In this article, you will learn how to set up an FTP server on Ubuntu. We will be using a server, which is widely considered to be the fastest and most secure FTP server for UNIX-like systems.
What is FTP?
FTP either File Transfer Protocol is a means of sending and receiving files over a network connection. Using a client/server framework and SSL/TLS security, FTP allows users to share files with (and receive from) remote computers through secure, efficient, and reliable data transfer (using TCP/IP protocols). ).
FTP works the same way as (HypertText Transfer Protocol) or (Simple Mail Transfer Protocol). The difference is that FTP is responsible for transporting files over the Internet, while HTTP and SMTP are responsible for transferring web pages and emails, respectively.
Before we begin, please note that we will walk you through setting up an FTP server on 18.04. Therefore, you need to make sure that your VPS is running on that particular operating system.
How to set up an FTP server in Ubuntu
This tutorial requires you to know how to connect to a server via SSH. If you have the , the access data is available in the Server tab of the hPanel.
Step 1 – Install Vsftpd
- First of all, let’s get our package updates before proceeding with the installation of the vsftpd. To get started, run the following command:
sudo apt-get update
Wait for all processes to complete and you will see a confirmation as soon as the update is complete.
- When you’re done with this, install the vsftpd daemon using the following command:
sudo apt-get install vsftpd
Now you will see a confirmation message in which you will have to write Y and press Enter to continue with the installation.
- Once the installation is complete, make a backup copy of the original file so we can start our work with a blank configuration file:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
Now we are ready to take the next step and configure the firewall.
Step 2 – Allow FTP traffic from the firewall
- To allow the Ubuntu FTP server to communicate over the Internet, it has to go through the firewall. Let’s first see whether the firewall is enabled on the machine or not. Simply run the following command to check the status:
sudo ufw status
If you see the following message:
ufw: command not found
It means that the firewall is not installed. You can install and enable it by typing:
sudo apt-get install ufw sudo ufw enable
- If it’s already active, you still need to make sure FTP traffic is allowed. To do this, run the following commands one by one:
sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 40000:50000/tcp
This series of commands will open several ports:
- OpenSSH it is necessary if you still want to access your server via SSH. Sometimes this option is enabled by default.
- the ports twenty Y twenty-one for FTP traffic.
- the ports 40000:50000 they will be reserved for the passive port range that will eventually be set in the configuration file.
- port 990 will be used when TLS is enabled.
- Now let’s look at the state again:
sudo ufw status
The result should be something like this:
Status: active To Action From — —— —- 990/tcp ALLOW Anywhere 20/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 40000:50000/tcp ALLOW Anywhere 20/tcp (v6) ALLOW Anywhere (v6 ) 21/tcp (v6) ALLOW Anywhere (v6) 990/tcp (v6) ALLOW Anywhere (v6) 40000:50000/tcp (v6) ALLOW Anywhere (v6)
Step 3 – Create the user directory
- Once the firewall is configured, we must create the user that will use the FTP access. To create it, use the following command:
sudo adduser hoster
Remember to change the username according to your preferences.
- When prompted, enter a password for the user and fill in all other details. Ideally, FTP should be restricted to a specific directory for security reasons. vsftpd uses chroot cages to achieve this. With chroot enabled, a local user is restricted to their home directory (by default). However, it is possible that due to the security of vsftpd, a user cannot write to the directory. We will not remove write privileges from the home folder; instead we will create an ftp directory which will act as chroot along with a writable files directory that will be responsible for holding the relevant files.
- Use the following command to create the FTP folder:
sudo mkdir /home//ftp
Set the property using:
sudo chown nobody:nogroup /home//ftp
Finally, remove write permissions:
sudo chmod aw /home//ftp
Now, use the following command to check the permissions:
sudo ls -la /home//ftp
The result should be something like this:
total 8 dr-xr-xr-x 2 nobody nogroup 4096 Jun 29 11:32 . drwxr-xr-x 3 4096 Jun 29 11:32 ..
- As a next step, we will create the file container directory and assign ownership:
sudo mkdir /home//ftp/files sudo chown : /home//ftp/files
Finally, add a test file to the directory which will be used when we test everything later:
echo “vsftpd sample file” | sudo tee /home//ftp/files/sample.txt
Step 4 – Configure vsftpd
The next step in our commitment to configure an FTP server in Ubuntu VPS is to configure vsftpd and our FTP access. In this tutorial, we will allow a single user to connect to FTP using a local shell account. The two key settings required for this are already set in the config file (vsftpd.conf).
- First of all, verify that the configuration file has a configuration that matches the ones mentioned below:
sudo nano /etc/vsftpd.conf
Check that the content has settings similar to this:
. . . # Allow anonymous FTP? (Disabled by default). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES . . .
In the same file, we will proceed to delete # already enable the write_enable:
. . . write_enable=YES . . ..
- chroot will not comment either to ensure that the FTP user only accesses files within the allowed directory. also change the value NO by YES. Note that there are two lines like this, and you have to uncomment both.
. . . chroot_local_user=YES . . .
- There are some new values that you should also add to the end of the file. First, add a user_sub_token on the local_root directory path. This will allow the setup to work with the current user and any other users added later:
user_sub_token=$USER local_root=/home/$USER/ftp
pasv_min_port=40000 pasv_max_port=50000
- In this tutorial, we plan to allow access on a case-by-case basis, so let’s adjust the settings so that access is only granted to users who have been explicitly added to a list:
userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
the flag userlist_deny is responsible for toggling logic; when set to NO, only the users specified in the list will be allowed access. Once done, click CTRL+X and commit the file changes.
- Finally, we will proceed with the creation and addition of our user to the file:
echo “” | sudo tee -a /etc/vsftpd.userlist
Verify that the user is actually active by running the following command:
cat /etc/vsftpd.userlist
The result should be “” as shown in this screenshot:
- Restart the daemon using the following command to load the configuration changes:
sudo systemctl restart vsftpd
Step 5 – Make FTP secure
- By default, FTP does not do any data encryption, so we will use TTL/SSL to ensure safety. First of all, we need to create the SSL certificate and use it to secure the Ubuntu FTP server. To get started, use the following command:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
the flag -days makes the certificate valid for one year and we have included a private key RSA of 2048 bit in the same command.
- Once requested, enter the corresponding personal data in the field provided.
- When you’re done creating the certificate, open the configuration file again:
sudo nano /etc/vsftpd.conf
The end of the file must contain two lines beginning with “_rsa«. Comment both lines like this:
# rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem # rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Instead, let’s point the configuration file to the certificate we just created. Add the following addresses just below the previous lines:
rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem
- We will now enable SSL and make sure that only clients that have SSL enabled can contact us. Change the value of ssl_enable a AND IT IS:
ssl_enable=YES
Then add the following lines to prohibit any anonymous connection via SSK
allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES
Configure the server to use TLS using:
ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
Now we will change 2 more options. First of all, it will not be necessary reuse ssl because it can cause many FTP clients to crash. Second, we will use strong encryption suites, which means that key lengths are equal to or greater than 128 bits.
require_ssl_reuse=NOT ssl_ciphers=HIGH
Save the file again by pressing CTRL+X followed by Y, and then press Enter.
- let’s restart vsftpd once again to apply the new settings:
sudo systemctl restart vsftpd
Good work! You have configured the FTP server on your Ubuntu VPS to work with the SSL/TLS protocol.
Step 6 – Test connections with FileZilla
These days, most FTP clients support TLS encryption settings, so it’s a great way to check if your Ubuntu FTP server is working as expected. To test the connection, we will use an a.
- To start start FileZilla and click on the icon SiteManager. Then click the button New Site in the window that appears to start entering the Ubuntu FTP server details.
- Fill in all the required details with your newly created Ubuntu FTP server information. Since we configured it to use TLS, we can also…
Facebook Comments
Disqus