TFTP (Trivial File Transfer Protocol) is a lightweight file transfer protocol commonly used in LAN environments, especially for embedded systems, network device booting, and firmware upgrades. Its simplicity makes it easy to deploy, but it also requires careful handling due to its lack of built-in security.
This guide explains how to install, configure, and test a TFTP server on Linux, covering both Debian-based and RPM-based distributions.
๐งฉ Installing the TFTP Service #
Choose the installation method based on your Linux distribution.
Debian / Ubuntu #
sudo apt update
sudo apt install tftpd-hpa
CentOS / Rocky / AlmaLinux #
sudo yum install tftp-server
โ๏ธ Configuring the TFTP Server #
On Debian-based systems, the main configuration file is:
/etc/default/tftpd-hpa
Edit the file:
sudo nano /etc/default/tftpd-hpa
Common Configuration Options #
| Option | Description |
|---|---|
TFTP_USERNAME |
User account running the TFTP service (typically tftp) |
TFTP_DIRECTORY |
Root directory exposed by TFTP |
TFTP_ADDRESS |
Listening address and port (default: 0.0.0.0:69) |
TFTP_OPTIONS |
Extra options such as security and file creation |
Example Configuration #
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_OPTIONS="--secure --create"
Option explanation:
--secure: Restricts access to the TFTP root directory--create: Allows clients to upload files
๐ Creating the TFTP Root Directory #
Create the TFTP root directory and adjust permissions:
sudo mkdir -p /srv/tftp
sudo chmod 777 /srv/tftp
โ ๏ธ Note:
777permissions are convenient for testing but not recommended for production. In secure environments, restrict access to thetftpuser or a dedicated group.
๐ Restarting the TFTP Service #
Apply the configuration by restarting the service:
sudo systemctl restart tftpd-hpa
Verify service status:
sudo systemctl status tftpd-hpa
๐งช Testing the TFTP Server #
On a client machine, connect to the TFTP server:
tftp <SERVER_IP>
Common TFTP Commands #
tftp> get filename
tftp> put filename
tftp> quit
Ensure the file exists in the TFTP root directory when downloading, and that upload permissions are enabled when using put.
๐ Security Considerations #
TFTP has no authentication or encryption, so it should only be used in trusted internal networks.
Best practices:
- Use
--secureto prevent directory traversal - Restrict firewall access to port UDP 69
- Avoid exposing TFTP to public networks
- Consider alternatives (SCP, SFTP, HTTPS) for sensitive data
โ Summary #
A TFTP server is easy to deploy and remains a critical tool for embedded Linux, PXE booting, and network device management. By following the steps above, you can quickly configure a functional TFTP service while maintaining reasonable security controls for internal use.