FTP stands for File Transfer Protocol is a network protocol used to transfer files to and from the remote system. Generally, it is used by website owners to build, update and maintain websites. IT provides an easier way to download, upload, and transfer files from one system to another over the internet. In this article we will look at how to install FTP Server on Ubuntu 20.04.
There are many open-source FTP servers available for Linux including, ProFTPD, vsFTPD, and PureFTPD. Among them, vsFTPD is a fast, stable and secure FTP server. It helps to make files more accessible with a more friendly interface than FTP applications.
Features of vsFTPD
- Virtual users
- Bandwidth throttling
- Per-source-IP limits
- Per-source-IP configurability
- Encryption support through SSL integration
- Standalone or inetd operation
- Virtual IP configurations
In this post, we will show you how to set up an FTP server with vsFTPD and secure it with SSL on Ubuntu 20.04.
By default, the vsFTPD package is included in the Ubuntu operating system. You can install it by just running the following command:
apt-get install vsftpd -y
Once the vsFTPD package is installed, start the vsFTPD service and enable it to start after system reboot:
systemctl start vsftpd systemctl enable vsftpd
You can now verify the status of the vsFTPD using the command below:
systemctl status vsftpd
● vsftpd.service - vsftpd FTP server Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-08-24 06:01:30 UTC; 6s ago Main PID: 1116 (vsftpd) Tasks: 1 (limit: 2353) Memory: 620.0K CGroup: /system.slice/vsftpd.service └─1116 /usr/sbin/vsftpd /etc/vsftpd.conf Aug 24 06:01:30 ubuntuhost systemd: Starting vsftpd FTP server... Aug 24 06:01:30 ubuntuhost systemd: Started vsftpd FTP server.
By default, vsFTPD listens on port 21. You can check it using the following command:
ss -antpl | grep vsftpd
LISTEN 0 32 *:21 *:* users:(("vsftpd",pid=1116,fd=3))
The vsFTPD server default configuration file is located at /etc/vsftpd.conf. You will need to edit this file in order to configure a fully-functional FTP server.
First, uncomment and change the following lines to allow access to the FTP server only to the local users:
Uncomment and change the following line to grant upload and remove file permission:
Uncomment and change the following line to prevent local FTP users to access files outside of their home directories.
Uncomment and change the following line to enable passive FTP connections.
Uncomment or add the following lines to configure vsftpd to permit only certain users to log in.
userlist_enable=YES userlist_file=/etc/vsftpd.user_list userlist_deny=NO
Save and close the file then restart the vsFTPD service to apply the configuration changes:
systemctl restart vsftpd
Create FTP User
Next, you will need to create a user to test the FTP server. To create a new user named ftpuser, run the following command:
Set the ftpuser password as shown below:
Adding user `ftpuser' ... Adding new group `ftpuser' (1000) ... Adding new user `ftpuser' (1000) with group `ftpuser' ... Creating home directory `/home/ftpuser' ... Copying files from `/etc/skel' ... New password: Retype new password: passwd: password updated successfully Changing the user information for ftpuser Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] Y
Next, add ftpuser to the allowed FTP users list:
echo ftpuser > /etc/vsftpd.user_list
Next, create some files inside the ftpuser home directory and set proper ownership:
touch /home/ftpuser/file1.xtx touch /home/ftpuser/file2.xtx chown -R ftpuser:ftpuser /home/ftpuser/
Finally, restart the vsFTPD service using the following command:
systemctl restart vsftpd
Configure UFW Firewall
If the UFW firewall is installed and configured in your system then you will need to allow FTP ports 20, 21, 30000-31000 and OpenSSH port 22 through the UFW.
You can allow all ports using the following command:
ufw allow OpenSSH ufw allow 20:21/tcp ufw allow 30000:31000/tcp
Next, run the following command to reload the firewall:
ufw disable ufw enable
You can now check the status of the firewall using the following command:
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 20:21/tcp ALLOW Anywhere 30000:31000/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 20:21/tcp (v6) ALLOW Anywhere (v6) 30000:31000/tcp (v6) ALLOW Anywhere (v6)
Test FTP Server
At this point, the vsFTPD server is installed and configured. Now, its time to test it from the remote machine.
Test Using CLI Method
Log in to the remote Linux machine, open your command line terminal and run the following command to connect the FTP server:
You will be asked to provide FTP user and password as shown below:
Connected to 184.108.40.206. 220 (vsFTPd 3.0.3) Name (220.127.116.11:vyom): ftpuser 331 Please specify the password. Password:
After the successful authentication, you should get an FTP shell:
230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>
Now, run the following command to list all files on the FTP server:
You should see all files located on the FTP server in the following output:
200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 1000 1000 0 Aug 24 06:10 file1.xtx -rw-r--r-- 1 1000 1000 0 Aug 24 06:10 file2.xtx 226 Directory send OK. ftp>
Note: 18.104.22.168 is the IP address of the FTP server.
Test Using GUI Method
On the remote Linux machine, open the file manager, press CTRL + L, type the URL ftp://22.214.171.124 and hit Enter as shown below:
You should see the FTP connection configuration screen:
Provide your FTP username, password and click on the Connect button. Once you are connected to the FTP server. You should see the following screen:
Secure FTP with SSL/TLS
It is a good idea to secure the FTP transmissions using SSL/TLS. To do so, you will need to generate an SSL certificate and configure the vsFTPD server to use it. Here, we will generate a self-signed SSL certificate.
You can generate a self-signed SSL certificate using the following command:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
Provide all required information as shown below:
Generating a RSA private key .....+++++ ....................................................................................................................................................................................................................+++++ writing new private key to '/etc/ssl/private/vsftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:GUJ Locality Name (eg, city) :JND Organization Name (eg, company) [Internet Widgits Pty Ltd]:IT Organizational Unit Name (eg, section) :IT Common Name (e.g. server FQDN or YOUR name) :server Email Address :firstname.lastname@example.org
Next, edit the vsFTPD main configuration file and define your SSL certificate path:
Add or Change the following lines:
ssl_enable=YES rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_ciphers=HIGH
Save and close the file then restart the vsFTPD service to apply the changes:
systemctl restart vsftpd
Verify Secure FTP Connection
After installing FileZilla, launch the FileZilla client as shown below:
Click on the Site Manager to create a new FTP connection as shown below:
Provide your FTP server IP, Port, Protocol, Username, and click on the Connect button. You will be asked to provide a password for the FTP server:
Provide your FTP password and click on the OK button. You should see the SSL certificate warning screen:
Check “Always trust certificate in future sessions” and click on the OK button. Once you are connected, you should see the FTP server content on the right side of the screen:
In the above guide, we explained how to set up an FTP server with vsFTPD on Ubuntu 20.04. We also explained how to secure an FTP connection with SSL/TLS and also verify the FTP from the remote machine. I hope you can now easily set up your own FTP server easily.