Pages

Monday, September 23, 2013

Installing TFTP server in Linux

I recently needed a file server to keep boot images and configuration files to be transferred on switches and routers.

I decided to use TFTP because of its simplicity and low memory requirements

Below the installation steps  used on a  computer loaded with Linux Mint 14.

In the man documentation for tftpd we see the below paragraph :

     The use of tftp(1) does not require an account or password on the remote system.  Due to the lack of authentication information, tftpd will allow only publicly readable files to be accessed.  Files may be written  only if they already exist and are publicly writable.  Note that this extends the concept of “public” to include all users on all hosts that can be reached through the network

This explains the behavior of the TFTP server, that is : It will upload a file if it only exists and are publicly writable. Some people are trying to load a file without these prerequisites and get an error.They think that this is an issue with the application or a bug in the TFTP version. But it is all written in the documentation.

If you need a TFTP server to transfer files to, then use atftp (see my post Installing TFTP server atftpd in Linux)

Install the following packages
 sudo apt-get install xinetd tftpd tftp  

Create /etc/xinetd.d/tftp and add the following  entry

 service tftp  
 {  
   protocol = udp  
   port = 69  
   socket_type = dgram  
   wait = yes  
   user = nobody  
   server = /usr/sbin/in.tftpd  
   server_args = /tftpboot -s  
   disable = no  
 }  

Create a directory /tftpboot in root (as per server_args above) in above and change mode and owner

 sudo mkdir /tftpboot  
 sudo chmod -R 777 /tftpboot  
 sudo chown -R nobody /tftpboot  



Start the TFTP service
sudo service xinetd stop

sudo service xinetd start


DOWNLOADING from  the TFTP server
Create a new file under /tftpboot
 touch /tftpboot/abcd.cfg  

Go to another folder and connect to the TFTP server and GET the files

 tftp 192.168.0.99  
 tftp> get abcd.cfg  

It should appear in the current folder

  ls -al abcd.cfg  
 -rw-r--r-- 1 stelios stelios  0 Sep 23 20:07 abcd.cfg  



UPLOADING to the TFTP server

 tftp localhost  
 tftp> put ftp-logs.cfg  
 Error code 2: Access violation  

Create an empty file under the /tftpboot, change permissions
 touch ftp-logs.cfg
 chmod oa+w ftp-logs.cfg  
ls -al /tftpboot/ftp-logs.cfg   
 -rw-rw-rw- 1 stelios stelios 229 Sep 23 21:43 /tftpboot/ftp-logs.cfg  

Finally , the file was uploaded to the TFTP server

 tftp> put ftp-logs.cfg  
 Sent 235 bytes in 0.0 seconds  


10 comments:

Unknown said...

You save my life!
I spent 1 hour looking for the error I didn't have a file in the /tftpboot folder so I get the error code 2 all the time

Anonymous said...

Thanks for the tutorial; it helped me, as well.

Just to mention that, after changing the mode and owner, the server should be started / restarted as required:

sudo /etc/init.d/xinetd start

or

sudo /etc/init.d/xinetd restart

And:

sudo /etc/init.d/xinetd status

will tell if the server is up and running.

Cheers!

Homelab said...

Thanks Valentin.

Sabby said...

correction
XXXX tftp 192.168.0.99 XXXXX
tftp 10.100.100.100

Sabby said...

Hello


Thanks for article, I have tap interface confgured and both ASA and Linux Machine can ping eachother,

I have followed you steps and it is showing running, but i dont know what i did wrong it giving me following error:

%Error reading tftp://10.100.100.100/asdm-649.bin (Access violation)

I tried to change file permissions but still same. (restarted tftp after changing the permission on directory.)

here is my full code pls recitfy me

sudo apt-get install xinetd tftpd tftp

Create text file on Desktop name tftp and save the following code in it.
service tftp
{
protocol = udp
port = 69
socket_type = dgram
wait = yes
user = nobody
server = /usr/sbin/in.tftpd
server_args = /tftpboot -s
disable = no
}

then copy it into /etc/xinetd.d/
sudo cp tftp /etc/xinetd.d/

Create a directory /tftpboot in root (as per server_args above) in above and change mode and owner

sudo mkdir /tftpboot
sudo chmod -R 777 /tftpboot
sudo chown -R nobody /tftpboot

sudo service xinetd stop

sudo service xinetd start


tftp 10.100.100.100
tftp> get asdm-649.bin

-> copy the asdm file and fix file permissions in tftpboot folder
cd /tftpboot/
sudo touch asdm-649.bin
sudo chmod oa+w asdm-649.bin
ls -al /tftpboot/asdm-649.bin

Homelab said...

Hi Sabby

If you are trying to upload a firmware to TFTP server then this server does not work. I explain at the beginning of the article why is that and suggest to use another server for that.

I guess that when testing the TFTP server from another client computer it works and you can download the image from TFTP. But it does not work downloading the firmware to ASA only, and get the errors message for Access violation on ASA CLI , correct ?

What command did you enter from ASA CLI?
What about downloading the image from any other router if any ?
If so, and not working with ASA only then it is something from ASA, or network.
ASA and TFTP server are connected physically on same location with one cable? Any other equipment in between blocking anything?
Also check :
https://learningnetwork.cisco.com/thread/39064
https://supportforums.cisco.com/discussion/11033321/backing-asa-configs-management-interface-turned
http://www.experts-exchange.com/Security/Software_Firewalls/Cisco_PIX_Firewall/Q_25121159.html#view-all

John Cromwell said...

Thank you for this tutorial! Very helpful. Helped end 2 days of troubleshooting!

Homelab said...

Thank you John.

fourmis said...

Thanks for the tuto. It help me to install and understand TFTP.

I've got problem with other tuto: "Error code 2: Access violation"

@+

Homelab said...

Hi fourmis,
thanks .
About the error you get, it seems to be related to the type of TFTP server. (tftpd assumes that file already exists. Use the other TFTP server (atftpd) if you need to transfer a new file that does not exist.