Vsftpd, installation and basic configuration of an FTP server

Damián A.

6 minutes

about vsftpd

In the next article we are going to take a look at how we can install vsftpd on Ubuntu. Whether you want to create a home server, a web server, a game server or any server that suits your project, an FTP is the easiest way to transfer data from one system to another. That is why we are going to see how to perform the installation and basic configuration of an FTP server in Ubuntu.

FTP: File transfer protocol, is the system used to load (place) or download (get) files from a server. You have probably used it at some point without realizing it, when taking files or uploading images to the web.

Install an FTP server in Ubuntu

Install vsftpd

For this example, I am going to install an FPT server on my local network on Ubuntu 20.04. If you don't have it installed on your computer, can be installed with the command (Ctrl + Alt + T):

install vsftpd

sudo apt install vsftpd

Once installed, we will start with make a copy of the original configuration file. If something goes wrong, the default settings can be restored.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_default

Now let's start service with the command:

sudo systemctl start vsftpd

We confirm that it is running with:

enable vsftpd

sudo systemctl enable vsftpd

FTP user account

With this We can use any FTP client to access the files hosted on the server through vsftpd. In the terminal (Ctrl + Alt + T) we will only have to use the command:

sudo useradd –m nombre-usuario

Replaces'username'by your intended username. Now we are going to set a password:

create ftp user

sudo passwd nombre-usuario

After we are going to move to the newly created user folder:

cd /home/nombre-usuario

Ideally, FTP should be restricted to a specific directory for security reasons. Vsftpd uses chroot cages to achieve this. With chroot enabled, a local user is restricted to their home directory (default). For this example, we are going to create an ftp directory that will act as a chroot, along with a directory of modifiable files.

To begin with we create the FTP folder:

sudo mkdir ftp

We will set the property of the folder with this other command:

ftp folder property

sudo chown nobody:nogroup /home/nombre-usuario/ftp

Now we remove the write permissions of this folder:

sudo chmod a-w /home/nombre-usuario/ftp

We continue creating file container directory and we will assign the property:

create files folder

sudo mkdir /home/nombre-usuario/ftp/files 

sudo chown nombre-usuario:nombre-usuario /home/nombre-usuario/ftp/files

At this point, we will create a test file in the files folder:

create sample file

echo "vsftpd archivo de ejemplo" | sudo tee /home/nombre-usuario/ftp/files/ejemplo.txt

Securing the FTP server

In this step let's open ports 20 and 21 for FTP traffic. Ports 40000-50000 will be reserved for the range of passive ports that will eventually be set in the configuration file and port 990 will be used when TLS is enabled. Run the following to do it:

sudo ufw allow 20/tcp; sudo ufw allow 21/tcp; sudo ufw allow 990/tcp; sudo ufw allow 40000:50000/tcp

If you use a different firewall, check its documentation to open the ports.

Configure vsftpd

Since we want users to be able to upload files, we are going to edit vsftpd configuration file:

sudo vim /etc/vsftpd.conf

Inside the file we will find the following entries and uncomment them:

anonymous write local to uncomment

anonymous_enable=NO

write_enable=YES

local_enable=YES

Chroot_local_user will not be commented either, with this we guarantee that the connected user only accesses the files within the allowed directory:

chroot local users to uncomment

chroot_local_user=YES

We are also going to manually add some new values ​​to the end of the file. This will allow the configuration to work with the current user and any other user added later:

local usr USER

user_sub_token=$USER
local_root=/home/$USER/ftp

Restart the daemon to load the changes:

sudo systemctl restart vsftpd

Encrypted connections

We will use TTL / SSL to ensure security. We must create the SSL certificate and use it to protect the FTP server. We will do this with the command:

generate SSL certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

The flag -days makes the certificate valid for one year and we have included a 2048-bit RSA private key in the same command. When you finish creating the certificate, open the configuration file again:

sudo vim /etc/vsftpd.conf

At the end of the file we must find two lines that start with «rsa«. Comment both lines and write the following:

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

rsa lines

Now we will enable SSL so that only clients that have SSL enabled can connect. Change the value of ssl_enable to YES:

ssl_enable=YES

For do not allow anonymous connections over SSL, add the lines:

security settings

allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

Configure the server to use TLS, adding:

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

We will also get that no need to reuse SSL, because it can cause many FTP clients to not work. What's more we will use high encryption encryption suites, adding the lines:

require_ssl_reuse=NO
ssl_ciphers=HIGH

We save the file and we restart the service:

sudo systemctl restart vsftpd

Access from an FTP client

Now we can connect to our FTP server. For this we can use an application from the graphical environment or the terminal command ftp. If you opt for the graphical environment, you will need an FTP client like FileZilla. To install it you can turn to article that a colleague wrote on this blog a while ago.

Once Filezilla is installed and started, do click File / Site Manager. The next thing will be to click on "New site".

filezilla connection to vsftpd

In the right panel, select as FTP protocol. If you are using FTPS, select TLS for encryption. Following, write hostname or IP address in Server and add port (21). For him access mode select Normal, and write the credentials of your account in Username and Password. Click Connect.

We will have to accept the certificate that we created earlier.

accept SSL certificate

At this point we will see the example file that we created inside the files folder. We can now start using our FTP server. Just drag and drop the files you want to move.

filezilla example file

Using an FTP, we can capture the data whenever we need it. It can learn more about vsftpd and its configuration from the Ubuntu documentation page.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   fjalcon said
    ago 3 years

    Perfect tutorial, it has helped me to configure my ftp server in a matter of a few minutes.

    Reply to fjalcon
  2.   juan carlos said
    ago 2 years

    Great tutorial, understandable from start to finish. I have a question, I have a PC with Debian 11 Plasma, and a virtualbox with centos 7. In centos I have installed the ftpy server and created a user. Now from Debian and dolphin I access without problems, the problem is that I cannot create folders or files, however from other virtual ones (xp, seven, linuxmint), if I can create without problems, why is that?

    Reply to juan carlos