How To Install an FTP Server On Ubuntu with vsftpd

Introduction

If you’re looking to install an FTP server on Ubuntu, you can’t beat the simplicity of vsftpd

.

FTP stands for File Transfer Protocol. It is similar to HTTP (Hypertext Transfer Protocol) in that it specifies a language for transferring data over a network. FTP is not encrypted by default, so by itself, it is not a good choice for secure data transmission.

This guide will help you install and configure an FTP server with vsftpd on Ubuntu.

prerequisites

Access to a user account with sudo privileges Access to a terminal

  • /command line window (Ctrl-Alt-T)
  • The apt package manager

  • , included by default
  • Step 1: Update system packages Start by updating your repositories: Enter the following in a terminal window:

  • sudo
  • apt update The system proceeds

to update the repositories.

Step 2: Install

vsftpd Server on Ubuntu A common open source FTP utility used in Ubuntu

is vsftpd. It is recommended for its ease of use.

1. To install vsftpd

, enter the command: sudo apt install vsftpd

This is an example of the output in Ubuntu

. 2. To start the

service and enable it at startup, run the commands

: sudo systemctl start vsftpd sudo systemctl enable vsftpd

Step 3: Back up

the configuration files

Before making any changes, be sure to back up the configuration files

. 1. Create a

backup copy of the default configuration file by entering

the following: sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_default Step 4: Create FTP User

Create

a new

FTP user with the following commands

: sudo useradd -m testuser sudo passwd testuser

The system should prompt you to create a password for the new testuser account.

Step 5: Configure the firewall to allow

FTP traffic

If you are using UFW that comes standard with Ubuntu, it will block FTP traffic by default. Enter the following commands to open ports 20 and 21 for FTP traffic: sudo ufw allow 20/tcp sudo ufw allow 21/tcp

Step 6: Connect to Ubuntu FTP Server

Connect

to FTP server

with the following command: sudo ftp

ubuntu-ftp Replace ubuntu-ftp with your system name (taken from the command line).

Log in with the testuser Account and password you just set. You should now have successfully logged into your FTP server.

Configuring and securing Ubuntu vsftpd

server

Change

default directory By default, the

FTP server uses the /srv/ftp directory as the default directory. You can change this by creating a new directory and changing the FTP user’s home directory.

To change the FTP home directory, type the following

: sudo mkdir /srv/ftp/new_location sudo usermod -d /srv/ftp/new_location ftp Restart the vsftpd service to apply the changes: sudo systemctl restart

vsftpd.service

Now, you can put any file you want to share via FTP in the /srv/ftp folder (if you left it as default), or the /srv/ftp/new_location/ directory (if you have changed it).

Authenticate

FTP users

If you want to allow authenticated users to upload files, edit the vsftpd.conf file by entering the following: sudo nano /etc/vsftpd.conf

Find the entry labeled write_enable=NO and change the value to “YES”. Save

the

file, exit, and then restart

the FTP service with the following: sudo systemctl restart vsftpd.service

This allows the user to make changes within their home directory

. FTP

Protection

Numerous exploits take advantage of unsecured FTP servers. In response, there are several configuration options in vsftpd.conf that can help secure your FTP server.

Limit user access

One method is to limit users to their home directory. Open

vsftpd.conf in an editor and uncomment the following command: chroot_local_user=YES

Here is an example of the nano

file: Create a user list file To create a list

file

, edit /

etc/vsftpd.chroot_list and add one user per line

. instruct

your ftp server to limit this list of users to their own home directories by editing vsftpd.conf: chroot_local_user=YES chroot_list_file=/etc/vsftpd.chroot_list The image illustrates the edits that were made: Restart the vsftpd service: sudo systemctl Restart vsftpd.service

By

default, the list of users blocked from FTP access is stored in /etc/ftpusers . To add blocked users, edit this file and add one user per line.

Encrypt traffic with FTPS

Another method to protect your FTP server is to encrypt traffic. This is done by using FTPS – File Transfer Protocol over SSL (Secure Socket Layer).

For this to work, users must be configured with a shell account on the FTP server. This will add a layer of strong encryption to your FTP traffic.

1. Start by creating a new certificate with openssl. To do this, run the command

: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

2. Provide the necessary information when prompted, or maintain the default settings by pressing Enter.

3. Next, open your vsftpd.conf file in an editor and change the line ssl_enable = NO to ssl_enable = YES: ssl_enable = YES

4. Then add the following lines: rsa_cert_file=

/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH pasv_min_port=40000 pasv_max_port=50000

5. Save your changes and exit the file.

6. Finally, restart the service

to apply the changes:

sudo systemctl restart vsftpd.service

Conclusion

Now, you should have installed an FTP server on Ubuntu with vsftpd

.

You should now be able to set up your user and account lists, and connect to your new FTP server. We also detail the risks of the FTP protocol and how to mitigate them.