TFTP on Ubuntu 14.04 LTS server

ubuntu-logo32In this post I will run through the installation and verification of operation of a Trivial File Transfer Protocol (TFTP) server running on Ubuntu 14.04 LTS. TFTP is an Internet software utility for transferring files between networked devices, that is simpler to use than the File Transfer Protocol (FTP) but less capable and less secure. It is used where user authentication and directory visibility are not required. TFTP uses the UDP port 69 as its transmission layer protocol making it lighter than TCP based FTP. TFTP is described formally in RFC 1350.

Because of its light and simple design, TFTP has long been the protocol of choice for the initial stages of any network booting stratergy like BootP and PXE as well as to transfer firmware images and configuration files to network devices such as switches, routers and firewalls. Within the networking world TFTP is typically used to transfer firmware images to network devices in order to upgrade or recover the firmware.

Install the TFTP daemon

We will be using the tftpd-hpa is an enhanced version of the BSD TFTP client and server. It possesses a number of bugfixes and enhancements over the original.

All commands are run as root so the first step is to use sudo to login to the root account on you system:

Next we need to update the apt source list and install the tftpd-hpa daemon from the repositories:

Configure TFTP defaults

Now we need to create the default settings that the TFTP daemon will use when the service is started. To do this we need to edit the /etc/default/tftpd-hpa file:

Add the following to the file:

Where:

  • TFTP_USERNAME: Specify the username which tftpd will run as. The default is “nobody”.
  • TFTP_DIRECTORY: Specify the root directory where files will be served from. The default is /var/lib/tftp
  • TFTP_ADDRESS: Specify a specific address and port to listen on. The default is to listen to the TFTP port specified in /etc/services on all local addresses.
  • TFTP_OPTIONS: Specify any additional options to run the daemon with, in this case we used the following:
  1. –secure: Change root directory on startup. This means the remote host does not need to pass along the directory as part of the transfer, and may add security. The use of this option is recommended for security as well as compatibility with some boot ROMs which cannot be easily made to include a directory name in its request.
  2. –create: Allow new files to be created. By default, tftpd will only allow upload of files that already exist.

Sample output of /etc/default/tftpd-hpa:

Create the directory structure

Next we can create the directory structure for our network device images, in this case I will be creating a directory for Cisco and juniper devices and creating sub directories for IOS, IOSXR and NXOS. Under the IOS directory will create further sub directories for each specific model of router/switch on the network.

Next we need to set the user, group and file permissions for the /srv/tftpboot directory and its sub directories:

Before we test TFTP we need to restart the TFTP daemon so that the configuration changes made above are implemented:

Sample output of restarting the tftpd-hpa daemon:

Verification and testing

I will be using another Ubuntu 14.04 LTS server to test that the TFTP daemon we have set up is working correctly. To do this we first need to install the TFTP client on the our test server using the following:

Next I created a test file on the TFTP server that we will download to our test server, the test file is a list of directories in the root folder of the TFTP server:

Now from our test server we will connect to our new TFTP server and download (GET) the test file we just created:

Perfect everything is working correctly, if you are having problems check you firewall rules,on both the TFTP server and the TFTP client to make sure the traffic is allowed through.

FacebookTwitterGoogle+Share

3 thoughts on “TFTP on Ubuntu 14.04 LTS server”

  1. Thank you very much. This is it! It’s works. I spend hours to find good and working solution. By the way, perfect description.

    P.S Many idiots on the Internet have similar solution/decryption but of course any of it don’t work correctly. Lost time and energy:)

Leave a Reply