How to Install FTP Server on Ubuntu 20.04
FTP stands for File Transfer Protocol is a network protocol used to transfer files to and from the remote system. Generally, it is used by website owners to build, update and maintain websites. IT provides an easier way to download, upload, and transfer files from one system to another over the internet. In this article we will look at how to install FTP Server on Ubuntu 20.04.
There are many open-source FTP servers available for Linux including, ProFTPD, vsFTPD, and PureFTPD. Among them, vsFTPD is a fast, stable and secure FTP server. It helps to make files more accessible with a more friendly interface than FTP applications.
Features of vsFTPD
- Virtual users
- Bandwidth throttling
- Per-source-IP limits
- Per-source-IP configurability
- Encryption support through SSL integration
- Standalone or inetd operation
- Virtual IP configurations
In this post, we will show you how to set up an FTP server with vsFTPD and secure it with SSL on Ubuntu 20.04.
Also Read
How to Install FTP Server on AWS running on Windows Server
Install vsFTPD
By default, the vsFTPD package is included in the Ubuntu operating system. You can install it by just running the following command:
apt-get install vsftpd -y
Once the vsFTPD package is installed, start the vsFTPD service and enable it to start after system reboot:
systemctl start vsftpd
systemctl enable vsftpd
You can now verify the status of the vsFTPD using the command below:
systemctl status vsftpd
Sample output:
● vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-08-24 06:01:30 UTC; 6s ago
Main PID: 1116 (vsftpd)
Tasks: 1 (limit: 2353)
Memory: 620.0K
CGroup: /system.slice/vsftpd.service
└─1116 /usr/sbin/vsftpd /etc/vsftpd.conf
Aug 24 06:01:30 ubuntuhost systemd[1]: Starting vsftpd FTP server...
Aug 24 06:01:30 ubuntuhost systemd[1]: Started vsftpd FTP server.
By default, vsFTPD listens on port 21. You can check it using the following command:
ss -antpl | grep vsftpd
Sample output:
LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1116,fd=3))
Configure vsFTPD
The vsFTPD server default configuration file is located at /etc/vsftpd.conf. You will need to edit this file in order to configure a fully-functional FTP server.
nano /etc/vsftpd.conf
First, uncomment and change the following lines to allow access to the FTP server only to the local users:
anonymous_enable=NO
local_enable=YES
Uncomment and change the following line to grant upload and remove file permission:
write_enable=YES
Uncomment and change the following line to prevent local FTP users to access files outside of their home directories.
chroot_local_user=YES
allow_writeable_chroot=YES
Uncomment and change the following line to enable passive FTP connections.
pasv_min_port=30000
pasv_max_port=31000
Uncomment or add the following lines to configure vsftpd to permit only certain users to log in.
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO
Save and close the file then restart the vsFTPD service to apply the configuration changes:
systemctl restart vsftpd
Create FTP User
Next, you will need to create a user to test the FTP server. To create a new user named ftpuser, run the following command:
adduser ftpuser
Set the ftpuser password as shown below:
Adding user `ftpuser' ...
Adding new group `ftpuser' (1000) ...
Adding new user `ftpuser' (1000) with group `ftpuser' ...
Creating home directory `/home/ftpuser' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for ftpuser
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
Next, add ftpuser to the allowed FTP users list:
echo ftpuser > /etc/vsftpd.user_list
Next, create some files inside the ftpuser home directory and set proper ownership:
touch /home/ftpuser/file1.xtx
touch /home/ftpuser/file2.xtx
chown -R ftpuser:ftpuser /home/ftpuser/
Finally, restart the vsFTPD service using the following command:
systemctl restart vsftpd
Configure UFW Firewall
If the UFW firewall is installed and configured in your system then you will need to allow FTP ports 20, 21, 30000-31000 and OpenSSH port 22 through the UFW.
You can allow all ports using the following command:
ufw allow OpenSSH
ufw allow 20:21/tcp
ufw allow 30000:31000/tcp
Next, run the following command to reload the firewall:
ufw disable
ufw enable
You can now check the status of the firewall using the following command:
ufw status
Sample output:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
20:21/tcp ALLOW Anywhere
30000:31000/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
20:21/tcp (v6) ALLOW Anywhere (v6)
30000:31000/tcp (v6) ALLOW Anywhere (v6)
Test FTP Server
At this point, the vsFTPD server is installed and configured. Now, its time to test it from the remote machine.
Test Using CLI Method
Log in to the remote Linux machine, open your command line terminal and run the following command to connect the FTP server:
ftp 45.58.40.129
You will be asked to provide FTP user and password as shown below:
Connected to 45.58.40.129.
220 (vsFTPd 3.0.3)
Name (45.58.40.129:vyom): ftpuser
331 Please specify the password.
Password:
After the successful authentication, you should get an FTP shell:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Now, run the following command to list all files on the FTP server:
ftp> ls
You should see all files located on the FTP server in the following output:
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 1000 1000 0 Aug 24 06:10 file1.xtx
-rw-r--r-- 1 1000 1000 0 Aug 24 06:10 file2.xtx
226 Directory send OK.
ftp>
Note: 45.58.40.129 is the IP address of the FTP server.
Test Using GUI Method
On the remote Linux machine, open the file manager, press CTRL + L, type the URL ftp://45.58.40.129 and hit Enter as shown below:
You should see the FTP connection configuration screen:
Provide your FTP username, password and click on the Connect button. Once you are connected to the FTP server. You should see the following screen:
Secure FTP with SSL/TLS
It is a good idea to secure the FTP transmissions using SSL/TLS. To do so, you will need to generate an SSL certificate and configure the vsFTPD server to use it. Here, we will generate a self-signed SSL certificate.
You can generate a self-signed SSL certificate using the following command:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
Provide all required information as shown below:
Generating a RSA private key
.....+++++
....................................................................................................................................................................................................................+++++
writing new private key to 'https://net.cloudinfrastructureservices.co.uk/etc/ssl/private/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:GUJ
Locality Name (eg, city) []:JND
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:server
Email Address []:admin@example.com
Next, edit the vsFTPD main configuration file and define your SSL certificate path:
nano /etc/vsftpd.conf
Add or Change the following lines:
ssl_enable=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
Save and close the file then restart the vsFTPD service to apply the changes:
systemctl restart vsftpd
Verify Secure FTP Connection
To verify the secure FTP connection, you will need to install the FileZilla FTP client on Linux or Windows machine.
After installing FileZilla, launch the FileZilla client as shown below:
Click on the Site Manager to create a new FTP connection as shown below:
Provide your FTP server IP, Port, Protocol, Username, and click on the Connect button. You will be asked to provide a password for the FTP server:
Provide your FTP password and click on the OK button. You should see the SSL certificate warning screen:
Check “Always trust certificate in future sessions” and click on the OK button. Once you are connected, you should see the FTP server content on the right side of the screen:
Conclusion
In the above guide, we explained how to set up an FTP server with vsFTPD on Ubuntu 20.04. We also explained how to secure an FTP connection with SSL/TLS and also verify the FTP from the remote machine. I hope you can now easily set up your own FTP server easily.
