In the next article we are going to take a look at how we can install vsftpd on Ubuntu. Whether you want to create a home server, a web server, a game server or any server that suits your project, an FTP is the easiest way to transfer data from one system to another. That is why we are going to see how to perform the installation and basic configuration of an FTP server in Ubuntu.
FTPthe File transfer protocol, is the system used to load (place) or download (get) files from a server. You have probably used it at some point without realizing it, when taking files or uploading images to the web.
Table of Contents
Install an FTP server in Ubuntu
For this example, I am going to install an FPT server on my local network on Ubuntu 20.04. If you don't have it installed on your computer, can be installed with the command (Ctrl + Alt + T):
sudo apt install vsftpd
Once installed, we will start with make a copy of the original configuration file. If something goes wrong, the default settings can be restored.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_default
Now let's start service with the command:
sudo systemctl start vsftpd
We confirm that it is running with:
sudo systemctl enable vsftpd
FTP user account
With this We can use any FTP client to access the files hosted on the server through vsftpd. In the terminal (Ctrl + Alt + T) we will only have to use the command:
sudo useradd –m nombre-usuario
Replaces'username'by your intended username. Now we are going to set a password:
sudo passwd nombre-usuario
After we are going to move to the newly created user folder:
Ideally, FTP should be restricted to a specific directory for security reasons. Vsftpd uses chroot cages to achieve this. With chroot enabled, a local user is restricted to their home directory (default). For this example, we are going to create an ftp directory that will act as a chroot, along with a directory of modifiable files.
To begin with we create the FTP folder:
sudo mkdir ftp
We will set the property of the folder with this other command:
sudo chown nobody:nogroup /home/nombre-usuario/ftp
Now we remove the write permissions of this folder:
sudo chmod a-w /home/nombre-usuario/ftp
We continue creating file container directory and we will assign the property:
sudo mkdir /home/nombre-usuario/ftp/files sudo chown nombre-usuario:nombre-usuario /home/nombre-usuario/ftp/files
At this point, we will create a test file in the files folder:
echo "vsftpd archivo de ejemplo" | sudo tee /home/nombre-usuario/ftp/files/ejemplo.txt
Securing the FTP server
In this step let's open ports 20 and 21 for FTP traffic. Ports 40000-50000 will be reserved for the range of passive ports that will eventually be set in the configuration file and port 990 will be used when TLS is enabled. Run the following to do it:
sudo ufw allow 20/tcp; sudo ufw allow 21/tcp; sudo ufw allow 990/tcp; sudo ufw allow 40000:50000/tcp
If you use a different firewall, check its documentation to open the ports.
Since we want users to be able to upload files, we are going to edit vsftpd configuration file:
sudo vim /etc/vsftpd.conf
Inside the file we will find the following entries and uncomment them:
anonymous_enable=NO write_enable=YES local_enable=YES
Chroot_local_user will not be commented either, with this we guarantee that the connected user only accesses the files within the allowed directory:
We are also going to manually add some new values to the end of the file. This will allow the configuration to work with the current user and any other user added later:
Restart the daemon to load the changes:
sudo systemctl restart vsftpd
We will use TTL / SSL to ensure security. We must create the SSL certificate and use it to protect the FTP server. We will do this with the command:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
The flag -days makes the certificate valid for one year and we have included a 2048-bit RSA private key in the same command. When you finish creating the certificate, open the configuration file again:
sudo vim /etc/vsftpd.conf
At the end of the file we must find two lines that start with «rsa«. Comment both lines and write the following:
Now we will enable SSL so that only clients that have SSL enabled can connect. Change the value of ssl_enable to YES:
For, do not allow anonymous connections over SSL, add the lines:
allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES
Configure the server to use TLS, adding:
ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
We will also get that no need to reuse SSL, because it can cause many FTP clients to not work. What's more we will use high encryption encryption suites, adding the lines:
We save the file and we restart the service:
sudo systemctl restart vsftpd
Access from an FTP client
Now we can connect to our FTP server. For this we can use an application from the graphical environment or the terminal command ftp. If you opt for the graphical environment, you will need an FTP client like FileZilla. To install it you can turn to article that a colleague wrote on this blog a while ago.
Once Filezilla is installed and started, do click File / Site Manager. The next thing will be to click on "New site".
In the right panel, select as FTP protocol. If you are using FTPS, select TLS for encryption. Following, write hostname or IP address in Server and add port (21). For him access mode select Normal, and write the credentials of your account in Username and Password. Click Connect.
We will have to accept the certificate that we created earlier.
At this point we will see the example file that we created inside the files folder. We can now start using our FTP server. Just drag and drop the files you want to move.
Using an FTP, we can capture the data whenever we need it. It can learn more about vsftpd and its configuration from the Ubuntu documentation page.