You can configure authentication information, authorization mode, and authorized directory to prevent unauthorized FTP users from accessing a specified directory.
To use FTP to operate files, configure a local user name and a password on a device that functions as an FTP server, and specify a service type and an authorized directory. If you do not perform these operations, you cannot use FTP to access the device.
Perform the following steps on the device that functions as an FTP server:
The system view is displayed.
The HMAC-SHA256 ciphertext password encryption algorithm is set.
The AAA view is displayed.
A local user name and a password are set.
For example, the password "Aa123"45"" is valid, but the password "Aa 123"45"" is invalid.
If a password is entered in simple text, the password requirements are the same as those when cipher is not specified. When you input a password in simple text, the system displays the password in simple text mode, which brings risks.
A password is displayed in cipher text in the configuration file regardless of whether it is entered in simple text or cipher text.
If a password is entered in simple text, the password requirements are the same as those when irreversible-cipher is not specified.
A password is displayed in cipher text in the configuration file regardless of whether it is entered in simple text or irreversible cipher text.
The service type is set to FTP for the local user.
An authorized FTP directory is configured for the local user.
FTP users are classified as local AAA authentication users or remote authentication (RADIUS and HWTACACS) users.
The local-user ftp-directory command must be run to specify the FTP working directory for local authentication users. Otherwise, local authentication users cannot use FTP to access the device.
The FTP working directory for remote authentication users can be specified using the HWTACACS server. The set default ftp-directory command can be used to specify the default FTP working directory for remote authentication users.
A user group or user level needs to be configured on the AAA server for remote authentication users. For details about the configuration, see the configuration guide provided by the associated vendor.
A level is set for the local user.
To access the FTP server, you must set the level of the local user to Level 3 or higher.
The configuration is committed.