Install and Configure VSFTPD on Ubuntu 20.04 | 18.04
This brief tutorial shows students and new users how to install a FTP server using VSFTPD on Ubuntu 20.04 | 18.04.
FTP protocol is one of the easiest ways to transfer files between a server and client computers however, it’s inherently insecure in its standard form.
There many open source FTP server available on Linux systems, including Ubuntu. There’s ProFTPd, PureFTPD, VSFTPD, etc.
This post shows you how to setup FTP with VSFTPD (Very Secure Ftp Daemon).
Although this post is tested on Ubuntu 20.04, it should also apply to other versions of Ubuntu and most Linux systems.
To get started with installing and configuring VSFTPD, follow the steps below:
Step 1: Install VSFTPD
To install VSFTPD on Ubuntu, run the commands below.
sudo apt update sudo apt-get install vsftpd
After installing VSFTPD, the commands below can be used to stop, start and enable the server service to always start up when the server boots…
sudo systemctl stop vsftpd.service sudo systemctl start vsftpd.service sudo systemctl enable vsftpd.service
After installing, you can check VSFTPD status by running the commands below:
sudo systemctl status vsftpd
That should display similar lines as shown below:
vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-05-17 17:57:40 CDT; 17s ago
Main PID: 2916 (vsftpd)
Tasks: 1 (limit: 4657)
Memory: 584.0K
CGroup: /system.slice/vsftpd.service
└─2916 /usr/sbin/vsftpd /etc/vsftpd.conf
May 17 17:57:40 ubuntu2004 systemd[1]: Starting vsftpd FTP server...
May 17 17:57:40 ubuntu2004 systemd[1]: Started vsftpd FTP server.
Step 2: Configuring VSFTPD
After installing the server, you’ll find its main configuration file at /etc/vsftpd.conf. Many of the settings you’ll configured are well documented in there.
Run the commands below to open its main configuration file.
sudo nano /etc/vsftpd.conf
Than, begin enabling settings that suit your environment.
1. FTP access
By default, FTP access is granted to anonymous user only. To grant access to local users only, change the line in the file to match the settings below:
anonymous_enable=NO local_enable=YES
To allow local users to upload to the FTP server, and only give them access to upload to their home folders, edit the lines below:
write_enable=YES chroot_local_user=YES allow_writeable_chroot=YES
Continue below for more configurations.
2. Users restrictions
If you don’t want all local users with account on the system to upload file, then you can limit access to only users that are on the allowed list.
This option only allow users who are explicitly specified in the file.
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO
Continue below for more configurations
3. Secure with SSL certificates
If you want to provide encrypted FTP file transmission, you’ll need to include SSL certificates with your setup.
You can use existing certificates or create self-signed.
For self-signed certificates, run the commands below:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
The commands will generate self-signed certificate files you can use in your configuration.
Open VSFTPD default configuration file again and add the lines below referencing the certificates files above.
rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES
That should encrypt file transmission to the server.
At this point, your configuration file should look similar to the one below:
listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES user_sub_token=$USER local_root=/home/$USER/ftp userlist_enable=YES userlist_file=/etc/vsftpd.user_list userlist_deny=NO
Save your changes and restart the server.
sudo systemctl restart vsftpdContinue configuring.
4. Setup FTP homes
When adding new FTP users, simply create their FTP folders and add them to the file to allow access to the server.
udo mkdir -p /home/username/ftp/upload sudo chmod 550 /home/username/ftp sudo chmod 750 /home/username/ftp/upload sudo chown -R username: /home/username/ftp
Replace username with the actual user account name.
Then add the users to the allowed list.
echo "username" | sudo tee -a /etc/vsftpd.user_list
Step 3: Access VSFTPD FTP Server
Now grab your favorite FTP client (FileZilla) and setup a new site in your site manage and use FTP protocol with encryption with explicit FTP over TLS… Type your username and password and connect.
You should be prompted with a certificate… accept the certificate and continue. You may check the box at the bottom of the page to trusted the certificate so you don’t get prompted in the future…
You should now be transferring files securely via SSL/TLS.
That’s it!
Conclusion:
This post showed you how to install and configure VSFTPD FTP server on Ubuntu 20.04 | 18.04. If you find any error above, please use the comment form below to report.
Thanks,
You may also like the post below:
I am getting this error
GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received.
Error: Could not read from socket: ECONNABORTED – Connection aborted