Install and Configure VSFTPD server on Ubuntu 18.04 LTS

Vsftpd also known as a very secure FTP daemon is an FTP server for Unix-like systems. FTP is most widely used standard network protocol used for uploading/downloading files between two computers over a network. By default, FTP is insecure because it transmits data together with user credentials without encryption.

In this tutorial, we will learn how to install Vsftpd with SSL/TLS support on Ubuntu 18.04 server.

Requirements

  • A server running Ubuntu 18.04.
  • A non-root user with sudo privileges.
  • Static IP address 192.168.0.102 is configured.

Install Vsftpd

By default, Vsftpd is available in Ubuntu 18.04 default repository. So you can easily install it by just running the following command:

sudo apt-get install vsftpd -y

Once Vsftpd is installed, start Vsftpd service and enable it to start on boot time:

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

Create Directory Structure for FTP

Before starting, you will need to create a user for FTP access.

You can create a user with the following command:

sudo adduser vsftp

Next, create ftp directory and set ownership with the following command:

sudo mkdir /home/vsftp/ftp
sudo chown nobody:nogroup /home/vsftp/ftp
sudo chmod a-w /home/vsftp/ftp

Next, create a directory where files can be uploaded and give ownership to vsftp user:

sudo mkdir /home/vsftp/ftp/test
sudo chown vsftp:vsftp /home/vsftp/ftp/test

Configure Vsftpd

Next, you will need to perform some configurations to setup FTP server.

First, create a backup of original config file:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

Next, open the vsftpd.conf file:

sudo nano /etc/vsftpd.conf

Add the following lines:

 listen=NO
 listen_ipv6=YES
 anonymous_enable=NO
 local_enable=YES
 write_enable=YES
 local_umask=022
 dirmessage_enable=YES
 use_localtime=YES
 xferlog_enable=YES
 connect_from_port_20=YES
 chroot_local_user=YES
 secure_chroot_dir=/var/run/vsftpd/empty
 pam_service_name=vsftpd
 pasv_enable=Yes
 pasv_min_port=10000
 pasv_max_port=11000
 user_sub_token=$USER
 local_root=/home/$USER/ftp
 userlist_enable=YES
 userlist_file=/etc/vsftpd.userlist
 userlist_deny=NO

Save and close the file. You can change the above configuration according to your needs.

Next, you will also need to add vsftp user to /etc/vsftpd.userlist file to allow FTP access:

sudo nano /etc/vsftpd.userlist

Add the following line:

vsftp

Save and close the file, then restart Vsftpd service to apply these changes:

sudo systemctl restart vsftpd

Now, open your web browser and type the URL ftp://92.168.0.102, you will be asked to enter username and password to access FTP.  Enter your vsftp username and password, then click on the Ok button. You should see the following page:

Access server by FTP

Secure Vsftpd using SSL/TLS

Next, you will need to enable SSL/TLS to encrypt the data transferred via FTP.

To do so, you will need to create a certificate for that. You can create a certificate using OpenSSL using the following command:

sudo mkdir /etc/cert
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem

Next, you will need to modify vsftpd.conf file and make some changes:

sudo nano /etc/vsftpd.conf

Add the following lines:

rsa_cert_file=/etc/cert/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Save the file, then restart Vsftpd using the following command:

sudo systemctl restart vsftpd

Access FTP over SSL/TLS

You can not access your FTP server over SSL/TLS through browser. So, you will need to install FileZilla FTP client to access your FTP server. Because FileZilla supports FTP over SSL/TLS.

You can install FileZilla client using the following command:

sudo apt-get install filezilla -y

Once the FileZilla is installed, open it from your Unity dash. You should see the following image:

FileZilla FTP Client

Now, click on the File>Sites Manager. You should see the following image:

Add site in FileZilla

Here, add New site and provide the host/site name, add the IP address, define the protocol to use, encryption and logon type. Then click on the Connect button. You should see the following image:

Accept SSL certificate

Now, verify the certificate being used for the SSL/TLS connection, and click OK once more to connect to the FTP server. You should see your FTP server contents in the following page:

FTP connection to Vsftpd server established

Share this page:

Suggested articles

0 Comment(s)

Add comment