There is a new version of this tutorial available for Ubuntu 22.04 (Jammy Jellyfish).

Install and Configure VSFTPD server on Ubuntu 18.04 LTS

Vsftpd also known as a very secure FTP daemon is an FTP server for Unix-like systems. FTP is most widely used standard network protocol used for uploading/downloading files between two computers over a network. By default, FTP is insecure because it transmits data together with user credentials without encryption.

In this tutorial, we will learn how to install Vsftpd with SSL/TLS support on Ubuntu 18.04 server.

Requirements

  • A server running Ubuntu 18.04.
  • A non-root user with sudo privileges.
  • Static IP address 192.168.0.102 is configured.

Install Vsftpd

By default, Vsftpd is available in Ubuntu 18.04 default repository. So you can easily install it by just running the following command:

sudo apt-get install vsftpd -y

Once Vsftpd is installed, start Vsftpd service and enable it to start on boot time:

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

Create Directory Structure for FTP

Before starting, you will need to create a user for FTP access.

You can create a user with the following command:

sudo adduser vsftp

Next, create ftp directory and set ownership with the following command:

sudo mkdir /home/vsftp/ftp
sudo chown nobody:nogroup /home/vsftp/ftp
sudo chmod a-w /home/vsftp/ftp

Next, create a directory where files can be uploaded and give ownership to vsftp user:

sudo mkdir /home/vsftp/ftp/test
sudo chown vsftp:vsftp /home/vsftp/ftp/test

Configure Vsftpd

Next, you will need to perform some configurations to setup FTP server.

First, create a backup of original config file:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

Next, open the vsftpd.conf file:

sudo nano /etc/vsftpd.conf

Add the following lines:

 listen=NO
 listen_ipv6=YES
 anonymous_enable=NO
 local_enable=YES
 write_enable=YES
 local_umask=022
 dirmessage_enable=YES
 use_localtime=YES
 xferlog_enable=YES
 connect_from_port_20=YES
 chroot_local_user=YES
 secure_chroot_dir=/var/run/vsftpd/empty
 pam_service_name=vsftpd
 pasv_enable=Yes
 pasv_min_port=10000
 pasv_max_port=11000
 user_sub_token=$USER
 local_root=/home/$USER/ftp
 userlist_enable=YES
 userlist_file=/etc/vsftpd.userlist
 userlist_deny=NO

Save and close the file. You can change the above configuration according to your needs.

Next, you will also need to add vsftp user to /etc/vsftpd.userlist file to allow FTP access:

sudo nano /etc/vsftpd.userlist

Add the following line:

vsftp

Save and close the file, then restart Vsftpd service to apply these changes:

sudo systemctl restart vsftpd

Now, open your web browser and type the URL ftp://192.168.0.102, you will be asked to enter username and password to access FTP.  Enter your vsftp username and password, then click on the Ok button. You should see the following page:

Access server by FTP

Secure Vsftpd using SSL/TLS

Next, you will need to enable SSL/TLS to encrypt the data transferred via FTP.

To do so, you will need to create a certificate for that. You can create a certificate using OpenSSL using the following command:

sudo mkdir /etc/cert
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem

Next, you will need to modify vsftpd.conf file and make some changes:

sudo nano /etc/vsftpd.conf

Add the following lines:

rsa_cert_file=/etc/cert/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Save the file, then restart Vsftpd using the following command:

sudo systemctl restart vsftpd

Access FTP over SSL/TLS

You can not access your FTP server over SSL/TLS through browser. So, you will need to install FileZilla FTP client to access your FTP server. Because FileZilla supports FTP over SSL/TLS.

You can install FileZilla client using the following command:

sudo apt-get install filezilla -y

Once the FileZilla is installed, open it from your Unity dash. You should see the following image:

FileZilla FTP Client

Now, click on the File>Sites Manager. You should see the following image:

Add site in FileZilla

Here, add New site and provide the host/site name, add the IP address, define the protocol to use, encryption and logon type. Then click on the Connect button. You should see the following image:

Accept SSL certificate

Now, verify the certificate being used for the SSL/TLS connection, and click OK once more to connect to the FTP server. You should see your FTP server contents in the following page:

FTP connection to Vsftpd server established

Share this page:

Suggested articles

11 Comment(s)

Add comment

Comments

By: Gabriel

Please edit this line:

"Now, open your web browser and type the URL ftp://92.168.0.102"

to:

"Now, open your web browser and type the URL ftp://192.168.0.102"

 

thanks for this tutorial

By: freesoul

Access ftp over TLS/SSL doesn't work for me.. ECONNREFUSED by the server (filezilla)

By: freesoul

Error GnuTLS -15 in gnutls_record_recv: An unexpected TLS packet was received.

 

By: Rafael Romero

Excellent tutorial. Thanks

By: amir

it's working for mac user ?

By: amir

can i access it by finder on mac ?i want to make ftp server for mac user, can this tutorial makeit happen ?

By: Yvette

Just tell me how I can use Filezilla to access root, when using vsftpd.

I have already removed 'root' from ftpusers, and changed userlist_deny=YES in the conf,      and changed to  chroot_local_user=YES

 

By: FREES

What do u men by configure static ip to 192.168.0.102. how do to this

By: till

See here for installing an Ubuntu server with a static IP: https://www.howtoforge.com/tutorial/ubuntu-lts-minimal-server/

By: Piciu

Why i must change:

sudo chown nobody:nogroup /home/vsftp/ftpsudo chmod a-w /home/vsftp/ftp

I want to be able to modify all 'ftp' directory, not only 'test' directory. Can you explain me this?

 

By: Raph

the portion related to acess over SSL/TLS has an error somewhere for Ubuntu 20.04. I constantly get the error after the vsftpd.conf file    (code=exited, status=2). I saw some articles about PAM service being a problem. But I don't really understand. Anyone face this problem?