FTP or File Transfer Protocol is a standard networking protocol used to transfer files between client and server. An FTP user may authenticate themselves by using username and a password. FTP is often secured with the SSL/TLS(FTPS) for the secure transmission of data or replaced with SSH File Transfer Protocol(SFTP).
VSFTPD stands for “Very Secure File Transfer Protocol Daemon” is a type FTP server that is comparatively more secure. So it is a popular choice for Linux users. In this article, we will discuss to set up it in Ubuntu 20.04 LTS.
Steps to install vsftpd in Ubuntu 20.04 LTS
To install it in Ubuntu 20.04 LTS run the following commands in your terminal –
First, update the apt package index by using –
sudo apt update
And then use –
sudo apt install vsftpd
How to enable vsftpd services?
To enable vsftpd services in Ubuntu 20.04 LTS, use the following commands –
Start the vsftpd server with –
systemctl start vsftpd
And then enable it to start service automatically when the system starts by using –
systemctl enable vsftpd
How to configure vsftpd server?
You can configure the vsftpd server by editing /etc/vsftpd.conf file. For the secure implementation of the vsftpd server, we have to add/modify some options inside the vsftpd configuration file.
Backup the existing configuration
Before making any changes to the configuration file, It is good to take the backup of the original file. Use the following command –
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
Editing the configuration file
Open the configuration file in a text editor by using the following command –
sudo nano /etc/vsftpd.conf
And then uncomment, modify or add the following things into it. This configuration will be sufficient for a basic FTP server later you can modify it according to your requirements.
listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd pasv_enable=Yes pasv_min_port=10000 pasv_max_port=11000 allow_writeable_Chroot=YES
Once you are done editing configuration file press ctrl+s to save and ctrl+x to exit from the editor.
Adjust the firewall settings
We need to adjust the firewall settings. By default Ubuntu firewall blocks the incoming FTP traffic. Use the following command to allow it –
sudo ufw allow from any to any port 20,21,10000:11000 proto tcp
Restart vsftpd server
To apply the changes you need to restart vsftpd server. Use the following command to restart it –
sudo systemctl restart vsftpd
Create an FTP user
We need to create an FTP user, we will use it to log in to the FTP server. To create a user, use the following command –
sudo adduser ftpuser
Now fill the details and create a strong password.
Create a directory to upload files
Now if you want ftpuser
to upload files to the FTP server then create a directory within the user’s home directory. Here we will create a directory with the name ftp
. Use the following command to create it –
sudo mkdir /home/ftpuser/ftp
Set the ownership of ftp
directory to nobody:nogroup
by using-
sudo chown nobody:nogroup /home/ftpuser/ftp
Remove the writable permission with the following command –
sudo chmod a-w /home/ftpuser/ftp
Create another directory within ftp
so that new ftpuser
can upload files here –
sudo mkdir /home/ftpuser/ftp/files
Now set the ownership of files directory to ftpuser
–
sudo chown ftpuser:ftpuser /home/ftpuser/ftp/files
How to secure FTP server with TLS?
TLS or Transport Layer Security is a security protocol it is designed to facilitate privacy and data security to communications over the internet. By default, FTP is not encrypted, the data transmitted can be intercepted. So we need to use TLS with FTP. Let’s create a certificate by using the OpenSSL tool –
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
You will be asked to enter information such as country name, state, organization, etc. Press enter for default values.
Now we have to make some changes in the configuration file, use the following command to edit configruation file –
sudo nano /etc/vsftpd.conf
And add or modify the following information –
ssl_enable=YES rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH
Press ctrl+s to save and ctrl+x to exit from the editor. Now restart your server using-
sudo systemctl restart vsftpd
Also, check the status it should be active-
sudo systemctl status vsftpd
Access FTP server with Filezilla
Filezilla is an FTP client, use to access the file from an FTP server. You need to enter the hostname, username, and password enter it and click on Quickconnect. First, you will see a window of an unknown certificate click on the checkbox of always trust certificate in future sessions and then click on ok.
Now TLS is configured with the FTP server you can communicate with the FTP server securely.
Ok that’s all for now. You can share your experience in the comments below.