / group set on it… if you read most of the posts online, they recommend setting permissions to 777 on the directory, you may possibly be able to use stricter permissions, it depends on your TFTP server and the connecting TFTP client. The command to change permissions in Ubuntu is sudo chmod -R 777 /tftpboot It is also recommended that you set the ownership of this directory to ‘nobody’, the command to do this is sudo chown -R nobody /tftpboot again, it is possible that this is not a requirement, it will depend on the type of TFTP clients you are interacting with, and the type of TFTP server you bring online. For now, set the ownership to ‘nobody’, and tinker with it later.

Ubuntu makes several apt-gets for TFTP services, both for client and server. These are:

TFTP – (TFTP client) – sudo apt-get install tftp – This works well for a TFTP client. To use the service, type tftp. Once at the tftp> prompt, use the ? command to list the commands available to you.

TFTPD – (TFTP server) – sudo apt-get install tftpd – I could not make work after some experimenting on Ubuntu server 12.04 LTS. I’m not saying it doesn’t work, I’m just saying that I wrestled with it for a half-hour with it, and moved on when I saw a package with the word ‘advanced’ in front of another TFTP package (ATFTPD)… after all, ‘advanced’ is always better.

ATFTP – (Advanced TFTP client) – sudo apt-get install atftp Advanced TFTP adds options outlined in RFC1350 to the TFTP package (i.e. more commands and functionality). This client side works very well for TFTP file transfers. The syntax to use it is atftpd <options> <TFTP server IP <port>> Once connected, type help to list all of the basic commands. As far as I can tell, the ATFTP client references/writes files from/to the directory from which it was launched. For more information, check out the official Ubuntu Man page on atftp 

ATFTPD – (Advanced TFTP server) – sudo apt-get install atftpdI could not make Advanced TFTP server work after several hours of experimenting on Ubuntu Server 12.04 LTS, and Ubuntu Desktop 10.04 LTS. I’ve read several posts contending that the ATFTPD apt-get package has some build bugs… in the end, I’m not sure if I was suffering from them or not. The control file for ATFTPD is /etc/default/atftpd

TFTP-HPA – (TFTP client) – sudo apt-get install tftp-hpa Quick and easy to setup and use; unfortunately, I only used it enough to confirm it’s functionality. 

TFTPD-HPA – (TFTP server) – sudo apt-get install tftpd-hpa Very easy to setup, and worked like a dream on Ubuntu 12.04 LTS. This would be the package to recommend to other Ubuntu 12.04 LTS users. After issuing the apt-get, examine the control file /etc/default/tftpd-hpa Some changes you’ll want to consider to the /etc/default/tftpd-hda file include the following:

TFTP_USERNAME
The username used by TFTP server. Files written to the TFTP_DIRECTORY will be owned by this username.

TFTP_DIRECTORY:
This is the directory that the TFTP server will reference. The directory should be accessible by TFTP_USERNAME

TFTP_ADDRESS:
To listen on all interfaces, use 0.0.0.0:<port> (typically 69), or you may specify an IP address to listen on. At this time of this posting, you may not list a range or multiple IP addresses, or ports, to listen on.

TFTP_OPTIONS:
There are many options, but the ‘–create’ option allows TFTP clients to ‘write’ files to the TFTP server. Without this, TFTP clients can only overwrite preexisting files (i.e. files with the same name). It goes without saying that enabling this feature comes with some additional security risks. IMHO, turn this feature on while provisioning your new server, and then turn it off after having provisioned it.

I’d recommend provisioning your /etc/default/tftpd-hpa in the following way:

# RZFeeser's example /etc/default/tftpd-hpa
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure --create" ; allows client to create files

After making any changes to the /etc/default/tftpd-hpa issue the command sudo restart tftpd-hpa alternatively, you could also issue sudo start tftpd-hpa if the service is not already running. To determine if the tftpd-hpa server is running, issue the command sudo status tftpd-hpa (these commands will only work on versions of Ubuntu 10.04 and greater).

To test my new TFTP server, I first SSH’d into the root account of the Avaya G350 via PuTTY. Within the G350, the command dir will display all of the available phone scripts. The command copy phone-scriptA[B] tftp <filename> <IP of TFTP server> will upload the file from the G350 to the new TFTP server. After the transfer was complete, I checked the contents of the directory /tftpboot to confirm that the various scripts had uploaded correctly.