Using Sony α7 IV FTP transfer function with vsftpd

I decided to start using the FTP transfer function on my Sony α7 IV camera and found it less straightforward than I expected, so I thought I’d write a short guide on setting up a basic vsftpd server and connecting the camera to it.

Note on (missing) SFTP support

At the time of writing, the α7 IV lacks support for the SSH (Secure) File Transfer Protocol (SFTP). The α1, α7S III and α9 III support it with firmware versions 2.00, 3.00 and 2.00, respectively, and the α1 II supports it out of the box. Those firmware versions were released in March 2024 (alongside α7 IV firmware version 3.00) and it seems unlikely at this point that Sony will add it to other models already on the market. I expect the α7 V to include it.

Given the lack of SFTP support, the next best option is to use FTP Secure (FTPS).

vsftpd setup

With a machine running Ubuntu Server 24.04, I configured vsftpd as follows:

  1. apt install vsftpd
  2. Get a certificate for your hostname if you don’t have one. I used Let’s Encrypt: certbot certonly --standalone -d ftp.example.com
  3. Create a user for FTP access (set a secure password, but remember you’ll have to enter it through the camera’s cumbersome UI): adduser cameraftp
  4. Add the username to an FTP users whitelist: echo "cameraftp" > /etc/vsftpd.userlist
  5. Create a directory in /srv/ftp for uploads and grant ownership to the FTP user: mkdir /srv/ftp/camera && chown cameraftp:cameraftp /srv/ftp/camera
  6. Configure vsftpd. I changed the following settings from the Ubuntu defaults:
    write_enable=YES (so the camera can upload files)
    chroot_local_user=YES (isolate FTP users from the rest of the system)
    local_root=/srv/ftp (set the chroot jail to a directory where every part (/srv and /srv/ftp) is owned by root and not writable by any other user or group)
    rsa_cert_file=/etc/letsencrypt/live/ftp.example.com/fullchain.pem
    rsa_private_key_file=/etc/letsencrypt/live/ftp.example.com/privkey.pem
    ssl_enable=YES
    ssl_ciphers=HIGH
    pasv_enable=YES (passive mode appears to be required)
    pasv_min_port=<some_port>
    pasv_max_port=<some_higher_port> (in practice, my camera seems to transfer at most 2 files at a time, so you shouldn’t need to open a huge range if you’re not using the FTP server for other purposes; make sure these ports (and port 21) are open on your network)
    userlist_enable=YES
    userlist_file=/etc/vsftpd.userlist (the file configured in step 4)
    userlist_deny=NO (whitelist instead of blacklist)
  7. Restart vsftpd: systemctl restart vsftpd

Try connecting with an FTP client. You should see a directory camera that is writable. The root directory should be read-only, and you should have no other access to the filesystem.

Camera setup

I then configured my camera as follows:

  1. Get the root certificate for your TLS certificate. For my Let’s Encrypt certificate, this was the ISRG Root X1 CA (the name being listed in the output of openssl verify -show_chain /etc/letsencrypt/live/ftp.example.com/chain.pem). I downloaded the PEM from Let’s Encrypt’s website: https://letsencrypt.org/certs/isrgrootx1.pem
  2. Rename the root certificate to cacert.pem and copy it to the root directory of the memory card in Slot 1.
  3. Import the root certificate: Network → Network Option → Import Root Certificate → FTP Function
  4. Configure the FTP Transfer Function: Network → FTP Transfer → FTP Transfer Func.
    Server Setting → Server 1 → Destination Settings → Host Name: ftp.example.com
    Server Setting → Server 1 → Destination Settings → Secure Protocol: On
    Server Setting → Server 1 → Destination Settings → Root Certificate Error: Does Not Connect (I couldn’t make my camera connect without the root certificate installed, regardless of this setting, so you might as well pick the secure option)
    Server Setting → Server 1 → Destination Settings → Port: 21
    Server Setting → Server 1 → Directory Settings → Specify Directory: camera (matching the directory you created in /srv/ftp)
    Server Setting → Server 1 → User Info Settings → User: cameraftp
    Server Setting → Server 1 → User Info Settings → Password: <password>
    FTP Function: On
  5. Assuming you are able to connect and have at least 1 photo saved, you should now be able to execute an FTP Transfer.

And that’s it. You can now configure Auto FTP Transfer to back up your photos and videos whenever your camera has internet access.

Leave a Reply

Your email address will not be published. Required fields are marked *