Install and Configure VSFTPD server on Ubuntu 18.04 LTS
This tutorial exists for these OS versions
- Ubuntu 22.04 (Jammy Jellyfish)
- Ubuntu 20.04 (Focal Fossa)
- Ubuntu 18.04 (Bionic Beaver)
On this page
Vsftpd also known as a very secure FTP daemon is an FTP server for Unix-like systems. FTP is most widely used standard network protocol used for uploading/downloading files between two computers over a network. By default, FTP is insecure because it transmits data together with user credentials without encryption.
In this tutorial, we will learn how to install Vsftpd with SSL/TLS support on Ubuntu 18.04 server.
Requirements
- A server running Ubuntu 18.04.
- A non-root user with sudo privileges.
- Static IP address 192.168.0.102 is configured.
Install Vsftpd
By default, Vsftpd is available in Ubuntu 18.04 default repository. So you can easily install it by just running the following command:
sudo apt-get install vsftpd -y
Once Vsftpd is installed, start Vsftpd service and enable it to start on boot time:
sudo systemctl start vsftpd
sudo systemctl enable vsftpd
Create Directory Structure for FTP
Before starting, you will need to create a user for FTP access.
You can create a user with the following command:
sudo adduser vsftp
Next, create ftp directory and set ownership with the following command:
sudo mkdir /home/vsftp/ftp
sudo chown nobody:nogroup /home/vsftp/ftp
sudo chmod a-w /home/vsftp/ftp
Next, create a directory where files can be uploaded and give ownership to vsftp user:
sudo mkdir /home/vsftp/ftp/test
sudo chown vsftp:vsftp /home/vsftp/ftp/test
Configure Vsftpd
Next, you will need to perform some configurations to setup FTP server.
First, create a backup of original config file:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
Next, open the vsftpd.conf file:
sudo nano /etc/vsftpd.conf
Add the following lines:
listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd pasv_enable=Yes pasv_min_port=10000 pasv_max_port=11000 user_sub_token=$USER local_root=/home/$USER/ftp userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
Save and close the file. You can change the above configuration according to your needs.
Next, you will also need to add vsftp user to /etc/vsftpd.userlist file to allow FTP access:
sudo nano /etc/vsftpd.userlist
Add the following line:
vsftp
Save and close the file, then restart Vsftpd service to apply these changes:
sudo systemctl restart vsftpd
Now, open your web browser and type the URL ftp://192.168.0.102, you will be asked to enter username and password to access FTP. Enter your vsftp username and password, then click on the Ok button. You should see the following page:
Secure Vsftpd using SSL/TLS
Next, you will need to enable SSL/TLS to encrypt the data transferred via FTP.
To do so, you will need to create a certificate for that. You can create a certificate using OpenSSL using the following command:
sudo mkdir /etc/cert
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem
Next, you will need to modify vsftpd.conf file and make some changes:
sudo nano /etc/vsftpd.conf
Add the following lines:
rsa_cert_file=/etc/cert/vsftpd.pem rsa_private_key_file=/etc/cert/vsftpd.pem ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH
Save the file, then restart Vsftpd using the following command:
sudo systemctl restart vsftpd
Access FTP over SSL/TLS
You can not access your FTP server over SSL/TLS through browser. So, you will need to install FileZilla FTP client to access your FTP server. Because FileZilla supports FTP over SSL/TLS.
You can install FileZilla client using the following command:
sudo apt-get install filezilla -y
Once the FileZilla is installed, open it from your Unity dash. You should see the following image:
Now, click on the File>Sites Manager. You should see the following image:
Here, add New site and provide the host/site name, add the IP address, define the protocol to use, encryption and logon type. Then click on the Connect button. You should see the following image:
Now, verify the certificate being used for the SSL/TLS connection, and click OK once more to connect to the FTP server. You should see your FTP server contents in the following page:
