How to Install FTP Server on CentOS 8. FTP server is often used by website developers to make changes to a website and manage all files. It is more comfortable and secure to manage all website content using FTP.
What is FTP Server?
FTP server is a standard network protocol used to transfer computer files between a client and server on a computer network. File Transfer Protocol (FTP) which simply means it transmits files from one computer to other. It works on client server model and uses separate control and data connections between the client and the server.
FTP server is built on a client server architecture and it works by executing commands given by remote client(s) like receiving, sending, deleting files, creating or removing directories.
What is ProFTPD Server
Pros of ProFTPD Server
- Multiple virtual FTP servers and anonymous FTP services.
- Hidden directories and files, based on Unix style permissions or user/group ownership.
- Support shadow password.
- Modular design and Multiple authentication methods, including PAM, LDAP, SQL, and RADIUS.
- A single main configuration file.
- Virtual users.
- Anonymous FTP root directories do not require any specific directory.
By default, the ProFTPD package is not included in the CentOS default repo. So you will need to install the EPEL repository to your server. You can install it by using the following command:
dnf install epel-release -y
Once the EPEL repository is installed, run the following command to install the ProFTPD package:
dnf install proftpd -y
Once the ProFTPD package is installed, start the ProFTPD service and enable it to start at system reboot:
systemctl start proftpd systemctl enable proftpd
To verify the status of the ProFTPD, run:
systemctl status proftpd
● proftpd.service - ProFTPD FTP Server Loaded: loaded (/usr/lib/systemd/system/proftpd.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2021-08-25 10:16:23 EDT; 6min ago Process: 5595 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=0/SUCCESS) Main PID: 5597 (proftpd) Tasks: 1 (limit: 12524) Memory: 3.7M CGroup: /system.slice/proftpd.service └─5597 proftpd: (accepting connections)
By default, ProFTPD listens on port 21. You can check it using the following command:
ss -antpl | grep proftpd
LISTEN 0 128 *:21 *:* users:(("proftpd",pid=5597,fd=0))os proftpd: Checking syntax of configuration file
To verify the ProFTPD version, run:
ProFTPD Version 1.3.6e
Create FTP User
At this point, ProFTPD is installed and running. Now, you will need to create a user to test the FTP.
Let’s create a new user named ftpuser with the following command:
Next, set a password for ftpuser using the following command:
You will be asked to set a password as shown below:
New password: Retype new password: passwd: all authentication tokens updated successfully.
Next, create some directory and files inside the ftpuser’s home directory:
mkdir -p /home/ftpuser/mydir touch /home/ftpuser/file1.txt touch /home/ftpuser/file2.txt
Next, set proper ownership to the ftpuser home directory:
chown -R ftpuser:ftpuser /home/ftpuser/
If a firewalld firewall is installed in your CentOS 8 server. You will need to allow ports 20, 21, 22, and 6000-6100 through the firewalld.
Firewalld is firewall management software available for many Linux distributions, which acts as a frontend for Linux’s in kernel nftables or iptables packet filtering systems.
You can allow them using the following command:
firewall-cmd --permanent --add-port=22/tcp firewall-cmd --permanent --add-port=20-21/tcp firewall-cmd --permanent --add-port=6000-6100/tcp
Next, reload the firewalld service to apply the changes:
You can now check all open ports using the following command:
public (active) target: default icmp-block-inversion: no interfaces: eth0 eth1 sources: services: cockpit dhcpv6-client ssh ports: 20-21/tcp 22/tcp 6000-6100/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Access FTP with CLI and GUI Method
Access FTP with CLI
First, log in to a remote Linux machine and run the following command to connect to the FTP server:
You will be asked to provide an FTP username and password as shown below:
Connected to 22.214.171.124. 220 (proftpd 3.0.3) Name (126.96.36.199:vyom): ftpuser 331 Please specify the password. Password:
After the successful authentication, you should get the FTP shell:
230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>
Now, check all files and directories on the FTP server using the following command:
200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 1000 1000 0 Aug 25 08:39 file1.txt -rw-r--r-- 1 1000 1000 0 Aug 25 08:39 file2.txt drwxr-xr-x 2 1000 1000 6 Aug 25 08:38 mydir 226 Directory send OK.
Note: 188.8.131.52 is the IP address of the ProFTPD server.
Access FTP with GUI
First, log in to the Linux desktop machine and open the File Manager as shown below:
Now, press CTRL+L, type the URL ftp://184.108.40.206 and hit Enter. You will be asked to provide an FTP username and password as shown below:
Provide your FTP username, password and click on the Connect button. Once you are log in, you should see the FTP server content in the following screen:
It is a good idea to secure the file transmission using the FTP over SSL encryption protocol and FTP over TLS encryption protocol. Secure Sockets Layer (SSL) encrypts commands and data exchanged between a client and a server. Transport Layer Security (TLS) is another protocol designed to help protect the privacy of information communicated over the Internet.
Firstly we will need to generate an SSL certificate and configure ProFTPD to use the SSL certificate.
First, install the OpenSSL package with the following command:
dnf install openssl -y
Once installed, generate an SSL certificate using the following command:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/certs/proftpd.pem -out /etc/ssl/certs/proftpd.pem
You will be asked to provide your basic information as shown below:
Generating a RSA private key ...............................................+++++ .........+++++ writing new private key to 'https://net.cloudinfrastructureservices.co.uk/etc/ssl/certs/proftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:IN State or Province Name (full name) :GUJ Locality Name (eg, city) [Default City]:JND Organization Name (eg, company) [Default Company Ltd]:IT Organizational Unit Name (eg, section) :IT Common Name (eg, your name or your server's hostname) :centos Email Address :firstname.lastname@example.org
Next, edit the ProFTPD main configuration using the following command:
Add the following lines below the line “DefaultRoot ~ !adm”:
DefaultRoot ~ !adm PassivePorts 6000 6100 TLSEngine on TLSRequired on TLSRSACertificateFile /etc/ssl/certs/proftpd.pem TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.pem TLSCipherSuite ALL:!ADH:!DES TLSOptions NoCertRequest TLSVerifyClient off TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog /var/log/proftpd/tls.log
Save and close the file then restart the proftpd service to apply the changes:
systemctl restart proftpd
Verify Secure FTP Connection
First, open the FileZilla FTP client as shown below:
Click on the Site Manager to create a new FTP connection as shown below:
Provide your FTP server IP, Port, Protocol, Username, and click on the Connect button. You will be asked to provide a password for the FTP server:
Provide your FTP password and click on the OK button. You should see the SSL certificate warning screen:
Check “Always trust certificate in future sessions” and click on the OK button. Once you are connected, you should see the FTP server content on the right side of the screen: