How to Install FTP Server on CentOS 8 Using ProFTPD Server
How to Install FTP Server on CentOS 8. FTP server is often used by website developers to make changes to a website and manage all files. It is more comfortable and secure to manage all website content using FTP.
What is FTP Server?
FTP server is a standard network protocol used to transfer computer files between a client and server on a computer network. File Transfer Protocol (FTP) which simply means it transmits files from one computer to other. It works on client server model and uses separate control and data connections between the client and the server.
FTP server is built on a client server architecture and it works by executing commands given by remote client(s) like receiving, sending, deleting files, creating or removing directories.
What is ProFTPD Server
ProFTPD is a free, open source and feature rich FTP server for Linux and Unix based operating systems. There is no support for native use under Microsoft Windows. It is known for its simplicity, speed or security. It is highly configurable and can be configured to run multiple Virtual Hosts.
Pros of ProFTPD Server
- Multiple virtual FTP servers and anonymous FTP services.
- Hidden directories and files, based on Unix style permissions or user/group ownership.
- Support shadow password.
- Modular design and Multiple authentication methods, including PAM, LDAP, SQL, and RADIUS.
- A single main configuration file.
- Virtual users.
- Anonymous FTP root directories do not require any specific directory.
In this guide, we will show you how to set up an FTP server using ProFTPD on CentOS 8.
Install ProFTPD
By default, the ProFTPD package is not included in the CentOS default repo. So you will need to install the EPEL repository to your server. You can install it by using the following command:
dnf install epel-release -y
Once the EPEL repository is installed, run the following command to install the ProFTPD package:
dnf install proftpd -y
Once the ProFTPD package is installed, start the ProFTPD service and enable it to start at system reboot:
systemctl start proftpd
systemctl enable proftpd
To verify the status of the ProFTPD, run:
systemctl status proftpd
Sample output:
● proftpd.service - ProFTPD FTP Server
Loaded: loaded (/usr/lib/systemd/system/proftpd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2021-08-25 10:16:23 EDT; 6min ago
Process: 5595 ExecStartPre=/usr/sbin/proftpd --configtest (code=exited, status=0/SUCCESS)
Main PID: 5597 (proftpd)
Tasks: 1 (limit: 12524)
Memory: 3.7M
CGroup: /system.slice/proftpd.service
└─5597 proftpd: (accepting connections)
By default, ProFTPD listens on port 21. You can check it using the following command:
ss -antpl | grep proftpd
Sample output:
LISTEN 0 128 *:21 *:* users:(("proftpd",pid=5597,fd=0))os proftpd[5595]: Checking syntax of configuration file
To verify the ProFTPD version, run:
proftpd -v
Sample output:
ProFTPD Version 1.3.6e
Create FTP User
At this point, ProFTPD is installed and running. Now, you will need to create a user to test the FTP.
Let’s create a new user named ftpuser with the following command:
adduser ftpuser
Next, set a password for ftpuser using the following command:
passwd ftpuser
You will be asked to set a password as shown below:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Next, create some directory and files inside the ftpuser’s home directory:
mkdir -p /home/ftpuser/mydir
touch /home/ftpuser/file1.txt
touch /home/ftpuser/file2.txt
Next, set proper ownership to the ftpuser home directory:
chown -R ftpuser:ftpuser /home/ftpuser/
Firewall Configuration
If a firewalld firewall is installed in your CentOS 8 server. You will need to allow ports 20, 21, 22, and 6000-6100 through the firewalld.
Firewalld is firewall management software available for many Linux distributions, which acts as a frontend for Linux’s in kernel nftables or iptables packet filtering systems.
You can allow them using the following command:
firewall-cmd --permanent --add-port=22/tcp
firewall-cmd --permanent --add-port=20-21/tcp
firewall-cmd --permanent --add-port=6000-6100/tcp
Next, reload the firewalld service to apply the changes:
firewall-cmd --reload
You can now check all open ports using the following command:
firewall-cmd --list-all
Sample output:
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 eth1
sources:
services: cockpit dhcpv6-client ssh
ports: 20-21/tcp 22/tcp 6000-6100/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Access FTP with CLI and GUI Method
Access FTP with CLI
First, log in to a remote Linux machine and run the following command to connect to the FTP server:
ftp 45.58.45.50
You will be asked to provide an FTP username and password as shown below:
Connected to 45.58.45.50.
220 (proftpd 3.0.3)
Name (45.58.45.50:vyom): ftpuser
331 Please specify the password.
Password:
After the successful authentication, you should get the FTP shell:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Now, check all files and directories on the FTP server using the following command:
ftp> ls
Sample output:
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 1000 1000 0 Aug 25 08:39 file1.txt
-rw-r--r-- 1 1000 1000 0 Aug 25 08:39 file2.txt
drwxr-xr-x 2 1000 1000 6 Aug 25 08:38 mydir
226 Directory send OK.
Note: 45.58.45.50 is the IP address of the ProFTPD server.
Access FTP with GUI
First, log in to the Linux desktop machine and open the File Manager as shown below:
Now, press CTRL+L, type the URL ftp://45.58.45.50 and hit Enter. You will be asked to provide an FTP username and password as shown below:
Provide your FTP username, password and click on the Connect button. Once you are log in, you should see the FTP server content in the following screen:
FTP Security
It is a good idea to secure the file transmission using the FTP over SSL encryption protocol and FTP over TLS encryption protocol. Secure Sockets Layer (SSL) encrypts commands and data exchanged between a client and a server. Transport Layer Security (TLS) is another protocol designed to help protect the privacy of information communicated over the Internet.
Firstly we will need to generate an SSL certificate and configure ProFTPD to use the SSL certificate.
SSL/TLS
First, install the OpenSSL package with the following command:
dnf install openssl -y
Once installed, generate an SSL certificate using the following command:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/certs/proftpd.pem -out /etc/ssl/certs/proftpd.pem
You will be asked to provide your basic information as shown below:
Generating a RSA private key
...............................................+++++
.........+++++
writing new private key to 'https://net.cloudinfrastructureservices.co.uk/etc/ssl/certs/proftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:GUJ
Locality Name (eg, city) [Default City]:JND
Organization Name (eg, company) [Default Company Ltd]:IT
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:centos
Email Address []:admin@yourdomain.com
Next, edit the ProFTPD main configuration using the following command:
nano /etc/proftpd.conf
Add the following lines below the line “DefaultRoot ~ !adm”:
DefaultRoot ~ !adm
PassivePorts 6000 6100
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/ssl/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
Save and close the file then restart the proftpd service to apply the changes:
systemctl restart proftpd
Verify Secure FTP Connection
In this section of how to Install FTP Server on CentOS 8 we will need to install the FileZilla FTP client on Linux or Windows machine to verify the secure FTP connection.
First, open the FileZilla FTP client as shown below:
Click on the Site Manager to create a new FTP connection as shown below:
Provide your FTP server IP, Port, Protocol, Username, and click on the Connect button. You will be asked to provide a password for the FTP server:
Provide your FTP password and click on the OK button. You should see the SSL certificate warning screen:
Check “Always trust certificate in future sessions” and click on the OK button. Once you are connected, you should see the FTP server content on the right side of the screen:
How to Install FTP Server on CentOS 8 Conclusion
Congratulations! you have successfully installed ProFTPD with SSL/TLS on CentOS 8. You can now easily upload and download files to and from the FTP server.
