Why is Passive FTP used more frequently?

Question

As there are two questions about Passive vs. Active FTP mode

And if we kindly omit existence of FTP over SSH or FTPS (aka FTP with SSL/TLS)

What are security pros and cons of using Passive FTP?

My question comes out from experience that nearly every FTP I've came to touch with, was using Passive mode. So if it wasn't result of internal security policy, than please what is the motivation for using Passive FTP mode?

Just a note: SFTP is not "FTP over SSH". The latter is literally [text] FTP over SSH, while SFTP is a binary protocol which was designed as part of SSH2 protocol group. — Eugene Mayevski 'Callback, Nov 19 '11 at 21:47
@EugeneMayevski'EldoSCorp thanks Eugene, I corrected my statement. — Marek Sebera, Nov 19 '11 at 21:49

score 6 · Accepted Answer · answered Nov 19 '11 at 21:27

FTP is not secure, and never will be. The only reason to use passive ftp is that it works through any kind of firewall, as all connections are initiated by the client. Active FTP has the server connecting BACK to the client to initiate data transfers, which dumb firewalls will disallow, as they have no way to know that the incoming connection is related to the FTP connection and should be allowed through.

score 2 · Answer 2 · answered Nov 19 '11 at 21:28

2

Passive FTP is easier to get through firewalls. For "active" FTP, the client has to be connectable from the internet, for passive ftp, that burden is on the server.

answered Nov 19 '11 at 21:28

Martijn

1,620
9
18

Why is Passive FTP used more frequently?

2 Answers2